Computer acting strange- sorta-new PC bogs down like a tank in quicksand

Guyute · January 2008

Good day, everyone,

I am helping my neighbour, so I appreciate any help I can get to clean out his HDD. He got a computer that was bought for him used, with who-knows-what lurking on it.

Synopsis:
1) Very strange: When you turn it on, you get a message saying that the system time is wrong, to continue save changes, and when you finally get to your desktop, the system time is always Jan 14, 1980.
2)His new-to-him PC bogs down like crazy about 5-6 minutes after startup, every single time. Before this gremlin takes over, everything seems fine;
3) The hard disk: you can hear it writing constantly the entire time.
4) You wait up to two minutes for a reaction when you click on the taskbar, and opening a new program just doesn't happen.
5) When I turn on the PC, most times the welcome screen hangs until I press ctl+alt+del and it brings up the desktop right away.
6) FYI The first time I ran ATF cleaner it removed over 650 MB of junk.

I have run Windows Update, all of the other steps in the "what to do..." thread (I have attached the adaware file since it is so long).

Here are my files:

HJT:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:29:04 PM, on 1/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\user\My Documents\antivirus\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.shareazaweb.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {183807B8-BC07-48A2-8DAD-ABC96FA6C7A8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {3fd7a1a6-76cb-64c8-5e44-396acf3d4219} - {9124d3fc-a693-44e5-8c46-bc676a1a7df3} - C:\WINDOWS\system32\epgkbtal.dll (file missing)
O2 - BHO: (no name) - {9341A15C-F21B-4731-8C5E-17705030DBA0} - C:\WINDOWS\system32\pmnli.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MediaChecker.lnk = C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Net Assistant.lnk = C:\Program Files\Aliant\Net Assistant\bin\matcli.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: nqmthmhv - C:\WINDOWS\
O20 - Winlogon Notify: urqnmll - urqnmll.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7316 bytes

Panda:

Incident Status Location

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\user\Cookies\user@atdmt[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user\Cookies\user@com[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@atdmt[2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@enhance[2].txt

Kaspersky:
Scan My Computer

Scanned: 109541
Detected: 0
Untreated: 0
Start time: 1/20/2008 3:45:55 PM
Duration: 00:23:15
Finish time: 1/20/2008 4:09:10 PM
Signatures published: 1/20/2008 1:15:44 PM

Detected

Status Object

Events

Time Name Status Reason
---- ----

Statistics

Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

Settings

Parameter Value

Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology Yes
Enable iSwift technology Yes
Record information about dangerous objects to program statistics Yes

Any suggestions as to what is causing this?

Thanks in advance for all your help.

Trogan · January 2008

Hi Guyute,

The HijackThis being used it outdated. Please uninstall it from Add/Remove and then do the following...

Download HJTInstall.exe to your Desktop.

Doubleclick HJTInstall.exe to install it.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Save the log to a convenient location as you'll need to post it soon.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Post the new HijackThis log back here.

Guyute · January 2008

Hi Trogan,

Thanks for the reply. Sorry for the delay, things have been hectic! Here we go!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:56:37 PM, on 1/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://search.shareazaweb.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {183807B8-BC07-48A2-8DAD-ABC96FA6C7A8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {3fd7a1a6-76cb-64c8-5e44-396acf3d4219} - {9124d3fc-a693-44e5-8c46-bc676a1a7df3} -

C:\WINDOWS\system32\epgkbtal.dll (file missing)
O2 - BHO: (no name) - {9341A15C-F21B-4731-8C5E-17705030DBA0} - C:\WINDOWS\system32\pmnli.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live

Toolbar\msntb.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program

Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live

Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program

Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma

Loader.exe
O4 - Global Startup: MediaChecker.lnk = C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Net Assistant.lnk = C:\Program Files\Aliant\Net Assistant\bin\matcli.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live

Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: nqmthmhv - C:\WINDOWS\
O20 - Winlogon Notify: urqnmll - urqnmll.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware

2007\aawservice.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky

Anti-Virus 6.0 SOS\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner -

C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7054 bytes

-Thanks!

Trogan · January 2008

Hi Guyute,

We need to disable SpyBots TeaTimer as it may interfere with the fix:

Open Spybot Search & Destroy
Go to the Mode menu, and make sure "Advanced Mode" is selected
On the left hand side, choose Tools -> Resident
Uncheck "Resident TeaTimer" and OK any prompts
Exit SpyBot

Please do the following...

1. Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)

O2 - BHO: (no name) - {183807B8-BC07-48A2-8DAD-ABC96FA6C7A8} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {3fd7a1a6-76cb-64c8-5e44-396acf3d4219} - {9124d3fc-a693-44e5-8c46-bc676a1a7df3} - C:\WINDOWS\system32\epgkbtal.dll (file missing)
O2 - BHO: (no name) - {9341A15C-F21B-4731-8C5E-17705030DBA0} - C:\WINDOWS\system32\pmnli.dll (file missing)

O4 - Global Startup: MediaChecker.lnk = C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe

O20 - Winlogon Notify: nqmthmhv - C:\WINDOWS\
O20 - Winlogon Notify: urqnmll - urqnmll.dll (file missing)

- Close ALL open windows (especially Internet Explorer!)
- Click Fix Checked
Close HiajckThis

2. I need to see another log from HijackThis.

Run Hijackthis.
Click on Open the Misc Tools section.
Next click on Open uninstall manager.
Press the Save list button.
Save the file to your desktop, with the default name of uninstall_list
Copy & Paste the entire contents of that file in your in your next post.

3. Please post the following...

Uninstall list
New HijackThis log - In Notepad, select the Format tab and uncheck Word Wrap.

Guyute · January 2008

Hi Trogan,

Again, thanks for helping.

Uninstall list:
Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Photoshop Elements
Adobe SVG Viewer
Apple Software Update
Broadcom NetXtreme Ethernet Controller
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
HOT ALBUM MYBOX
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel(R) Extreme Graphics 2 Driver
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Kaspersky Anti-Virus 6.0 SOS
Kaspersky Anti-Virus 6.0 SOS
LimeWire 4.16.2
LiveUpdate 1.6 (Symantec Corporation)
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Standard
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser
Net Assistant
Panda ActiveScan
QuickTime
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Smart Menus (Windows Live Toolbar)
Spybot - Search & Destroy
SpywareBlaster v3.5.1
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
ZoneAlarm
ZoneAlarm Spy Blocker

==========================================
HJT LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:34 PM, on 1/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.shareazaweb.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Net Assistant.lnk = C:\Program Files\Aliant\Net Assistant\bin\matcli.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6057 bytes

Thanks!

Steve

Trogan · January 2008

Hi Guyute,

Please do the following...

1. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 update4.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement."
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove the following...
- Java(TM) 6 Update 2
- Java(TM) 6 Update 3
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.

2. Please download ComboFix to your Desktop.

Double click on Combofix.exe & follow the prompts.
When the scan has finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

3. Please post the ComboFix log back here.

Guyute · February 2008

Hi Trogan,

Here is the combofix log. Sorry for the delay, I have had a houseful of sick kids and my wife is sick, too. If you notice something new, I just installed a new HP printer, too.

Thanks for all your help!

-Steve

ComboFix 08-02.03.1 - user 2008-02-02 19:48:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.240 [GMT -3:00]
Running from: C:\Documents and Settings\user\My Documents\antivirus\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\user\Desktop\Security Updates.URL
C:\Documents and Settings\user\Favorites\Online Security Guide.lnk
C:\Documents and Settings\user\My Documents\Live Safety Center.lnk
C:\WINDOWS\system32\ilnmp.bak1
C:\WINDOWS\system32\ilnmp.bak2
C:\WINDOWS\system32\ilnmp.ini
C:\WINDOWS\system32\ilnmp.ini2
C:\WINDOWS\system32\ilnmp.tmp
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nqmthmhv.dllbox
C:\WINDOWS\system32\qauviffg.dllbox

BITS: Possible infected sites

hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))
.

2008-02-02 19:46 . 2007-12-14 01:59 69,632 --a

C:\WINDOWS\system32\javacpl.cpl
2008-02-02 19:45 . 2008-02-02 19:46 <DIR> d

C:\Program Files\Java
2008-02-02 19:45 . 2008-02-02 19:45 <DIR> d

C:\Program Files\Common Files\Java
2008-02-02 19:30 . 2008-02-02 19:30 <DIR> d

C:\Documents and Settings\All Users\Application Data\WEBREG
2008-02-02 19:29 . 2008-02-02 19:29 <DIR> d

C:\Documents and Settings\user\Application Data\HP
2008-02-02 19:29 . 2008-02-02 19:29 <DIR> d

C:\Documents and Settings\All Users\Application Data\HP
2008-02-02 19:28 . 2008-02-02 19:28 <DIR> d

C:\Program Files\Common Files\HP
2008-02-02 19:27 . 2008-02-02 19:29 <DIR> d

C:\Program Files\HP
2008-02-02 19:25 . 2008-02-02 19:25 <DIR> d

C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-02-02 19:25 . 2008-02-02 19:30 130,488 --a

C:\WINDOWS\HPHins13.dat
2008-02-02 19:25 . 2007-01-22 13:05 2,977

C:\WINDOWS\hphmdl13.dat
2008-02-02 19:24 . 2006-12-15 13:19 258,048 -ra

C:\WINDOWS\system32\hpzids01.dll
2008-02-02 19:24 . 2006-12-30 15:49 117,760 --a

C:\WINDOWS\system32\hpzll4v2.dll
2008-02-02 19:23 . 2004-08-03 23:01 25,856 --a

C:\WINDOWS\system32\drivers\usbprint.sys
2008-02-02 19:23 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-23 17:56 . 2008-01-23 17:56 <DIR> d

C:\Program Files\Trend Micro
2008-01-20 17:20 . 2007-10-10 20:55 6,065,664

c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-20 17:20 . 2007-07-01 00:31 2,455,488

c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-20 17:20 . 2007-07-01 00:36 991,232

c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-20 17:20 . 2007-10-10 20:55 459,264

c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-20 17:20 . 2007-10-10 20:55 383,488

c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-20 17:20 . 2007-10-10 20:55 267,776

c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-20 17:20 . 2007-10-10 20:55 63,488

c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-20 17:20 . 2007-10-10 20:55 52,224

c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-20 17:20 . 2007-10-10 07:59 13,824

c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-20 17:12 . 2008-01-20 17:12 <DIR> d

C:\Program Files\MSBuild
2008-01-20 17:08 . 2008-01-20 17:08 <DIR> d

C:\WINDOWS\system32\XPSViewer
2008-01-20 17:07 . 2008-01-20 17:07 <DIR> d

C:\Program Files\Reference Assemblies
2008-01-20 17:06 . 2008-01-20 17:06 <DIR> d

C:\Program Files\MSXML 6.0
2008-01-20 17:06 . 2006-06-29 13:07 14,048

C:\WINDOWS\system32\spmsg2.dll
2008-01-20 17:05 . 2008-01-20 17:05 <DIR> d

C:\Program Files\Windows Media Connect 2
2008-01-20 17:05 . 2004-08-04 09:00 221,184 --a

C:\WINDOWS\system32\wmpns.dll
2008-01-20 17:04 . 2008-01-22 16:38 <DIR> d

C:\WINDOWS\system32\LogFiles
2008-01-20 16:57 . 2008-01-20 16:58 <DIR> d

C:\WINDOWS\system32\URTTemp
2008-01-20 16:52 . 2006-11-13 03:02 288,768

C:\WINDOWS\system32\rhttpaa.dll
2008-01-20 16:52 . 2006-11-13 03:02 116,736

C:\WINDOWS\system32\aaclient.dll
2008-01-20 16:52 . 2006-11-13 03:02 36,352

C:\WINDOWS\system32\tsgqec.dll
2008-01-20 16:49 . 2005-04-28 16:16 274,432 --a--c--- C:\WINDOWS\system32\dllcache\SET8F.tmp
2008-01-20 16:49 . 2005-04-27 21:12 245,248 --a--c--- C:\WINDOWS\system32\dllcache\SET8D.tmp
2008-01-20 16:49 . 2005-04-28 16:16 215,552 --a--c--- C:\WINDOWS\system32\dllcache\SET8C.tmp
2008-01-20 16:49 . 2005-04-28 16:16 193,024 --a--c--- C:\WINDOWS\system32\dllcache\SET8B.tmp
2008-01-20 16:49 . 2005-04-28 16:16 133,120 --a--c--- C:\WINDOWS\system32\dllcache\SET91.tmp
2008-01-20 16:49 . 2005-04-27 21:12 103,424 --a--c--- C:\WINDOWS\system32\dllcache\SET8E.tmp
2008-01-20 16:49 . 2005-04-28 16:16 19,968 --a--c--- C:\WINDOWS\system32\dllcache\SET90.tmp
2008-01-20 16:46 . 2008-01-20 16:46 <DIR> d

C:\Program Files\ZoneAlarmSB
2008-01-20 16:44 . 2008-01-20 16:44 <DIR> d

C:\Program Files\Zone Labs
2008-01-20 16:44 . 2008-01-20 16:44 <DIR> d

C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-20 16:39 . 2008-02-02 19:43 <DIR> d

C:\WINDOWS\Internet Logs
2008-01-20 16:27 . 2008-01-20 16:29 <DIR> d

C:\Program Files\SpywareBlaster
2008-01-20 16:27 . 2005-08-25 18:19 115,920 --a

C:\WINDOWS\system32\MSINET.OCX
2008-01-20 13:49 . 2008-02-02 19:52 2,223,904 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-20 13:49 . 2008-02-02 19:50 30,836 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-20 13:49 . 2008-01-20 17:21 27,936 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-20 13:49 . 2008-01-20 17:21 3,668 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-14 20:37 . 2008-01-20 14:01 <DIR> d

C:\Program Files\Spybot - Search & Destroy
2008-01-14 20:37 . 2008-01-14 21:35 <DIR> d

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-13 15:15 . 2008-01-13 15:16 <DIR> d

C:\Program Files\Yahoo!
2008-01-13 14:46 . 2008-01-24 20:13 <DIR> d

C:\Documents and Settings\user\Application Data\LimeWire
2008-01-13 14:44 . 2008-01-21 13:29 <DIR> d

C:\Program Files\LimeWire
2008-01-13 14:32 . 2008-01-13 14:33 <DIR> d

C:\Documents and Settings\user\Application Data\Shareaza
2008-01-09 20:06 . 2008-01-20 13:58 <DIR> d

C:\Program Files\Google
2008-01-09 11:58 . 2006-11-12 11:39 483,328 --a

C:\WINDOWS\system32\actskn45.ocx
2008-01-09 10:46 . 2008-01-09 10:46 18,096 --a

C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
2008-01-07 21:24 . 2008-01-07 21:24 <DIR> d

C:\Documents and Settings\user\Application Data\Motive
2008-01-06 22:16 . 2008-01-06 22:16 <DIR> d

C:\WINDOWS\Motive
2008-01-06 22:15 . 2008-01-06 22:16 <DIR> d

C:\Program Files\Motive
2008-01-06 22:15 . 2008-01-06 22:15 <DIR> d

C:\Program Files\Aliant
2008-01-06 22:09 . 2008-01-06 22:09 <DIR> d

C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
2008-01-06 21:55 . 2007-05-29 10:20 6,345 -ra

C:\WINDOWS\system32\DevMngr.vxd
2008-01-06 21:50 . 2008-01-06 21:50 <DIR> d

C:\Documents and Settings\All Users\Application Data\Motive
2008-01-06 21:49 . 2008-01-06 22:19 <DIR> d

C:\Program Files\Common Files\Motive
2008-01-05 22:20 . 2008-01-13 15:57 <DIR> d

C:\Documents and Settings\user\Contacts
2008-01-04 12:40 . 2008-01-05 22:49 <DIR> d

C:\WINDOWS\NKCCDViewerSetting

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2080-01-04 03:12

d

w C:\Program Files\Kaspersky Lab
2080-01-04 03:10

d

w C:\Documents and Settings\user\Application Data\AVG7
2080-01-04 03:10

d

w C:\Documents and Settings\All Users\Application Data\Grisoft
2080-01-04 03:10

d

w C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-01 13:21

d

w C:\Program Files\HOTALBUMMyBOX
2008-01-20 17:01

d

w C:\Program Files\Windows Live Toolbar
2008-01-20 17:00

d

w C:\Program Files\Microsoft LifeCam
2008-01-15 00:32

d

w C:\Program Files\VideoProfessor
2008-01-14 23:09

d

w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-10 01:20

d--h--w C:\Program Files\InstallShield Installation Information
2007-12-19 05:40

d

w C:\Program Files\CASIO
2007-12-19 05:35

d

w C:\Program Files\Kodak
2007-12-19 05:32 15,172 ----a-w C:\WINDOWS\system32\drivers\PzWDM.sys
2007-12-19 05:26

d

w C:\Documents and Settings\All Users\Application Data\Kodak
2007-12-08 07:12

d

w C:\Program Files\QuickTime
2007-12-08 07:11

d

w C:\Program Files\Apple Software Update
2007-12-08 07:11

d

w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-08 07:11

d

w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-04 05:48

d

w C:\Program Files\MSXML 4.0
2007-12-03 19:06

d

w C:\Documents and Settings\All Users\Application Data\QuickTime
2007-12-02 20:16

d

w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-22 15:14 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-11-22 15:14 286,720

w C:\WINDOWS\Setup1.exe
2007-11-14 19:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-01-20 16:46 262144 --a

C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-01-20 16:46 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 13:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 14:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 14:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 14:36 114688]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-12-05 20:38 707360]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 22:48 275800]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-03 12:33:06 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 03:01:04 83360]
Net Assistant.lnk - C:\Program Files\Aliant\Net Assistant\bin\matcli.exe [2008-01-06 22:15:58 212992]

R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2007-12-19 02:32]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-04 19:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29b9c2d7-8277-11dc-8c41-b2511f218719}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 06:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2008-01-15 18:01:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-02 22:25:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 19:52:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

DLLs Loaded Under Running Processes

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll
.

Other Running Processes

.
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2008-02-02 19:54:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-02 22:54:04
.
2008-01-14 22:37:41 --- E O F ---

Trogan · February 2008

Hi, no problem about the delay.

ComboFix log is clean.

How is the computer running?

Guyute · February 2008

Hi Trogan,

Much better now... Seems to have worked. Thanks for all your help!

I wonder what the actual problem was, if it was one item, or did he have more than 1 thing going on that caused that delay?

Trogan · February 2008

He had a Vundo infection.

Cleanup step:
Click Start > Run > type: combofix /u > press OK. This will uninstall ComboFix.

Let me know if I archive this thread.

Trogan · March 2008

This topic is now closed. If you wish it reopened, please send a Private Message to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own Thread instead (grin)

Computer acting strange- sorta-new PC bogs down like a tank in quicksand

Comments