Start-up errors after four steps finished

mdmfcook · 08-26-2007, 07:10 AM

I have completed the four basic clean-up steps but am seeing many error messages at start up. I assume they may be due to deleted files etc.

Errors inclued: many "RUNDLL" error boxes, "DESKTOP cannot load or find" error boxes, one WJView error, and one WINDOWS cannot find error.

Otherwise system "seems" in fairly good shape, running faster than before with no popups. I just need to see if there is more to do. Thanks
--------------------------------------

Deckard's System Scanner v20070819.64
Run by MIKE WHITE on 2007-08-25 19:52:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2007-08-25 23:52:17 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 126 MiB (512 MiB recommended).

-- HijackThis (run as MIKE WHITE.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:56:23 PM, on 8/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\crig.exe
C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\apibq32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\MIKE WHITE\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MIKE WHITE.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.startium.com/metasearch.php?dst=DIST1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\avscc.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fnbxx.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fnbxx.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: load=????, ?
F3 - REG:win.ini: run=????, ?
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: Class - {1E09A367-5B7D-66F4-0E18-4FBCCE2A8EB3} - C:\WINDOWS\crzf32.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O2 - BHO: Class - {C894B059-CEE7-1741-7C08-266F6BEF1A2D} - C:\WINDOWS\apiqw32.dll
O2 - BHO: (no name) - {E5AD27E7-347D-8A47-347A-FBD83901DD61} - C:\WINDOWS\javaom32.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn2\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin]
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain
O4 - HKLM\..\Run: [WebScan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Tapicfg.exe] C:\WINDOWS\System32\tapicfg.exe
O4 - HKLM\..\Run: [Syscpy] C:\WINDOWS\System32\syscpy.exe
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe
O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINDOWS\System32\msiefr40.dll,DllRunServer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\System32\msbb.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [IPXA] C:\WINDOWS\IPXA.exe
O4 - HKLM\..\Run: [Explkw] C:\WINDOWS\System32\expup.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] wjview /cp:p "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker"
O4 - HKLM\..\Run: [EanthologyApp] C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE /b Startup
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [CJPWCJ] C:\WINDOWS\CJPWCJ.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\Run: [apibq32.exe] C:\WINDOWS\apibq32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [absr] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Zvbyl.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Iotn] C:\Documents and Settings\MIKE WHITE\Application Data\urod.exe
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\MIKE WHITE\HXIUL.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\MIKE WHITE\Client\HelpExp.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ContentService] C:\WINDOWS\System32\winservn.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm238YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install...ad/tgctlcm.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A343C209-9930-4FA3-84B6-4CE697EC3F5A} (TSGVClientObj Class) - http://remote.dellfix.com/472/User/CybTech.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab
O19 - User stylesheet: C:\WINDOWS\Web\win.def (file missing)
O19 - User stylesheet: C:\WINDOWS\default.css (file missing) (HKLM)
O22 - SharedTaskScheduler: curdler - {bd0fc212-0a36-4232-83cc-2063fb9282e0} - C:\WINDOWS\system32\qzviz.dll (file missing)
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\crig.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O24 - Desktop Component 0: (no name) - http://us.f534.mail.yahoo.com/ym/Sho...a&head=b&Idx=0

--
End of file - 9881 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 SbcpHid - c:\windows\system32\drivers\sbcphid.sys

S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 Jukebox3 - c:\windows\system32\drivers\ctpdusb.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Machine Debug Manager
Device ID: ROOT\LEGACY_MDM\0000
Manufacturer:
Name: Machine Debug Manager
PNP Device ID: ROOT\LEGACY_MDM\0000
Service:

Class GUID:
Description: Windows User Mode Driver Framework
Device ID: ROOT\LEGACY_UMWDF\0000
Manufacturer:
Name: Windows User Mode Driver Framework
PNP Device ID: ROOT\LEGACY_UMWDF\0000
Service:

-- Files created between 2007-07-25 and 2007-08-25 -----------------------------

2007-08-25 19:53:56 0 d-------- C:\Program Files\Trend Micro
2007-08-25 18:16:48 0 d-------- C:\Program Files\MSXML 4.0
2007-08-25 17:47:55 0 d-------- C:\ie-spyad_zo
2007-08-25 17:42:05 0 d-------- C:\Program Files\SpywareBlaster
2007-08-25 14:31:10 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-25 14:17:18 0 d-------- C:\Program Files\CyberScrub
2007-08-17 07:03:27 86719 --a------ C:\WINDOWS\crzf32.dll
2007-07-27 06:34:38 11895 --a------ C:\WINDOWS\system32\sdkuk32.exe

-- Find3M Report ---------------------------------------------------------------

2007-08-25 18:31:02 0 d-------- C:\Program Files\Video ActiveX Object
2007-08-25 13:55:16 0 d-a------ C:\Program Files\Common Files
2007-08-25 13:05:03 0 d-------- C:\Program Files\Creative
2007-08-25 12:46:34 0 d-------- C:\Program Files\InstallShield Installation Information
2007-08-25 12:32:32 0 d-------- C:\Program Files\Sony
2007-08-25 12:28:23 0 d-------- C:\Program Files\Screensavers.com
2007-08-25 12:28:14 0 d-------- C:\Program Files\Real
2007-08-25 12:28:14 0 d-------- C:\Program Files\Common Files\Real
2007-08-25 12:27:51 0 d-------- C:\Documents and Settings\MIKE WHITE\Application Data\Real
2007-08-25 12:27:10 0 d-------- C:\Program Files\QUICKENW
2007-08-25 12:24:15 0 d-------- C:\Program Files\Dell Computer
2007-08-25 12:04:46 0 d-------- C:\Program Files\Kodak
2007-08-25 11:39:54 0 d-------- C:\Program Files\CA
2007-08-25 11:38:46 0 d--h----- C:\Documents and Settings\MIKE WHITE\Application Data\GTek
2007-08-25 11:09:34 0 d-------- C:\Program Files\Britannica
2007-08-25 11:09:00 0 d-------- C:\Documents and Settings\MIKE WHITE\Application Data\Aim
2007-08-25 11

35 0 d-------- C:\Program Files\Common Files\Adobe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E09A367-5B7D-66F4-0E18-4FBCCE2A8EB3}]
08/17/2007 07:03 AM 86719 --a------ C:\WINDOWS\crzf32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C894B059-CEE7-1741-7C08-266F6BEF1A2D}]
12/12/2005 05:42 PM 86719 --a------ C:\WINDOWS\apiqw32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5AD27E7-347D-8A47-347A-FBD83901DD61}]
C:\WINDOWS\javaom32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WildTangent CDA"="C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll" []
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [04/07/2003 01:19 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [04/07/2003 01:07 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" []
"My Web Search Bar"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL" []
"MyWebSearch Email Plugin"=" " []
"{2CF0B992-5EEB-4143-99C0-5297EF71F444}"="C:\WINDOWS\System32\stlbdist.DLL" []
"WebScan"="C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" []
"UpdateStats"="C:\Program Files\Media\Media\UpdateStats.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" []
"Tapicfg.exe"="C:\WINDOWS\System32\tapicfg.exe" []
"Syscpy"="C:\WINDOWS\System32\syscpy.exe" []
"stcloader"="C:\WINDOWS\System32\stcloader.exe" []
"slmss"="C:\Program Files\Common Files\slmss\slmss.exe" []
"RunWindowsUpdate"="C:\WINDOWS\uptodate.exe" []
"Rundll32_7"="C:\WINDOWS\System32\msiefr40.dll" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []
"Power Scan"="C:\Program Files\Power Scan\powerscan.exe" []
"Mwsvm"="C:\WINDOWS\mwsvm.exe" []
"msbb"="C:\WINDOWS\System32\msbb.exe" []
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" []
"IST Service"="C:\Program Files\ISTsvc\istsvc.exe" []
"IPXA"="C:\WINDOWS\IPXA.exe" []
"Explkw"="C:\WINDOWS\System32\expup.exe" []
"EbatesMoeMoneyMaker"="wjview /cp:p C:\Program Files\EbatesMoeMoneyMaker\System\Code Main lp: C:\Program Files\EbatesMoeMoneyMaker" []
"EanthologyApp"="C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.exe" []
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" []
"ClrSchLoader"="C:\Program Files\ClearSearch\Loader.exe" []
"CJPWCJ"="C:\WINDOWS\CJPWCJ.exe" []
"CAVRID"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe" []
"CaAvTray"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe" []
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" []
"Bargains"="C:\Program Files\Bargain Buddy\bin\bargains.exe" []
"apibq32.exe"="C:\WINDOWS\apibq32.exe" [11/24/2005 12:41 PM]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" []
"absr"="C:\WINDOWS\mwsvm.exe" []
"2LRX2W83X2T3MQ"="C:\WINDOWS\System32\Zvbyl.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" []
"Iotn"="C:\Documents and Settings\MIKE WHITE\Application Data\urod.exe" []
"HXIUL.EXE"="C:\Program Files\Alset\HelpExpress\MIKE WHITE\HXIUL.EXE" []
"HELPEXP.EXE"="C:\Program Files\Alset\HelpExpress\MIKE WHITE\Client\HelpExp.exe" []
"eZmmod"="C:\PROGRA~1\ezula\mmod.exe" []
"emsw.exe"="C:\WINDOWS\emsw.exe" []
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" []
"ContentService"="C:\WINDOWS\System32\winservn.exe" []

C:\Documents and Settings\MIKE WHITE\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 10:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 10:00:00 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{bd0fc212-0a36-4232-83cc-2063fb9282e0}"= C:\WINDOWS\system32\qzviz.dll [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=2 (0x2)

-- End of Deckard's System Scanner: finished at 2007-08-25 20:00:07 ------------

**Pancake** · 08-27-2007, 05:29 PM

Hi.You have a fair bit of cleaning to do here.You have quite a few nasties.

Download and run Adaware,SpyBot & CWShredder (check for updates) for a preliminary cleanup first.Some files below may not be present after running the above programs.Full instructions below.

How to setup Ad-Aware

Download Ad-Aware
Save aawsepersonal.exe into its own directory, NOT in a TEMPorary folder or on the Desktop. I recommend c:/program files/Adaware/
Doubleclick aawsepersonal.exe. Make sure to direct the program to install in the c:/program files/adaware/ directory, NOT the default directory.
Open AdAware from Start | Programs | Lavasoft | AdAware.
Select <Check for updates now>, <Proceed>
After installation, run the program and click the start button.Then click the next button. This lets ad-aware scan your computer.
After ad-aware is done running, hit the next button. Then right click the area with the listed spy ware objects.Choose the "Select all objects" option.
At this point all the boxes next to the items should be checked. Then hit the next button.
It will ask if you want to delete the selected objects. Hit the Okay button.
Now most of the spyware should have been deleted from your hard drive.

----------------------------------------------------------------------

How to setup Spybot Search & Destroy version 1.4

Download SpyBot
Save spybotsd14.exe into its own directory, NOT in a TEMPorary folder or on the Desktop.
I recommend c:/program files/spybot/
Doubleclick spybotsd14.exe. Make sure to direct the program to install in the c:/program files/spybot/ directory, NOT the default directory.
Open Spybot from Start | Programs | Spybot | Spybot S&D
Select <Search for Updates>. Let it install all updates. This is very important!
Select <Immunize>
Select <Check for Problems>
Check all entries that are in RED. Only RED NOTHING ELSE.
Select <Fix Selected Problems>
Close Spybot//

---------------------------------------------------------------------

How to install and run CWShredder

Download CWShredder
Choose the stand alone version. This is free.
Save cwshredder.exe into its own directory, NOT in a TEMPorary folder or on the DESKTOP.
I recommend, c:/program files/CWShredder/
Close all browsers
Unzip into same directory
Doubleclick CWSInstall.exe
Click <Check for updates> and let it install all updates
Click <Fix>
Click <Next>
Close CWShredder//

After rebooting post a new HJT log.

mdmfcook · 08-27-2007, 09:15 PM

Thanks for the help, below is the log after running Adaware, spybot, cwshredder. System still seems to be running too slow.

-----------------------------------------------------------------------

Deckard's System Scanner v20070819.64
Run by MIKE WHITE on 2007-08-27 23:07:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 88% (more than 75%).
Total Physical Memory: 126 MiB (512 MiB recommended).

-- HijackThis (run as MIKE WHITE.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:56:23 PM, on 8/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\crig.exe
C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\apibq32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\MIKE WHITE\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MIKE WHITE.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.startium.com/metasearch.php?dst=DIST1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\avscc.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fnbxx.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fnbxx.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: load=????, ?
F3 - REG:win.ini: run=????, ?
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: Class - {1E09A367-5B7D-66F4-0E18-4FBCCE2A8EB3} - C:\WINDOWS\crzf32.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O2 - BHO: Class - {C894B059-CEE7-1741-7C08-266F6BEF1A2D} - C:\WINDOWS\apiqw32.dll
O2 - BHO: (no name) - {E5AD27E7-347D-8A47-347A-FBD83901DD61} - C:\WINDOWS\javaom32.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn2\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin]
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain
O4 - HKLM\..\Run: [WebScan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Tapicfg.exe] C:\WINDOWS\System32\tapicfg.exe
O4 - HKLM\..\Run: [Syscpy] C:\WINDOWS\System32\syscpy.exe
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe
O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINDOWS\System32\msiefr40.dll,DllRunServer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\System32\msbb.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [IPXA] C:\WINDOWS\IPXA.exe
O4 - HKLM\..\Run: [Explkw] C:\WINDOWS\System32\expup.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] wjview /cp:p "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker"
O4 - HKLM\..\Run: [EanthologyApp] C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE /b Startup
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [CJPWCJ] C:\WINDOWS\CJPWCJ.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\Run: [apibq32.exe] C:\WINDOWS\apibq32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [absr] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Zvbyl.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Iotn] C:\Documents and Settings\MIKE WHITE\Application Data\urod.exe
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\MIKE WHITE\HXIUL.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\MIKE WHITE\Client\HelpExp.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ContentService] C:\WINDOWS\System32\winservn.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm238YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install...ad/tgctlcm.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A343C209-9930-4FA3-84B6-4CE697EC3F5A} (TSGVClientObj Class) - http://remote.dellfix.com/472/User/CybTech.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab
O19 - User stylesheet: C:\WINDOWS\Web\win.def (file missing)
O19 - User stylesheet: C:\WINDOWS\default.css (file missing) (HKLM)
O22 - SharedTaskScheduler: curdler - {bd0fc212-0a36-4232-83cc-2063fb9282e0} - C:\WINDOWS\system32\qzviz.dll (file missing)
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\crig.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O24 - Desktop Component 0: (no name) - http://us.f534.mail.yahoo.com/ym/Sho...a&head=b&Idx=0

--
End of file - 9881 bytes

-- Files created between 2007-07-27 and 2007-08-27 -----------------------------

2007-08-27 21:53:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-08-27 21:12:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-27 21:10:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-27 19:35:41 0 dr-h----- C:\$VAULT$.AVG
2007-08-27 19:33:27 0 d-------- C:\Documents and Settings\MIKE WHITE\Application Data\AVG7
2007-08-27 19:32:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-08-27 19:31:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-27 19:31:43 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-08-26 18:58:26 0 --a------ C:\WINDOWS\syswh.dll
2007-08-25 19:53:56 0 d-------- C:\Program Files\Trend Micro
2007-08-25 18:16:48 0 d-------- C:\Program Files\MSXML 4.0
2007-08-25 17:47:55 0 d-------- C:\ie-spyad_zo
2007-08-25 17:42:05 0 d-------- C:\Program Files\SpywareBlaster
2007-08-25 14:31:10 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-25 14:17:18 0 d-------- C:\Program Files\CyberScrub
2007-08-22 19:10:51 0 --a------ C:\WINDOWS\appgu32.dll
2007-08-13 20:45:04 0 --a------ C:\WINDOWS\iple32.exe

-- Find3M Report ---------------------------------------------------------------

2007-08-27 21:12:58 0 d-------- C:\Program Files\Lavasoft
2007-08-27 21:10:47 0 d-a------ C:\Program Files\Common Files
2007-08-27 20:21:57 335 --a------ C:\WINDOWS\nsreg.dat
2007-08-25 13:05:03 0 d-------- C:\Program Files\Creative
2007-08-25 12:46:34 0 d-------- C:\Program Files\InstallShield Installation Information
2007-08-25 12:32:32 0 d-------- C:\Program Files\Sony
2007-08-25 12:28:14 0 d-------- C:\Program Files\Real
2007-08-25 12:28:14 0 d-------- C:\Program Files\Common Files\Real
2007-08-25 12:27:51 0 d-------- C:\Documents and Settings\MIKE WHITE\Application Data\Real
2007-08-25 12:27:10 0 d-------- C:\Program Files\QUICKENW
2007-08-25 12:24:15 0 d-------- C:\Program Files\Dell Computer
2007-08-25 12:04:46 0 d-------- C:\Program Files\Kodak
2007-08-25 11:39:54 0 d-------- C:\Program Files\CA
2007-08-25 11:38:46 0 d--h----- C:\Documents and Settings\MIKE WHITE\Application Data\GTek
2007-08-25 11:09:34 0 d-------- C:\Program Files\Britannica
2007-08-25 11:09:00 0 d-------- C:\Documents and Settings\MIKE WHITE\Application Data\Aim
2007-08-25 11

35 0 d-------- C:\Program Files\Common Files\Adobe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E09A367-5B7D-66F4-0E18-4FBCCE2A8EB3}]
C:\WINDOWS\crzf32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C894B059-CEE7-1741-7C08-266F6BEF1A2D}]
C:\WINDOWS\apiqw32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5AD27E7-347D-8A47-347A-FBD83901DD61}]
C:\WINDOWS\javaom32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [04/07/2003 01:19 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [04/07/2003 01:07 AM]
"RunWindowsUpdate"="C:\WINDOWS\uptodate.exe" []
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" []
"IPXA"="C:\WINDOWS\IPXA.exe" []
"2LRX2W83X2T3MQ"="C:\WINDOWS\System32\Zvbyl.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [08/27/2007 07:31 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"emsw.exe"="C:\WINDOWS\emsw.exe" []

C:\Documents and Settings\MIKE WHITE\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 10:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 10:00:00 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{bd0fc212-0a36-4232-83cc-2063fb9282e0}"= C:\WINDOWS\system32\qzviz.dll [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bargains]
C:\Program Files\Bargain Buddy\bin\bargains.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
"C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
"C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CJPWCJ]
C:\WINDOWS\CJPWCJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClrSchLoader]
C:\Program Files\ClearSearch\Loader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
"C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EanthologyApp]
C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE /b Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker]
wjview /cp:p "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eZmmod]
C:\PROGRA~1\ezula\mmod.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HELPEXP.EXE]
C:\Program Files\Alset\HelpExpress\MIKE WHITE\Client\HelpExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HXIUL.EXE]
C:\Program Files\Alset\HelpExpress\MIKE WHITE\HXIUL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iotn]
C:\Documents and Settings\MIKE WHITE\Application Data\urod.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
C:\Program Files\ISTsvc\istsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
????

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Scan]
C:\Program Files\Power Scan\powerscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
????

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rundll32_7]
rundll32.exe C:\WINDOWS\System32\msiefr40.dll,DllRunServer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stcloader]
C:\WINDOWS\System32\stcloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateStats]
C:\Program Files\Media\Media\UpdateStats.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebScan]
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{2CF0B992-5EEB-4143-99C0-5297EF71F444}]
rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=2 (0x2)

-- End of Deckard's System Scanner: finished at 2007-08-27 23:09:30 ------------

**Pancake** · 08-27-2007, 09:46 PM

I think you just posted your original log.I need a new HJT log anfter a reboot please.

mdmfcook · 08-28-2007, 04:31 PM

Sorry here is a copy of the log I just ran (using Deckard's SS) again, after I have ran Adaware, spybot, CWshredder. If it is the same as the scan before I started, I do not know why or how as I erased the first scan txt file completely from you files!

Time stamp is giving the correct current time that I ran the log also!

Deckard's System Scanner v20070819.64
Run by MIKE WHITE on 2007-08-28 17:55:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 126 MiB (512 MiB recommended).

-- HijackThis (run as MIKE WHITE.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:56:23 PM, on 8/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\crig.exe
C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\apibq32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\MIKE WHITE\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MIKE WHITE.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.startium.com/metasearch.php?dst=DIST1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\avscc.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fnbxx.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fnbxx.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: load=????, ?
F3 - REG:win.ini: run=????, ?
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: Class - {1E09A367-5B7D-66F4-0E18-4FBCCE2A8EB3} - C:\WINDOWS\crzf32.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O2 - BHO: Class - {C894B059-CEE7-1741-7C08-266F6BEF1A2D} - C:\WINDOWS\apiqw32.dll
O2 - BHO: (no name) - {E5AD27E7-347D-8A47-347A-FBD83901DD61} - C:\WINDOWS\javaom32.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn2\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin]
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain
O4 - HKLM\..\Run: [WebScan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Tapicfg.exe] C:\WINDOWS\System32\tapicfg.exe
O4 - HKLM\..\Run: [Syscpy] C:\WINDOWS\System32\syscpy.exe
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe
O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINDOWS\System32\msiefr40.dll,DllRunServer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\System32\msbb.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [IPXA] C:\WINDOWS\IPXA.exe
O4 - HKLM\..\Run: [Explkw] C:\WINDOWS\System32\expup.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] wjview /cp:p "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker"
O4 - HKLM\..\Run: [EanthologyApp] C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE /b Startup
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [CJPWCJ] C:\WINDOWS\CJPWCJ.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\Run: [apibq32.exe] C:\WINDOWS\apibq32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [absr] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Zvbyl.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Iotn] C:\Documents and Settings\MIKE WHITE\Application Data\urod.exe
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\MIKE WHITE\HXIUL.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\MIKE WHITE\Client\HelpExp.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ContentService] C:\WINDOWS\System32\winservn.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm238YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install...ad/tgctlcm.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A343C209-9930-4FA3-84B6-4CE697EC3F5A} (TSGVClientObj Class) - http://remote.dellfix.com/472/User/CybTech.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab
O19 - User stylesheet: C:\WINDOWS\Web\win.def (file missing)
O19 - User stylesheet: C:\WINDOWS\default.css (file missing) (HKLM)
O22 - SharedTaskScheduler: curdler - {bd0fc212-0a36-4232-83cc-2063fb9282e0} - C:\WINDOWS\system32\qzviz.dll (file missing)
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\crig.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O24 - Desktop Component 0: (no name) - http://us.f534.mail.yahoo.com/ym/Sho...a&head=b&Idx=0

--
End of file - 9881 bytes

-- Files created between 2007-07-28 and 2007-08-28 -----------------------------

2007-08-27 21:53:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-08-27 21:12:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-27 21:10:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-27 19:35:41 0 dr-h----- C:\$VAULT$.AVG
2007-08-27 19:33:27 0 d-------- C:\Documents and Settings\MIKE WHITE\Application Data\AVG7
2007-08-27 19:32:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-08-27 19:31:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-27 19:31:43 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-08-26 18:58:26 0 --a------ C:\WINDOWS\syswh.dll
2007-08-25 19:53:56 0 d-------- C:\Program Files\Trend Micro
2007-08-25 18:16:48 0 d-------- C:\Program Files\MSXML 4.0
2007-08-25 17:47:55 0 d-------- C:\ie-spyad_zo
2007-08-25 17:42:05 0 d-------- C:\Program Files\SpywareBlaster
2007-08-25 14:31:10 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-25 14:17:18 0 d-------- C:\Program Files\CyberScrub
2007-08-22 19:10:51 0 --a------ C:\WINDOWS\appgu32.dll
2007-08-13 20:45:04 0 --a------ C:\WINDOWS\iple32.exe

-- Find3M Report ---------------------------------------------------------------

2007-08-27 21:12:58 0 d-------- C:\Program Files\Lavasoft
2007-08-27 21:10:47 0 d-a------ C:\Program Files\Common Files
2007-08-27 20:21:57 335 --a------ C:\WINDOWS\nsreg.dat
2007-08-25 13:05:03 0 d-------- C:\Program Files\Creative
2007-08-25 12:46:34 0 d-------- C:\Program Files\InstallShield Installation Information
2007-08-25 12:32:32 0 d-------- C:\Program Files\Sony
2007-08-25 12:28:14 0 d-------- C:\Program Files\Real
2007-08-25 12:28:14 0 d-------- C:\Program Files\Common Files\Real
2007-08-25 12:27:51 0 d-------- C:\Documents and Settings\MIKE WHITE\Application Data\Real
2007-08-25 12:27:10 0 d-------- C:\Program Files\QUICKENW
2007-08-25 12:24:15 0 d-------- C:\Program Files\Dell Computer
2007-08-25 12:04:46 0 d-------- C:\Program Files\Kodak
2007-08-25 11:39:54 0 d-------- C:\Program Files\CA
2007-08-25 11:38:46 0 d--h----- C:\Documents and Settings\MIKE WHITE\Application Data\GTek
2007-08-25 11:09:34 0 d-------- C:\Program Files\Britannica
2007-08-25 11:09:00 0 d-------- C:\Documents and Settings\MIKE WHITE\Application Data\Aim
2007-08-25 11

35 0 d-------- C:\Program Files\Common Files\Adobe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E09A367-5B7D-66F4-0E18-4FBCCE2A8EB3}]
C:\WINDOWS\crzf32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C894B059-CEE7-1741-7C08-266F6BEF1A2D}]
C:\WINDOWS\apiqw32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5AD27E7-347D-8A47-347A-FBD83901DD61}]
C:\WINDOWS\javaom32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [04/07/2003 01:19 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [04/07/2003 01:07 AM]
"RunWindowsUpdate"="C:\WINDOWS\uptodate.exe" []
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" []
"IPXA"="C:\WINDOWS\IPXA.exe" []
"2LRX2W83X2T3MQ"="C:\WINDOWS\System32\Zvbyl.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [08/27/2007 07:31 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"emsw.exe"="C:\WINDOWS\emsw.exe" []

C:\Documents and Settings\MIKE WHITE\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 10:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 10:00:00 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{bd0fc212-0a36-4232-83cc-2063fb9282e0}"= C:\WINDOWS\system32\qzviz.dll [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bargains]
C:\Program Files\Bargain Buddy\bin\bargains.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
"C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
"C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CJPWCJ]
C:\WINDOWS\CJPWCJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClrSchLoader]
C:\Program Files\ClearSearch\Loader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
"C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EanthologyApp]
C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE /b Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker]
wjview /cp:p "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eZmmod]
C:\PROGRA~1\ezula\mmod.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HELPEXP.EXE]
C:\Program Files\Alset\HelpExpress\MIKE WHITE\Client\HelpExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HXIUL.EXE]
C:\Program Files\Alset\HelpExpress\MIKE WHITE\HXIUL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iotn]
C:\Documents and Settings\MIKE WHITE\Application Data\urod.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
C:\Program Files\ISTsvc\istsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
????

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Scan]
C:\Program Files\Power Scan\powerscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
????

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rundll32_7]
rundll32.exe C:\WINDOWS\System32\msiefr40.dll,DllRunServer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stcloader]
C:\WINDOWS\System32\stcloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateStats]
C:\Program Files\Media\Media\UpdateStats.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebScan]
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{2CF0B992-5EEB-4143-99C0-5297EF71F444}]
rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=2 (0x2)

-- End of Deckard's System Scanner: finished at 2007-08-28 17:59:00 ------------

**Pancake** · 08-28-2007, 05:49 PM

Hi.
You have quite a lot to fix..Some files have already gone via the scans that you have done so lets see whats left...

Will you run this tool to fix the Adware.Istbar
================================
Go to Start > Run and type

cmd

and OK. Type the below commands and hit "Enter" after each line

sc stop NSS
sc delete NSS

Type Exit to close.

==============================
Please download the OTMoveIt by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\crzf32.dll
C:\WINDOWS\apiqw32.dll
C:\WINDOWS\javaom32.dll
C:\Program Files\Video ActiveX Object\iesplugin.dll
C:\WINDOWS\System32\stlbdist
C:\WINDOWS\System32\tapicfg.exe
C:\WINDOWS\System32\syscpy.exe
C:\WINDOWS\System32\stcloader.exe
C:\Program Files\Common Files\slmss\slmss.exe
C:\WINDOWS\uptodate.exe
C:\WINDOWS\System32\msiefr40.dll
C:\WINDOWS\mwsvm.exe
C:\WINDOWS\System32\msbb.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\IPXA.exe
C:\WINDOWS\System32\expup.exe
C:\Program Files\ClearSearch\Loader.exe
C:\WINDOWS\CJPWCJ.exe
C:\Program Files\Bargain Buddy\bin\bargains.exe
C:\WINDOWS\apibq32.exe
C:\WINDOWS\System32\Zvbyl.exe
C:\Documents and Settings\MIKE WHITE\Application Data\urod.exe
C:\Program Files\Alset\HelpExpress\MIKE WHITE\HXIUL.EXE
C:\Program Files\Alset\HelpExpress\MIKE WHITE\Client\HelpExp.exe
C:\PROGRAM FILES\ezula\mmod.exe
C:\WINDOWS\emsw.exe
C:\WINDOWS\System32\winservn.exe
C:\WINDOWS\system32\crig.exe
C:\Program Files\Media\Media\UpdateStats.exe
Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

========================================

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\avscc.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fnbxx.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fnbxx.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: load=??? ?, ?
F3 - REG:win.ini: run=??? ?, ?
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: Class - {1E09A367-5B7D-66F4-0E18-4FBCCE2A8EB3} - C:\WINDOWS\crzf32.dll
O2 - BHO: Class - {C894B059-CEE7-1741-7C08-266F6BEF1A2D} - C:\WINDOWS\apiqw32.dll
O2 - BHO: (no name) - {E5AD27E7-347D-8A47-347A-FBD83901DD61} - C:\WINDOWS\javaom32.dll (file missing)
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin]
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [Tapicfg.exe] C:\WINDOWS\System32\tapicfg.exe
O4 - HKLM\..\Run: [Syscpy] C:\WINDOWS\System32\syscpy.exe
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe
O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINDOWS\System32\msiefr40.dll,DllRunServer
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\System32\msbb.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [IPXA] C:\WINDOWS\IPXA.exe
O4 - HKLM\..\Run: [Explkw] C:\WINDOWS\System32\expup.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] wjview /cp:p "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker"
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [CJPWCJ] C:\WINDOWS\CJPWCJ.exe
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\Run: [apibq32.exe] C:\WINDOWS\apibq32.exe
O4 - HKLM\..\Run: [absr] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Zvbyl.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Iotn] C:\Documents and Settings\MIKE WHITE\Application Data\urod.exe
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\MIKE WHITE\HXIUL.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\MIKE WHITE\Client\HelpExp.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKCU\..\Run: [ContentService] C:\WINDOWS\System32\winservn.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm238YYUS
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab
O19 - User stylesheet: C:\WINDOWS\Web\win.def (file missing)
O19 - User stylesheet: C:\WINDOWS\default.css (file missing) (HKLM)
O22 - SharedTaskScheduler: curdler - {bd0fc212-0a36-4232-83cc-2063fb9282e0} - C:\WINDOWS\system32\qzviz.dll (file missing)
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\crig.exe
O24 - Desktop Component 0: (no name) - http://us.f534.mail.yahoo.com/ym/Sho...a&head=b&Idx=0

Open Windows Explorer and delete the following highlighted red folder/s

C:\Program Files\ Video ActiveX Object
C:\Program Files\ MyWebSearch
C:\Program Files\ Bargain Buddy
C:\Program Files\ ClearSearch
C:\Program Files\ EbatesMoeMoneyMaker
C:\Program Files\Common Files\ slmss
C:\Program Files\ Media
C:\Program Files\I STsvc

===========================
Reboot and the run HijackThis and do a scan and post the log here.

mdmfcook · 08-28-2007, 09:39 PM

Ok here is the log after the last set of edits, I think I did everything correctly but make sure I didn't miss anything please. Thanks again

Deckard's System Scanner v20070819.64
Run by MIKE WHITE on 2007-08-28 23:33:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 85% (more than 75%).
Total Physical Memory: 126 MiB (512 MiB recommended).

-- HijackThis (run as MIKE WHITE.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:59:48 PM, on 8/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MIKEWH~1.EXE
C:\WINDOWS\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Class - {1E09A367-5B7D-66F4-0E18-4FBCCE2A8EB3} - C:\WINDOWS\crzf32.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O2 - BHO: Class - {C894B059-CEE7-1741-7C08-266F6BEF1A2D} - C:\WINDOWS\apiqw32.dll (file missing)
O2 - BHO: (no name) - {E5AD27E7-347D-8A47-347A-FBD83901DD61} - C:\WINDOWS\javaom32.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn2\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [IPXA] C:\WINDOWS\IPXA.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Zvbyl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install...ad/tgctlcm.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A343C209-9930-4FA3-84B6-4CE697EC3F5A} (TSGVClientObj Class) - http://remote.dellfix.com/472/User/CybTech.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab
O19 - User stylesheet: (file missing)
O22 - SharedTaskScheduler: curdler - {bd0fc212-0a36-4232-83cc-2063fb9282e0} - C:\WINDOWS\system32\qzviz.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O24 - Desktop Component 0: (no name) - http://us.f534.mail.yahoo.com/ym/Sho...a&head=b&Idx=0

--
End of file - 6569 bytes

-- Files created between 2007-07-28 and 2007-08-28 -----------------------------

2007-08-27 21:53:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-08-27 21:12:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-27 21:10:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-27 19:35:41 0 dr-h----- C:\$VAULT$.AVG
2007-08-27 19:33:27 0 d-------- C:\Documents and Settings\MIKE WHITE\Application Data\AVG7
2007-08-27 19:32:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-08-27 19:31:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-27 19:31:43 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-08-26 18:58:26 0 --a------ C:\WINDOWS\syswh.dll
2007-08-25 19:53:56 0 d-------- C:\Program Files\Trend Micro
2007-08-25 18:16:48 0 d-------- C:\Program Files\MSXML 4.0
2007-08-25 17:47:55 0 d-------- C:\ie-spyad_zo
2007-08-25 17:42:05 0 d-------- C:\Program Files\SpywareBlaster
2007-08-25 14:31:10 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-25 14:17:18 0 d-------- C:\Program Files\CyberScrub
2007-08-22 19:10:51 0 --a------ C:\WINDOWS\appgu32.dll
2007-08-13 20:45:04 0 --a------ C:\WINDOWS\iple32.exe

-- Find3M Report ---------------------------------------------------------------

2007-08-27 21:12:58 0 d-------- C:\Program Files\Lavasoft
2007-08-27 21:10:47 0 d-a------ C:\Program Files\Common Files
2007-08-27 20:21:57 335 --a------ C:\WINDOWS\nsreg.dat
2007-08-25 13:05:03 0 d-------- C:\Program Files\Creative
2007-08-25 12:46:34 0 d-------- C:\Program Files\InstallShield Installation Information
2007-08-25 12:32:32 0 d-------- C:\Program Files\Sony
2007-08-25 12:28:14 0 d-------- C:\Program Files\Real
2007-08-25 12:28:14 0 d-------- C:\Program Files\Common Files\Real
2007-08-25 12:27:51 0 d-------- C:\Documents and Settings\MIKE WHITE\Application Data\Real
2007-08-25 12:27:10 0 d-------- C:\Program Files\QUICKENW
2007-08-25 12:24:15 0 d-------- C:\Program Files\Dell Computer
2007-08-25 12:04:46 0 d-------- C:\Program Files\Kodak
2007-08-25 11:39:54 0 d-------- C:\Program Files\CA
2007-08-25 11:38:46 0 d--h----- C:\Documents and Settings\MIKE WHITE\Application Data\GTek
2007-08-25 11:09:34 0 d-------- C:\Program Files\Britannica
2007-08-25 11:09:00 0 d-------- C:\Documents and Settings\MIKE WHITE\Application Data\Aim
2007-08-25 11

35 0 d-------- C:\Program Files\Common Files\Adobe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [04/07/2003 01:19 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [04/07/2003 01:07 AM]
"RunWindowsUpdate"="C:\WINDOWS\uptodate.exe" []
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [08/27/2007 07:31 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"emsw.exe"="C:\WINDOWS\emsw.exe" []

C:\Documents and Settings\MIKE WHITE\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 10:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 10:00:00 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bargains]
C:\Program Files\Bargain Buddy\bin\bargains.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
"C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
"C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CJPWCJ]
C:\WINDOWS\CJPWCJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClrSchLoader]
C:\Program Files\ClearSearch\Loader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
"C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EanthologyApp]
C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE /b Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker]
wjview /cp:p "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eZmmod]
C:\PROGRA~1\ezula\mmod.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HELPEXP.EXE]
C:\Program Files\Alset\HelpExpress\MIKE WHITE\Client\HelpExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HXIUL.EXE]
C:\Program Files\Alset\HelpExpress\MIKE WHITE\HXIUL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iotn]
C:\Documents and Settings\MIKE WHITE\Application Data\urod.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
C:\Program Files\ISTsvc\istsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
????

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Scan]
C:\Program Files\Power Scan\powerscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
????

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rundll32_7]
rundll32.exe C:\WINDOWS\System32\msiefr40.dll,DllRunServer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stcloader]
C:\WINDOWS\System32\stcloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateStats]
C:\Program Files\Media\Media\UpdateStats.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebScan]
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{2CF0B992-5EEB-4143-99C0-5297EF71F444}]
rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=2 (0x2)

-- End of Deckard's System Scanner: finished at 2007-08-28 23:37:16 ------------

**Pancake** · 08-28-2007, 10:01 PM

Not sure if you missed these or they are still active.Please have another go...

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O2 - BHO: Class - {1E09A367-5B7D-66F4-0E18-4FBCCE2A8EB3} - C:\WINDOWS\crzf32.dll (file missing)
O2 - BHO: Class - {C894B059-CEE7-1741-7C08-266F6BEF1A2D} - C:\WINDOWS\apiqw32.dll (file missing)
O2 - BHO: (no name) - {E5AD27E7-347D-8A47-347A-FBD83901DD61} - C:\WINDOWS\javaom32.dll (file missing)
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe
O4 - HKLM\..\Run: [IPXA] C:\WINDOWS\IPXA.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Zvbyl.exe
O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O22 - SharedTaskScheduler: curdler - {bd0fc212-0a36-4232-83cc-2063fb9282e0} - C:\WINDOWS\system32\qzviz.dll (file missing)

Reboot and post a new HJT log..

mdmfcook · 08-29-2007, 08:40 AM

OK, here is the latest scan, note I only found two of the files you listed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:03 AM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn2\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install...ad/tgctlcm.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A343C209-9930-4FA3-84B6-4CE697EC3F5A} (TSGVClientObj Class) - http://remote.dellfix.com/472/User/CybTech.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab
O19 - User stylesheet: (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 5466 bytes

**Pancake** · 08-29-2007, 04:26 PM

Just need to tidy up these last items..

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab
O19 - User stylesheet: (file missing)

Reboot and post a new HJT log..How are things going now??

mdmfcook · 08-29-2007, 06:27 PM

Ok, here is the log after most recent deletions. Not having any other issues other than computer is still processing very slow, like it is doing a lot of background work. How do I check system and speed up processing? Thanks so much!
------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:47 PM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn2\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install...ad/tgctlcm.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A343C209-9930-4FA3-84B6-4CE697EC3F5A} (TSGVClientObj Class) - http://remote.dellfix.com/472/User/CybTech.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 5162 bytes

**Pancake** · 08-29-2007, 07:10 PM

I now suggest you do a defrag and a cleanup...This may help speed things up.

Download and scan with CCleaner
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free Basic or Slim versions instead of the Standard Build.

2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.

In the Applications Tab:
• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

mdmfcook · 08-29-2007, 07:31 PM

Yes, this help very much!

Thank you for all your help!

**Pancake** · 08-29-2007, 07:45 PM

Your welcome..

08-27-2007, 05:29 PM	#2 (permalink)
Pancake Security Team (ret.) Join Date: Nov 2003 Location: Victoria.Australia Posts: 7,404 OS: XP Pro SP3	Re: Start-up errors after four steps finished Hi.You have a fair bit of cleaning to do here.You have quite a few nasties. Download and run Adaware,SpyBot & CWShredder (check for updates) for a preliminary cleanup first.Some files below may not be present after running the above programs.Full instructions below. How to setup Ad-Aware Download Ad-Aware Save aawsepersonal.exe into its own directory, NOT in a TEMPorary folder or on the Desktop. I recommend c:/program files/Adaware/ Doubleclick aawsepersonal.exe. Make sure to direct the program to install in the c:/program files/adaware/ directory, NOT the default directory. Open AdAware from Start \| Programs \| Lavasoft \| AdAware. Select <Check for updates now>, <Proceed> After installation, run the program and click the start button.Then click the next button. This lets ad-aware scan your computer. After ad-aware is done running, hit the next button. Then right click the area with the listed spy ware objects.Choose the "Select all objects" option. At this point all the boxes next to the items should be checked. Then hit the next button. It will ask if you want to delete the selected objects. Hit the Okay button. Now most of the spyware should have been deleted from your hard drive. ---------------------------------------------------------------------- How to setup Spybot Search & Destroy version 1.4 Download SpyBot Save spybotsd14.exe into its own directory, NOT in a TEMPorary folder or on the Desktop. I recommend c:/program files/spybot/ Doubleclick spybotsd14.exe. Make sure to direct the program to install in the c:/program files/spybot/ directory, NOT the default directory. Open Spybot from Start \| Programs \| Spybot \| Spybot S&D Select <Search for Updates>. Let it install all updates. This is very important! Select <Immunize> Select <Check for Problems> Check all entries that are in RED. Only RED NOTHING ELSE. Select <Fix Selected Problems> Close Spybot// --------------------------------------------------------------------- How to install and run CWShredder Download CWShredder Choose the stand alone version. This is free. Save cwshredder.exe into its own directory, NOT in a TEMPorary folder or on the DESKTOP. I recommend, c:/program files/CWShredder/ Close all browsers Unzip into same directory Doubleclick CWSInstall.exe Click <Check for updates> and let it install all updates Click <Fix> Click <Next> Close CWShredder// After rebooting post a new HJT log. __________________ Eddy

08-27-2007, 09:15 PM	#3 (permalink)
mdmfcook Registered User Join Date: Dec 2004 Posts: 14 OS: XP	Re: Start-up errors after four steps finished Thanks for the help, below is the log after running Adaware, spybot, cwshredder. System still seems to be running too slow. ----------------------------------------------------------------------- Deckard's System Scanner v20070819.64 Run by MIKE WHITE on 2007-08-27 23:07:25 Computer is in Normal Mode. -------------------------------------------------------------------------------- Percentage of Memory in Use: 88% (more than 75%). Total Physical Memory: 126 MiB (512 MiB recommended). -- HijackThis (run as MIKE WHITE.exe) ------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:56:23 PM, on 8/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\crig.exe C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\apibq32.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\MIKE WHITE\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\MIKE WHITE.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.startium.com/metasearch.php?dst=DIST1 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\avscc.dll/sp.html#10001 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fnbxx.dll/sp.html#93256 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fnbxx.dll/sp.html#93256 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R3 - Default URLSearchHook is missing F3 - REG:win.ini: load=????, ? F3 - REG:win.ini: run=????, ? F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O2 - BHO: Class - {1E09A367-5B7D-66F4-0E18-4FBCCE2A8EB3} - C:\WINDOWS\crzf32.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O2 - BHO: Class - {C894B059-CEE7-1741-7C08-266F6BEF1A2D} - C:\WINDOWS\apiqw32.dll O2 - BHO: (no name) - {E5AD27E7-347D-8A47-347A-FBD83901DD61} - C:\WINDOWS\javaom32.dll (file missing) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn2\ycomp5_5_7_0.dll (file missing) O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain O4 - HKLM\..\Run: [WebScan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Tapicfg.exe] C:\WINDOWS\System32\tapicfg.exe O4 - HKLM\..\Run: [Syscpy] C:\WINDOWS\System32\syscpy.exe O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINDOWS\System32\msiefr40.dll,DllRunServer O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe O4 - HKLM\..\Run: [msbb] C:\WINDOWS\System32\msbb.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [IPXA] C:\WINDOWS\IPXA.exe O4 - HKLM\..\Run: [Explkw] C:\WINDOWS\System32\expup.exe O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] wjview /cp:p "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker" O4 - HKLM\..\Run: [EanthologyApp] C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE /b Startup O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe O4 - HKLM\..\Run: [CJPWCJ] C:\WINDOWS\CJPWCJ.exe O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe O4 - HKLM\..\Run: [apibq32.exe] C:\WINDOWS\apibq32.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [absr] C:\WINDOWS\mwsvm.exe O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Zvbyl.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [Iotn] C:\Documents and Settings\MIKE WHITE\Application Data\urod.exe O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\MIKE WHITE\HXIUL.EXE O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\MIKE WHITE\Client\HelpExp.exe O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ContentService] C:\WINDOWS\System32\winservn.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm238YYUS O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install...ad/tgctlcm.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/sh...3/mcinsctl.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/instal...sinstaller.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A343C209-9930-4FA3-84B6-4CE697EC3F5A} (TSGVClientObj Class) - http://remote.dellfix.com/472/User/CybTech.CAB O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab O19 - User stylesheet: C:\WINDOWS\Web\win.def (file missing) O19 - User stylesheet: C:\WINDOWS\default.css (file missing) (HKLM) O22 - SharedTaskScheduler: curdler - {bd0fc212-0a36-4232-83cc-2063fb9282e0} - C:\WINDOWS\system32\qzviz.dll (file missing) O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\crig.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O24 - Desktop Component 0: (no name) - http://us.f534.mail.yahoo.com/ym/Sho...a&head=b&Idx=0 -- End of file - 9881 bytes -- Files created between 2007-07-27 and 2007-08-27 ----------------------------- 2007-08-27 21:53:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-08-27 21:12:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-08-27 21:10:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-27 19:35:41 0 dr-h----- C:\$VAULT$.AVG 2007-08-27 19:33:27 0 d-------- C:\Documents and Settings\MIKE WHITE\Application Data\AVG7 2007-08-27 19:32:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-08-27 19:31:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-08-27 19:31:43 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7 2007-08-26 18:58:26 0 --a------ C:\WINDOWS\syswh.dll 2007-08-25 19:53:56 0 d-------- C:\Program Files\Trend Micro 2007-08-25 18:16:48 0 d-------- C:\Program Files\MSXML 4.0 2007-08-25 17:47:55 0 d-------- C:\ie-spyad_zo 2007-08-25 17:42:05 0 d-------- C:\Program Files\SpywareBlaster 2007-08-25 14:31:10 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-08-25 14:17:18 0 d-------- C:\Program Files\CyberScrub 2007-08-22 19:10:51 0 --a------ C:\WINDOWS\appgu32.dll 2007-08-13 20:45:04 0 --a------ C:\WINDOWS\iple32.exe -- Find3M Report --------------------------------------------------------------- 2007-08-27 21:12:58 0 d-------- C:\Program Files\Lavasoft 2007-08-27 21:10:47 0 d-a------ C:\Program Files\Common Files 2007-08-27 20:21:57 335 --a------ C:\WINDOWS\nsreg.dat 2007-08-25 13:05:03 0 d-------- C:\Program Files\Creative 2007-08-25 12:46:34 0 d-------- C:\Program Files\InstallShield Installation Information 2007-08-25 12:32:32 0 d-------- C:\Program Files\Sony 2007-08-25 12:28:14 0 d-------- C:\Program Files\Real 2007-08-25 12:28:14 0 d-------- C:\Program Files\Common Files\Real 2007-08-25 12:27:51 0 d-------- C:\Documents and Settings\MIKE WHITE\Application Data\Real 2007-08-25 12:27:10 0 d-------- C:\Program Files\QUICKENW 2007-08-25 12:24:15 0 d-------- C:\Program Files\Dell Computer 2007-08-25 12:04:46 0 d-------- C:\Program Files\Kodak 2007-08-25 11:39:54 0 d-------- C:\Program Files\CA 2007-08-25 11:38:46 0 d--h----- C:\Documents and Settings\MIKE WHITE\Application Data\GTek 2007-08-25 11:09:34 0 d-------- C:\Program Files\Britannica 2007-08-25 11:09:00 0 d-------- C:\Documents and Settings\MIKE WHITE\Application Data\Aim 2007-08-25 1135 0 d-------- C:\Program Files\Common Files\Adobe -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E09A367-5B7D-66F4-0E18-4FBCCE2A8EB3}] C:\WINDOWS\crzf32.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C894B059-CEE7-1741-7C08-266F6BEF1A2D}] C:\WINDOWS\apiqw32.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5AD27E7-347D-8A47-347A-FBD83901DD61}] C:\WINDOWS\javaom32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [04/07/2003 01:19 AM] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [04/07/2003 01:07 AM] "RunWindowsUpdate"="C:\WINDOWS\uptodate.exe" [] "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [] "IPXA"="C:\WINDOWS\IPXA.exe" [] "2LRX2W83X2T3MQ"="C:\WINDOWS\System32\Zvbyl.exe" [] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [08/27/2007 07:31 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM] "emsw.exe"="C:\WINDOWS\emsw.exe" [] C:\Documents and Settings\MIKE WHITE\Start Menu\Programs\Startup\ DESKTOP.INI [9/3/2002 10:00:00 AM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ DESKTOP.INI [9/3/2002 10:00:00 AM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "DisableTaskMgr"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{bd0fc212-0a36-4232-83cc-2063fb9282e0}"= C:\WINDOWS\system32\qzviz.dll [ ] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CJPWCJ] C:\WINDOWS\CJPWCJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EanthologyApp] C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE /b Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker] wjview /cp:p "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eZmmod] C:\PROGRA~1\ezula\mmod.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\MIKE WHITE\Client\HelpExp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HXIUL.EXE] C:\Program Files\Alset\HelpExpress\MIKE WHITE\HXIUL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iotn] C:\Documents and Settings\MIKE WHITE\Application Data\urod.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service] C:\Program Files\ISTsvc\istsvc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] ???? [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Scan] C:\Program Files\Power Scan\powerscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] ???? [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rundll32_7] rundll32.exe C:\WINDOWS\System32\msiefr40.dll,DllRunServer [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stcloader] C:\WINDOWS\System32\stcloader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebScan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SharedAccess"=2 (0x2) -- End of Deckard's System Scanner: finished at 2007-08-27 23:09:30 ------------

08-27-2007, 09:46 PM	#4 (permalink)
Pancake Security Team (ret.) Join Date: Nov 2003 Location: Victoria.Australia Posts: 7,404 OS: XP Pro SP3	Re: Start-up errors after four steps finished I think you just posted your original log.I need a new HJT log anfter a reboot please. __________________ Eddy

08-28-2007, 04:31 PM	#5 (permalink)
mdmfcook Registered User Join Date: Dec 2004 Posts: 14 OS: XP	Re: Start-up errors after four steps finished Sorry here is a copy of the log I just ran (using Deckard's SS) again, after I have ran Adaware, spybot, CWshredder. If it is the same as the scan before I started, I do not know why or how as I erased the first scan txt file completely from you files! Time stamp is giving the correct current time that I ran the log also! Deckard's System Scanner v20070819.64 Run by MIKE WHITE on 2007-08-28 17:55:44 Computer is in Normal Mode. -------------------------------------------------------------------------------- Percentage of Memory in Use: 77% (more than 75%). Total Physical Memory: 126 MiB (512 MiB recommended). -- HijackThis (run as MIKE WHITE.exe) ------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:56:23 PM, on 8/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\crig.exe C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\apibq32.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\MIKE WHITE\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\MIKE WHITE.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.startium.com/metasearch.php?dst=DIST1 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\avscc.dll/sp.html#10001 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fnbxx.dll/sp.html#93256 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fnbxx.dll/sp.html#93256 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R3 - Default URLSearchHook is missing F3 - REG:win.ini: load=????, ? F3 - REG:win.ini: run=????, ? F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O2 - BHO: Class - {1E09A367-5B7D-66F4-0E18-4FBCCE2A8EB3} - C:\WINDOWS\crzf32.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O2 - BHO: Class - {C894B059-CEE7-1741-7C08-266F6BEF1A2D} - C:\WINDOWS\apiqw32.dll O2 - BHO: (no name) - {E5AD27E7-347D-8A47-347A-FBD83901DD61} - C:\WINDOWS\javaom32.dll (file missing) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn2\ycomp5_5_7_0.dll (file missing) O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain O4 - HKLM\..\Run: [WebScan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Tapicfg.exe] C:\WINDOWS\System32\tapicfg.exe O4 - HKLM\..\Run: [Syscpy] C:\WINDOWS\System32\syscpy.exe O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINDOWS\System32\msiefr40.dll,DllRunServer O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe O4 - HKLM\..\Run: [msbb] C:\WINDOWS\System32\msbb.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [IPXA] C:\WINDOWS\IPXA.exe O4 - HKLM\..\Run: [Explkw] C:\WINDOWS\System32\expup.exe O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] wjview /cp:p "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker" O4 - HKLM\..\Run: [EanthologyApp] C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE /b Startup O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe O4 - HKLM\..\Run: [CJPWCJ] C:\WINDOWS\CJPWCJ.exe O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe O4 - HKLM\..\Run: [apibq32.exe] C:\WINDOWS\apibq32.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [absr] C:\WINDOWS\mwsvm.exe O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Zvbyl.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [Iotn] C:\Documents and Settings\MIKE WHITE\Application Data\urod.exe O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\MIKE WHITE\HXIUL.EXE O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\MIKE WHITE\Client\HelpExp.exe O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ContentService] C:\WINDOWS\System32\winservn.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm238YYUS O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install...ad/tgctlcm.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/sh...3/mcinsctl.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/instal...sinstaller.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A343C209-9930-4FA3-84B6-4CE697EC3F5A} (TSGVClientObj Class) - http://remote.dellfix.com/472/User/CybTech.CAB O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab O19 - User stylesheet: C:\WINDOWS\Web\win.def (file missing) O19 - User stylesheet: C:\WINDOWS\default.css (file missing) (HKLM) O22 - SharedTaskScheduler: curdler - {bd0fc212-0a36-4232-83cc-2063fb9282e0} - C:\WINDOWS\system32\qzviz.dll (file missing) O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\crig.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O24 - Desktop Component 0: (no name) - http://us.f534.mail.yahoo.com/ym/Sho...a&head=b&Idx=0 -- End of file - 9881 bytes -- Files created between 2007-07-28 and 2007-08-28 ----------------------------- 2007-08-27 21:53:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-08-27 21:12:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-08-27 21:10:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-27 19:35:41 0 dr-h----- C:\$VAULT$.AVG 2007-08-27 19:33:27 0 d-------- C:\Documents and Settings\MIKE WHITE\Application Data\AVG7 2007-08-27 19:32:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-08-27 19:31:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-08-27 19:31:43 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7 2007-08-26 18:58:26 0 --a------ C:\WINDOWS\syswh.dll 2007-08-25 19:53:56 0 d-------- C:\Program Files\Trend Micro 2007-08-25 18:16:48 0 d-------- C:\Program Files\MSXML 4.0 2007-08-25 17:47:55 0 d-------- C:\ie-spyad_zo 2007-08-25 17:42:05 0 d-------- C:\Program Files\SpywareBlaster 2007-08-25 14:31:10 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-08-25 14:17:18 0 d-------- C:\Program Files\CyberScrub 2007-08-22 19:10:51 0 --a------ C:\WINDOWS\appgu32.dll 2007-08-13 20:45:04 0 --a------ C:\WINDOWS\iple32.exe -- Find3M Report --------------------------------------------------------------- 2007-08-27 21:12:58 0 d-------- C:\Program Files\Lavasoft 2007-08-27 21:10:47 0 d-a------ C:\Program Files\Common Files 2007-08-27 20:21:57 335 --a------ C:\WINDOWS\nsreg.dat 2007-08-25 13:05:03 0 d-------- C:\Program Files\Creative 2007-08-25 12:46:34 0 d-------- C:\Program Files\InstallShield Installation Information 2007-08-25 12:32:32 0 d-------- C:\Program Files\Sony 2007-08-25 12:28:14 0 d-------- C:\Program Files\Real 2007-08-25 12:28:14 0 d-------- C:\Program Files\Common Files\Real 2007-08-25 12:27:51 0 d-------- C:\Documents and Settings\MIKE WHITE\Application Data\Real 2007-08-25 12:27:10 0 d-------- C:\Program Files\QUICKENW 2007-08-25 12:24:15 0 d-------- C:\Program Files\Dell Computer 2007-08-25 12:04:46 0 d-------- C:\Program Files\Kodak 2007-08-25 11:39:54 0 d-------- C:\Program Files\CA 2007-08-25 11:38:46 0 d--h----- C:\Documents and Settings\MIKE WHITE\Application Data\GTek 2007-08-25 11:09:34 0 d-------- C:\Program Files\Britannica 2007-08-25 11:09:00 0 d-------- C:\Documents and Settings\MIKE WHITE\Application Data\Aim 2007-08-25 1135 0 d-------- C:\Program Files\Common Files\Adobe -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E09A367-5B7D-66F4-0E18-4FBCCE2A8EB3}] C:\WINDOWS\crzf32.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C894B059-CEE7-1741-7C08-266F6BEF1A2D}] C:\WINDOWS\apiqw32.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5AD27E7-347D-8A47-347A-FBD83901DD61}] C:\WINDOWS\javaom32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [04/07/2003 01:19 AM] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [04/07/2003 01:07 AM] "RunWindowsUpdate"="C:\WINDOWS\uptodate.exe" [] "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [] "IPXA"="C:\WINDOWS\IPXA.exe" [] "2LRX2W83X2T3MQ"="C:\WINDOWS\System32\Zvbyl.exe" [] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [08/27/2007 07:31 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM] "emsw.exe"="C:\WINDOWS\emsw.exe" [] C:\Documents and Settings\MIKE WHITE\Start Menu\Programs\Startup\ DESKTOP.INI [9/3/2002 10:00:00 AM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ DESKTOP.INI [9/3/2002 10:00:00 AM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "DisableTaskMgr"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{bd0fc212-0a36-4232-83cc-2063fb9282e0}"= C:\WINDOWS\system32\qzviz.dll [ ] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CJPWCJ] C:\WINDOWS\CJPWCJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EanthologyApp] C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE /b Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker] wjview /cp:p "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eZmmod] C:\PROGRA~1\ezula\mmod.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\MIKE WHITE\Client\HelpExp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HXIUL.EXE] C:\Program Files\Alset\HelpExpress\MIKE WHITE\HXIUL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iotn] C:\Documents and Settings\MIKE WHITE\Application Data\urod.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service] C:\Program Files\ISTsvc\istsvc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] ???? [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Scan] C:\Program Files\Power Scan\powerscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] ???? [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rundll32_7] rundll32.exe C:\WINDOWS\System32\msiefr40.dll,DllRunServer [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stcloader] C:\WINDOWS\System32\stcloader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebScan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SharedAccess"=2 (0x2) -- End of Deckard's System Scanner: finished at 2007-08-28 17:59:00 ------------

08-28-2007, 05:49 PM	#6 (permalink)
Pancake Security Team (ret.) Join Date: Nov 2003 Location: Victoria.Australia Posts: 7,404 OS: XP Pro SP3	Re: Start-up errors after four steps finished Hi. You have quite a lot to fix..Some files have already gone via the scans that you have done so lets see whats left... Will you run this tool to fix the Adware.Istbar ================================ Go to Start > Run and type cmd and OK. Type the below commands and hit "Enter" after each line sc stop NSS sc delete NSS Type Exit to close. ============================== Please download the OTMoveIt by OldTimer. Save it to your desktop. Please double-click OTMoveIt.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy): C:\WINDOWS\crzf32.dll C:\WINDOWS\apiqw32.dll C:\WINDOWS\javaom32.dll C:\Program Files\Video ActiveX Object\iesplugin.dll C:\WINDOWS\System32\stlbdist C:\WINDOWS\System32\tapicfg.exe C:\WINDOWS\System32\syscpy.exe C:\WINDOWS\System32\stcloader.exe C:\Program Files\Common Files\slmss\slmss.exe C:\WINDOWS\uptodate.exe C:\WINDOWS\System32\msiefr40.dll C:\WINDOWS\mwsvm.exe C:\WINDOWS\System32\msbb.exe C:\Program Files\ISTsvc\istsvc.exe C:\WINDOWS\IPXA.exe C:\WINDOWS\System32\expup.exe C:\Program Files\ClearSearch\Loader.exe C:\WINDOWS\CJPWCJ.exe C:\Program Files\Bargain Buddy\bin\bargains.exe C:\WINDOWS\apibq32.exe C:\WINDOWS\System32\Zvbyl.exe C:\Documents and Settings\MIKE WHITE\Application Data\urod.exe C:\Program Files\Alset\HelpExpress\MIKE WHITE\HXIUL.EXE C:\Program Files\Alset\HelpExpress\MIKE WHITE\Client\HelpExp.exe C:\PROGRAM FILES\ezula\mmod.exe C:\WINDOWS\emsw.exe C:\WINDOWS\System32\winservn.exe C:\WINDOWS\system32\crig.exe C:\Program Files\Media\Media\UpdateStats.exe Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste. Click the red Moveit! button. Close OTMoveIt If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. ======================================== Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\avscc.dll/sp.html#10001 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fnbxx.dll/sp.html#93256 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fnbxx.dll/sp.html#93256 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R3 - Default URLSearchHook is missing F3 - REG:win.ini: load=??? ?, ? F3 - REG:win.ini: run=??? ?, ? O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O2 - BHO: Class - {1E09A367-5B7D-66F4-0E18-4FBCCE2A8EB3} - C:\WINDOWS\crzf32.dll O2 - BHO: Class - {C894B059-CEE7-1741-7C08-266F6BEF1A2D} - C:\WINDOWS\apiqw32.dll O2 - BHO: (no name) - {E5AD27E7-347D-8A47-347A-FBD83901DD61} - C:\WINDOWS\javaom32.dll (file missing) O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe O4 - HKLM\..\Run: [Tapicfg.exe] C:\WINDOWS\System32\tapicfg.exe O4 - HKLM\..\Run: [Syscpy] C:\WINDOWS\System32\syscpy.exe O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINDOWS\System32\msiefr40.dll,DllRunServer O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe O4 - HKLM\..\Run: [msbb] C:\WINDOWS\System32\msbb.exe O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [IPXA] C:\WINDOWS\IPXA.exe O4 - HKLM\..\Run: [Explkw] C:\WINDOWS\System32\expup.exe O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] wjview /cp:p "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker" O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe O4 - HKLM\..\Run: [CJPWCJ] C:\WINDOWS\CJPWCJ.exe O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe O4 - HKLM\..\Run: [apibq32.exe] C:\WINDOWS\apibq32.exe O4 - HKLM\..\Run: [absr] C:\WINDOWS\mwsvm.exe O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Zvbyl.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [Iotn] C:\Documents and Settings\MIKE WHITE\Application Data\urod.exe O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\MIKE WHITE\HXIUL.EXE O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\MIKE WHITE\Client\HelpExp.exe O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe O4 - HKCU\..\Run: [ContentService] C:\WINDOWS\System32\winservn.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm238YYUS O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab O19 - User stylesheet: C:\WINDOWS\Web\win.def (file missing) O19 - User stylesheet: C:\WINDOWS\default.css (file missing) (HKLM) O22 - SharedTaskScheduler: curdler - {bd0fc212-0a36-4232-83cc-2063fb9282e0} - C:\WINDOWS\system32\qzviz.dll (file missing) O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\crig.exe O24 - Desktop Component 0: (no name) - http://us.f534.mail.yahoo.com/ym/Sho...a&head=b&Idx=0 Open Windows Explorer and delete the following highlighted red folder/s C:\Program Files\ Video ActiveX Object C:\Program Files\ MyWebSearch C:\Program Files\ Bargain Buddy C:\Program Files\ ClearSearch C:\Program Files\ EbatesMoeMoneyMaker C:\Program Files\Common Files\ slmss C:\Program Files\ Media C:\Program Files\I STsvc =========================== Reboot and the run HijackThis and do a scan and post the log here. __________________ Eddy

08-28-2007, 09:39 PM	#7 (permalink)
mdmfcook Registered User Join Date: Dec 2004 Posts: 14 OS: XP	Re: Start-up errors after four steps finished Ok here is the log after the last set of edits, I think I did everything correctly but make sure I didn't miss anything please. Thanks again Deckard's System Scanner v20070819.64 Run by MIKE WHITE on 2007-08-28 23:33:43 Computer is in Normal Mode. -------------------------------------------------------------------------------- Percentage of Memory in Use: 85% (more than 75%). Total Physical Memory: 126 MiB (512 MiB recommended). -- HijackThis (run as MIKE WHITE.exe) ------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:59:48 PM, on 8/28/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\System32\hkcmd.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\cidaemon.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\MIKEWH~1.EXE C:\WINDOWS\notepad.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O2 - BHO: Class - {1E09A367-5B7D-66F4-0E18-4FBCCE2A8EB3} - C:\WINDOWS\crzf32.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O2 - BHO: Class - {C894B059-CEE7-1741-7C08-266F6BEF1A2D} - C:\WINDOWS\apiqw32.dll (file missing) O2 - BHO: (no name) - {E5AD27E7-347D-8A47-347A-FBD83901DD61} - C:\WINDOWS\javaom32.dll (file missing) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn2\ycomp5_5_7_0.dll (file missing) O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [IPXA] C:\WINDOWS\IPXA.exe O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Zvbyl.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install...ad/tgctlcm.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/sh...3/mcinsctl.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A343C209-9930-4FA3-84B6-4CE697EC3F5A} (TSGVClientObj Class) - http://remote.dellfix.com/472/User/CybTech.CAB O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab O19 - User stylesheet: (file missing) O22 - SharedTaskScheduler: curdler - {bd0fc212-0a36-4232-83cc-2063fb9282e0} - C:\WINDOWS\system32\qzviz.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O24 - Desktop Component 0: (no name) - http://us.f534.mail.yahoo.com/ym/Sho...a&head=b&Idx=0 -- End of file - 6569 bytes -- Files created between 2007-07-28 and 2007-08-28 ----------------------------- 2007-08-27 21:53:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-08-27 21:12:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-08-27 21:10:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-27 19:35:41 0 dr-h----- C:\$VAULT$.AVG 2007-08-27 19:33:27 0 d-------- C:\Documents and Settings\MIKE WHITE\Application Data\AVG7 2007-08-27 19:32:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-08-27 19:31:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-08-27 19:31:43 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7 2007-08-26 18:58:26 0 --a------ C:\WINDOWS\syswh.dll 2007-08-25 19:53:56 0 d-------- C:\Program Files\Trend Micro 2007-08-25 18:16:48 0 d-------- C:\Program Files\MSXML 4.0 2007-08-25 17:47:55 0 d-------- C:\ie-spyad_zo 2007-08-25 17:42:05 0 d-------- C:\Program Files\SpywareBlaster 2007-08-25 14:31:10 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-08-25 14:17:18 0 d-------- C:\Program Files\CyberScrub 2007-08-22 19:10:51 0 --a------ C:\WINDOWS\appgu32.dll 2007-08-13 20:45:04 0 --a------ C:\WINDOWS\iple32.exe -- Find3M Report --------------------------------------------------------------- 2007-08-27 21:12:58 0 d-------- C:\Program Files\Lavasoft 2007-08-27 21:10:47 0 d-a------ C:\Program Files\Common Files 2007-08-27 20:21:57 335 --a------ C:\WINDOWS\nsreg.dat 2007-08-25 13:05:03 0 d-------- C:\Program Files\Creative 2007-08-25 12:46:34 0 d-------- C:\Program Files\InstallShield Installation Information 2007-08-25 12:32:32 0 d-------- C:\Program Files\Sony 2007-08-25 12:28:14 0 d-------- C:\Program Files\Real 2007-08-25 12:28:14 0 d-------- C:\Program Files\Common Files\Real 2007-08-25 12:27:51 0 d-------- C:\Documents and Settings\MIKE WHITE\Application Data\Real 2007-08-25 12:27:10 0 d-------- C:\Program Files\QUICKENW 2007-08-25 12:24:15 0 d-------- C:\Program Files\Dell Computer 2007-08-25 12:04:46 0 d-------- C:\Program Files\Kodak 2007-08-25 11:39:54 0 d-------- C:\Program Files\CA 2007-08-25 11:38:46 0 d--h----- C:\Documents and Settings\MIKE WHITE\Application Data\GTek 2007-08-25 11:09:34 0 d-------- C:\Program Files\Britannica 2007-08-25 11:09:00 0 d-------- C:\Documents and Settings\MIKE WHITE\Application Data\Aim 2007-08-25 1135 0 d-------- C:\Program Files\Common Files\Adobe -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [04/07/2003 01:19 AM] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [04/07/2003 01:07 AM] "RunWindowsUpdate"="C:\WINDOWS\uptodate.exe" [] "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [08/27/2007 07:31 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM] "emsw.exe"="C:\WINDOWS\emsw.exe" [] C:\Documents and Settings\MIKE WHITE\Start Menu\Programs\Startup\ DESKTOP.INI [9/3/2002 10:00:00 AM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ DESKTOP.INI [9/3/2002 10:00:00 AM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "DisableTaskMgr"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CJPWCJ] C:\WINDOWS\CJPWCJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EanthologyApp] C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE /b Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker] wjview /cp:p "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eZmmod] C:\PROGRA~1\ezula\mmod.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\MIKE WHITE\Client\HelpExp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HXIUL.EXE] C:\Program Files\Alset\HelpExpress\MIKE WHITE\HXIUL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iotn] C:\Documents and Settings\MIKE WHITE\Application Data\urod.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service] C:\Program Files\ISTsvc\istsvc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] ???? [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Scan] C:\Program Files\Power Scan\powerscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] ???? [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rundll32_7] rundll32.exe C:\WINDOWS\System32\msiefr40.dll,DllRunServer [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stcloader] C:\WINDOWS\System32\stcloader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebScan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SharedAccess"=2 (0x2) -- End of Deckard's System Scanner: finished at 2007-08-28 23:37:16 ------------

08-28-2007, 10:01 PM	#8 (permalink)
Pancake Security Team (ret.) Join Date: Nov 2003 Location: Victoria.Australia Posts: 7,404 OS: XP Pro SP3	Re: Start-up errors after four steps finished Not sure if you missed these or they are still active.Please have another go... Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT. O2 - BHO: Class - {1E09A367-5B7D-66F4-0E18-4FBCCE2A8EB3} - C:\WINDOWS\crzf32.dll (file missing) O2 - BHO: Class - {C894B059-CEE7-1741-7C08-266F6BEF1A2D} - C:\WINDOWS\apiqw32.dll (file missing) O2 - BHO: (no name) - {E5AD27E7-347D-8A47-347A-FBD83901DD61} - C:\WINDOWS\javaom32.dll (file missing) O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe O4 - HKLM\..\Run: [IPXA] C:\WINDOWS\IPXA.exe O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Zvbyl.exe O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe O22 - SharedTaskScheduler: curdler - {bd0fc212-0a36-4232-83cc-2063fb9282e0} - C:\WINDOWS\system32\qzviz.dll (file missing) Reboot and post a new HJT log.. __________________ Eddy

08-29-2007, 08:40 AM	#9 (permalink)
mdmfcook Registered User Join Date: Dec 2004 Posts: 14 OS: XP	Re: Start-up errors after four steps finished OK, here is the latest scan, note I only found two of the files you listed. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:39:03 AM, on 8/29/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\System32\hkcmd.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn2\ycomp5_5_7_0.dll (file missing) O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install...ad/tgctlcm.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/sh...3/mcinsctl.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A343C209-9930-4FA3-84B6-4CE697EC3F5A} (TSGVClientObj Class) - http://remote.dellfix.com/472/User/CybTech.CAB O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab O19 - User stylesheet: (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE -- End of file - 5466 bytes

08-29-2007, 04:26 PM	#10 (permalink)
Pancake Security Team (ret.) Join Date: Nov 2003 Location: Victoria.Australia Posts: 7,404 OS: XP Pro SP3	Re: Start-up errors after four steps finished Just need to tidy up these last items.. Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab O19 - User stylesheet: (file missing) Reboot and post a new HJT log..How are things going now?? __________________ Eddy

08-29-2007, 06:27 PM	#11 (permalink)
mdmfcook Registered User Join Date: Dec 2004 Posts: 14 OS: XP	Re: Start-up errors after four steps finished Ok, here is the log after most recent deletions. Not having any other issues other than computer is still processing very slow, like it is doing a lot of background work. How do I check system and speed up processing? Thanks so much! ------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:22:47 PM, on 8/29/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\System32\hkcmd.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn2\ycomp5_5_7_0.dll (file missing) O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install...ad/tgctlcm.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/sh...3/mcinsctl.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A343C209-9930-4FA3-84B6-4CE697EC3F5A} (TSGVClientObj Class) - http://remote.dellfix.com/472/User/CybTech.CAB O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE -- End of file - 5162 bytes

08-29-2007, 07:10 PM	#12 (permalink)
Pancake Security Team (ret.) Join Date: Nov 2003 Location: Victoria.Australia Posts: 7,404 OS: XP Pro SP3	Re: Start-up errors after four steps finished I now suggest you do a defrag and a cleanup...This may help speed things up. Download and scan with CCleaner 1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free Basic or Slim versions instead of the Standard Build. 2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours" 3. Then select the items you wish to clean up. In the Windows Tab: • Clean all entries in the "Internet Explorer" section except Cookies. • Clean all the entries in the "Windows Explorer" section. • Clean all entries in the "System" section. • Clean all entries in the "Advanced" section. • Clean any others that you choose. In the Applications Tab: • Clean all except cookies in the Firefox/Mozilla section if you use it. • Clean all in the Opera section if you use it. • Clean Sun Java in the Internet Section. • Clean any others that you choose. 4. Click the "Run Cleaner" button. 5. A pop up box will appear advising this process will permanently delete files from your system. 6. Click "OK" and it will scan and clean your system. 7. Click "exit" when done. __________________ Eddy

08-29-2007, 07:31 PM	#13 (permalink)
mdmfcook Registered User Join Date: Dec 2004 Posts: 14 OS: XP	Re: Start-up errors after four steps finished Yes, this help very much! Thank you for all your help!

08-29-2007, 07:45 PM	#14 (permalink)
Pancake Security Team (ret.) Join Date: Nov 2003 Location: Victoria.Australia Posts: 7,404 OS: XP Pro SP3	Re: Start-up errors after four steps finished Your welcome.. __________________ Eddy