Thread: Going to reformat unless help arrives
View Single Post
Old 07-01-2009, 08:01 AM   #1 (permalink)
rspatch
Registered User
 
Join Date: Jun 2009
Posts: 8
OS: xp pro


Going to reformat unless help arrives
I picked up something/s kinda nasty along the way. When I first boot up I get MULTIPLE windows from symantec stating "scanning message" starting in the lower right corner of the screen. Then another window in the center of the screen, also from symantec, telling me either "the connection to server failed, email unable to be sent", or "connection to server has failed". these windows appear and reappear as I keep closing them. After about a hundred of these pop ups, they just seem to stop, and I left with about 40 to 50 envelope icons in my task bar, which go away by just running the mouse over them. When those are gone you would never know I had a problem. I no longer see them until I reboot. When this first started I was also getting multiple web pages appearing (that I wasn't opening) and I was also getting a window stating I needed to update one of my Adobe products. (wasn't sure if that one was legitimate)? After running multiple spyware products I seem to have gotten rid of the last two issues and am only left with the email problem. I was thinking it was about time to reformat and start with a clean slate but just not ready to take on that task again.
Any help would be appreciated.
I almost forgot, I am getting a lot of various apps "encoutered a problem and needs to close" windows. Nt sure if related.
I am running xp pro, service pack 3 with symantec antivirus, ( I do an update and virus scan once a week)


DDS (Ver_09-06-26.01) - NTFSx86
Run by Rick at 23:20:06.39 on Tue 06/30/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1181 [GMT -7:00]

AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Documents and Settings\Rick\obrfkm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
"C:\WINDOWS\system32\svchost.exe"
"C:\WINDOWS\system32\svchost.exe"
"C:\WINDOWS\system32\svchost.exe"
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Rick\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\documents and settings\rick\obrfkm.exe \s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: IEHlprObjClass: {ce7c3cf0-4b15-11d1-abed-709549c10000} - c:\program files\kensington\mouseworks\IE_KMW.DLL
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus Photo RX580 Series] "c:\windows\system32\spool\drivers\w32x86\3\e_fatibpa.exe" /fu "c:\docume~1\rick\locals~1\temp\E_SE.tmp" /EF "HKCU"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ColdWare] "c:\windows\msb.exe"
uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"
uRunOnce: [Shockwave Updater] "c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE" -Update -1103472 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10" -"http://www.iwon.com/modules/launchGame/games/includes/blockDotGameIFrame.jhtml?categoryId=1&gameId=531&browser=FF"
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /install
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SigmatelSysTrayApp] "sttray.exe"
mRun: [kmw_run.exe] kmw_run.exe
mRun: [<NO NAME>]
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] "c:\progra~1\symant~1\VPTray.exe"
mRun: [Ad-Watch] "c:\program files\lavasoft\ad-aware\AAWTray.exe"
mRun: [eimq] "c:\windows\system32\eimq.exe" \u
mRun: [MSWheel]
StartupFolder: c:\docume~1\rick\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\e_spsu01.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SPSU01.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SubSystems: Windows = baselid32

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rick\applic~1\mozilla\firefox\profiles\z1aylvvj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com/
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=WBR&o=13993&locale=en_US&q=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-5 64160]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2009-2-27 11264]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-6-9 255096]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-6-9 242808]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-16 210216]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-8-2 1267024]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-4-21 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-6-25 1205760]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090627.006\naveng.sys [2009-6-28 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090627.006\navex15.sys [2009-6-28 876144]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-6-9 87160]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-11-18 7808]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-8-2 173392]

=============== Created Last 30 ================

2009-06-29 18:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-06-29 18:02 <DIR> --d----- c:\program files\PC Drivers HeadQuarters
2009-06-29 17:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DriverScanner
2009-06-29 17:27 <DIR> --d----- c:\program files\Uniblue
2009-06-29 17:27 <DIR> --d----- c:\docume~1\rick\applic~1\Uniblue
2009-06-29 17:26 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-06-27 09:22 <DIR> --d----- c:\program files\common files\Real
2009-06-27 09:20 <DIR> --d----- c:\program files\V CAST Music with Rhapsody
2009-06-27 09:12 <DIR> --d----- c:\program files\LG Electronics
2009-06-27 03:01 <DIR> --d----- c:\program files\MSXML 4.0
2009-06-26 08:05 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-06-26 08:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-06-26 07:41 <DIR> --d----- c:\program files\SpyZooka
2009-06-26 07:40 <DIR> --d----- c:\docume~1\rick\applic~1\GetRightToGo
2009-06-25 17:34 <DIR> --d----- c:\program files\Ask.com
2009-06-25 17:33 <DIR> --d----- c:\program files\MSSOAP
2009-06-25 17:31 1,563,008 a------- c:\windows\WRSetup.dll
2009-06-25 17:31 <DIR> --d----- c:\docume~1\rick\applic~1\Webroot
2009-06-25 17:31 <DIR> --d----- c:\program files\Webroot
2009-06-25 17:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Webroot
2009-06-25 17:29 164 a------- c:\windows\install.dat
2009-06-25 05:26 <DIR> --d----- c:\program files\TuneUp Utilities 2006
2009-06-25 05:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software
2009-06-25 05:25 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-06-24 09:58 29,696 a------- c:\windows\system32\eimq.exe
2009-06-24 09:58 29,696 ----h--- c:\documents and settings\rick\obrfkm.exe
2009-06-10 22:27 <DIR> --d----- c:\program files\iPod
2009-06-10 22:27 <DIR> --d----- c:\program files\iTunes
2009-06-10 22:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-10 22:01 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-03 09:14 <DIR> --d----- c:\documents and settings\rick\.thumbnails
2009-06-03 09:01 <DIR> --d----- c:\documents and settings\rick\.gimp-2.6
2009-06-03 09:01 <DIR> --d----- c:\documents and settings\rick\.gegl-0.0
2009-06-03 08:57 <DIR> --d----- c:\program files\GIMP-2.0

==================== Find3M ====================

2009-06-30 23:14 7,304 a------- c:\windows\TMP0001.TMP
2009-06-10 22:01 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-26 10:41 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-16 23:39 81,102 a------- c:\windows\system32\ffdshow.reg
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-05 10:39 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-01 11:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 21:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 23:21:19.62 ===============
Last edited by rspatch; 07-01-2009 at 08:03 AM. Reason: Forgot another symptom
rspatch is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here