1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

DMServerS.dll

Discussion in 'Malware and Virus Removal Archive' started by Lee M, 2008/02/16.

  1. 2008/02/16
    Lee M

    Lee M Inactive Thread Starter

    Joined:
    2008/02/16
    Messages:
    4
    Likes Received:
    0
    I have a computer with XP Home Edition SP2. Explorer.exe is using over 95% of Cpu cycles when it should be idling. This is the case even in Safe Mode. AVG virus scan keeps finding trojan in DmServers.dll. I am unable to delete this file. I downloaded and ran HijackThis and here is the log


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:46:33 PM, on 2/16/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\Program Files\D-Link\AirPlusG DWL-G122\AirPlus.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe "
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0CFEF5D5-66BB-4133-B701-2BE2156D58CF} - c:\windows\system32\dmservers.dll
    O2 - BHO: (no name) - {45619E36-F820-48A8-ADCE-F6841879AE52} - C:\WINDOWS\system32\avmetero.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe "
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe "
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
    O4 - HKUS\S-1-5-21-1260173199-2990448128-1835637949-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - S-1-5-21-1260173199-2990448128-1835637949-1007 Startup: SpamBayes Tray Icon.lnk = C:\Program Files\SpamBayes\bin\sb_tray.exe (User '?')
    O4 - Startup: SpamBayes Tray Icon.lnk = C:\Program Files\SpamBayes\bin\sb_tray.exe
    O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = C:\Program Files\D-Link\AirPlusG DWL-G122\AirPlus.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Go to Blink - {95F6242A-62E4-4756-892F-F5D5D399CA25} - C:\Program Files\Blink\home.js (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O20 - Winlogon Notify: loygxpjt - C:\WINDOWS\SYSTEM32\dmservers.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Blink Service - Blink.com, Inc. - C:\Program Files\Blink\blink.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    --
    End of file - 6465 bytes

    Here is the DSS scan

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Unable to create WMI object.

    Architecture: X86; Language: English

    Percentage of Memory in Use: 46%
    Physical Memory (total/avail): 509.98 MiB / 274.02 MiB
    Pagefile Memory (total/avail): 864.82 MiB / 642.81 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1960.65 MiB

    C: is Fixed (NTFS) - 52.71 GiB total, 45.95 GiB free.
    D: is Fixed (NTFS) - 18.6 GiB total, 18.54 GiB free.
    E: is CDROM (No Media)
    F: is Fixed (FAT) - 0.03 GiB total, 0.03 GiB free.


    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.

    FirstRunDisabled is set.

    Unable to create WMI object.

    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Kim\Application Data
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=TOM
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Kim
    LOGONSERVER=\\TOM
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0409
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    SESSIONNAME=Console
    SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\Kim\LOCALS~1\Temp
    TMP=C:\DOCUME~1\Kim\LOCALS~1\Temp
    USERDOMAIN=TOM
    USERNAME=Kim
    USERPROFILE=C:\Documents and Settings\Kim
    windir=C:\WINDOWS


    -- User Profiles ---------------------------------------------------------------

    Kim (admin)
    katie (admin)
    Administrator (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
    --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
    --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
    --> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
    Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
    AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
    AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
    Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
    Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
    D-Link AirPlus G DWL-G122 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D855E1D6-4987-448A-98C1-38DEDF6E9D5E}
    Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
    Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
    Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
    Dell Game Console --> "C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe "
    Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
    Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
    Documentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
    EarthLink setup files --> MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
    EducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
    ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    hp deskjet 5600 --> msiexec /x{DB5518BE-F40F-407A-B451-012625D4497B}
    Intel(R) Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
    Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
    Intel(R) PROSet for Wired Connections --> MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
    Internet Service Offers Launcher --> MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
    Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
    Learn to Speak Spanish 7.0 --> C:\PROGRA~1\LSSE7\UNWISE.EXE C:\PROGRA~1\LSSE7\INSTALL.LOG
    Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
    LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
    MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
    Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
    Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
    Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
    MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
    Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
    QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
    QuickTime 3.0 --> C:\WINDOWS\uninst.exe -f "C:\Program Files\QuickTime\DeIsL1.isu" -c "C:\WINDOWS\system32\QTUninst.dll
    RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
    Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
    Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
    SCRABBLE --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA\Uninstall.exe "
    Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe "
    Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
    Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
    SpamBayes 1.0.4 --> "C:\Program Files\SpamBayes\unins000.exe "
    The Weather Channel Desktop --> C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
    Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
    Weather Services --> C:\WINDOWS\system32\control.exe C:\PROGRA~1\THEWEA~1\Framework\wxfw.cpl,4
    WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4 "
    WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
    WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
    Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
    Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type3279 / Warning
    Event Submitted/Written: 02/15/2008 05:33:47 AM
    Event ID/Source: 1524 / Userenv
    Event Description:
    Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

    Event Record #/Type3224 / Error
    Event Submitted/Written: 02/12/2008 07:02:57 PM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application OUTLOOK.EXE, version 11.0.5510.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Event Record #/Type3223 / Error
    Event Submitted/Written: 02/12/2008 07:00:14 PM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application OUTLOOK.EXE, version 11.0.5510.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Event Record #/Type3196 / Error
    Event Submitted/Written: 02/12/2008 05:58:42 PM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application rundll32.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Event Record #/Type3159 / Error
    Event Submitted/Written: 02/12/2008 05:56:09 AM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application OUTLOOK.EXE, version 11.0.5510.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type37949 / Error
    Event Submitted/Written: 02/16/2008 02:38:43 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    DCOM got error "%%1053" attempting to start the service winmgmt with arguments " "
    in order to run the server:
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}

    Event Record #/Type37948 / Error
    Event Submitted/Written: 02/16/2008 02:38:43 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    DCOM got error "%%1053" attempting to start the service winmgmt with arguments " "
    in order to run the server:
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}

    Event Record #/Type37947 / Error
    Event Submitted/Written: 02/16/2008 02:35:00 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    DCOM got error "%%1053" attempting to start the service winmgmt with arguments " "
    in order to run the server:
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}

    Event Record #/Type37946 / Error
    Event Submitted/Written: 02/16/2008 02:34:57 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    DCOM got error "%%1053" attempting to start the service winmgmt with arguments " "
    in order to run the server:
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}

    Event Record #/Type37945 / Error
    Event Submitted/Written: 02/16/2008 02:34:37 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    DCOM got error "%%1053" attempting to start the service winmgmt with arguments " "
    in order to run the server:
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}



    -- End of Deckard's System Scanner: finished at 2008-02-16 14:41:29 ------------


    Does anyone have any advice?
     
    Last edited: 2008/02/16
    Lee M,
    #1
  2. 2008/02/16
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Lee M
    Welcome to Windowsbbs :)

    Please do the following

    Download ComboFix from [color= "Red"]Here[/color] to your Desktop.
    It's best to disable realtime protection applications as they sometimes interfere with the tool. Check this link for any applicable programs you may have.
    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • Vista users right click Combofix.exe and select Run As Administrator.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall


    Please also post the main txt of the dss log you have.

    Did you knowingly install Blink?

    Please post the logs and answer the question.

    Thanks
    Geri
     
    Geri,
    #2


  3. to hide this advert.

  4. 2008/02/17
    Lee M

    Lee M Inactive Thread Starter

    Joined:
    2008/02/16
    Messages:
    4
    Likes Received:
    0
    No, we didn't knowingly install Blink
    Here is the Main.txt from the DSS scan, the ComboFix log






    *********************************
    *********************************
    DSS scan
    *********************************
    *********************************
    Deckard's System Scanner v20071014.68
    Run by Kim on 2008-02-16 15:50:25
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    Total Physical Memory: 510 MiB (512 MiB recommended).


    -- HijackThis (run as Kim.exe) -------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:52:00 PM, on 2/16/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
    C:\Program Files\D-Link\AirPlusG DWL-G122\AirPlus.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Documents and Settings\Kim\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Kim.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe "
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0CFEF5D5-66BB-4133-B701-2BE2156D58CF} - c:\windows\system32\dmservers.dll
    O2 - BHO: (no name) - {45619E36-F820-48A8-ADCE-F6841879AE52} - C:\WINDOWS\system32\avmetero.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe "
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe "
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
    O4 - HKUS\S-1-5-21-1260173199-2990448128-1835637949-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - S-1-5-21-1260173199-2990448128-1835637949-1007 Startup: SpamBayes Tray Icon.lnk = C:\Program Files\SpamBayes\bin\sb_tray.exe (User '?')
    O4 - Startup: SpamBayes Tray Icon.lnk = C:\Program Files\SpamBayes\bin\sb_tray.exe
    O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = C:\Program Files\D-Link\AirPlusG DWL-G122\AirPlus.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Go to Blink - {95F6242A-62E4-4756-892F-F5D5D399CA25} - C:\Program Files\Blink\home.js (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O20 - Winlogon Notify: loygxpjt - C:\WINDOWS\SYSTEM32\dmservers.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Blink Service - Blink.com, Inc. - C:\Program Files\Blink\blink.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    --
    End of file - 5940 bytes

    -- Files created between 2008-01-16 and 2008-02-16 -----------------------------

    2008-02-16 15:38:04 0 d-------- C:\WINDOWS\LastGood
    2008-02-16 13:46:05 0 d-------- C:\Program Files\Trend Micro
    2008-02-11 21:40:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
    2008-02-11 21:36:38 0 d--h----- C:\Documents and Settings\Administrator\Templates
    2008-02-11 21:36:38 0 dr------- C:\Documents and Settings\Administrator\Start Menu
    2008-02-11 21:36:38 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
    2008-02-11 21:36:38 0 dr-h----- C:\Documents and Settings\Administrator\Recent
    2008-02-11 21:36:38 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
    2008-02-11 21:36:38 0 d--h----- C:\Documents and Settings\Administrator\NetHood
    2008-02-11 21:36:38 0 dr------- C:\Documents and Settings\Administrator\My Documents
    2008-02-11 21:36:38 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
    2008-02-11 21:36:38 0 dr------- C:\Documents and Settings\Administrator\Favorites
    2008-02-11 21:36:38 0 d-------- C:\Documents and Settings\Administrator\Desktop
    2008-02-11 21:36:38 0 d---s---- C:\Documents and Settings\Administrator\Cookies
    2008-02-11 21:36:38 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
    2008-02-11 21:36:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
    2008-02-11 21:36:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
    2008-02-11 21:36:38 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
    2008-02-11 21:36:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
    2008-02-11 21:36:37 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
    2008-02-01 16:38:10 0 d-------- C:\Documents and Settings\katie\Application Data\AdobeUM
    2008-02-01 16:37:54 0 d-------- C:\Documents and Settings\katie\Application Data\Adobe
    2008-01-26 13:51:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Dell


    -- Find3M Report ---------------------------------------------------------------

    2008-02-16 15:38:08 0 d-------- C:\Program Files\Online Services
    2008-02-16 09:03:15 0 d-------- C:\Documents and Settings\Kim\Application Data\AVG7
    2008-02-11 18:49:36 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-02-11 18:37:16 0 d-------- C:\Program Files\Blink
    2008-02-10 14:27:46 0 d-------- C:\Documents and Settings\Kim\Application Data\AdobeUM
    2008-02-04 17:19:18 5278 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
    2008-02-04 17:19:18 56 -r-hs---- C:\WINDOWS\system32\19348B8657.sys
    2008-01-04 00:10:02 120576 --a------ C:\WINDOWS\system32\mlbynodr.dat
    2008-01-04 00:02:26 20992 --a------ C:\WINDOWS\system32\~.exe
    2007-12-02 14:14:03 88 -r-hs---- C:\WINDOWS\system32\57868B3419.sys


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CFEF5D5-66BB-4133-B701-2BE2156D58CF}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45619E36-F820-48A8-ADCE-F6841879AE52}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP "= "C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 06:42 PM]
    "IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [04/05/2005 06:22 PM]
    "HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [04/05/2005 06:19 PM]
    "Persistence "= "C:\WINDOWS\system32\igfxpers.exe" [04/05/2005 06:23 PM]
    "DLA "= "C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 04:20 AM]
    "HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [10/23/2003 06:51 PM]
    "HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [01/13/2006 01:14 AM]
    "AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/22/2007 09:02 AM]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [05/20/2006 10:00 AM]
    "MSKDetectorExe "= "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [11/07/2006 01:49 PM]
    "ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 09:44 AM]
    "ISUSPM Startup "= "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 09:44 AM]
    "HP Software Update "= "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [06/25/2003 10:24 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 10:24 AM]
    "DW4 "= "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [03/16/2007 06:51 AM]

    C:\Documents and Settings\Kim\Start Menu\Programs\Startup\
    SpamBayes Tray Icon.lnk - C:\Program Files\SpamBayes\bin\sb_tray.exe [3/23/2005 4:08:44 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    D-Link AirPlus G Wireless Utility.lnk - C:\Program Files\D-Link\AirPlusG DWL-G122\AirPlus.exe [10/4/2005 4:23:04 PM]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [5/20/2006 9:56:47 AM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loygxpjt]
    dmservers.dll 08/04/2004 04:00 AM 83968 C:\WINDOWS\system32\dmservers.dll

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    mpaweimo


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1f286e4-e53e-11db-a9a5-0015e9108ebe}]
    AutoRun\command- F:\setupSNK.exe




    -- End of Deckard's System Scanner: finished at 2008-02-16 16:00:34 ------------


    *********************************
    *********************************
    ComboFix
    *********************************
    *********************************

    ComboFix 08-02-17.2 - Kim 2008-02-17 6:08:26.1 - NTFSx86

    Running from: C:\Documents and Settings\Kim\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\~.exe
    C:\WINDOWS\system32\avmetero.dll . . . . failed to delete
    C:\WINDOWS\system32\dmservers.dll . . . . failed to delete
    C:\WINDOWS\system32\drivers\bvxqokll.dat . . . . failed to delete
    C:\WINDOWS\Tasks.\At1.job
    C:\WINDOWS\system32\avmetero.dll . . . . failed to delete
    C:\WINDOWS\system32\dmservers.dll . . . . failed to delete
    C:\WINDOWS\system32\drivers\bvxqokll.dat . . . . failed to delete

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_IGWVKVAY
    -------\LEGACY_MPAWEIMO
    -------\igwvkvay
    -------\mpaweimo


    ((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
    .

    2008-02-16 14:22 . 2008-02-16 14:22 <DIR> d-------- C:\Deckard
    2008-02-16 13:46 . 2008-02-16 13:46 <DIR> d-------- C:\Program Files\Trend Micro
    2008-02-11 21:40 . 2008-02-14 20:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
    2008-02-11 21:36 . 2006-05-20 10:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
    2008-02-01 16:38 . 2008-02-01 16:38 <DIR> d-------- C:\Documents and Settings\katie\Application Data\AdobeUM
    2008-01-26 13:51 . 2008-01-26 13:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-16 23:14 --------- d-----w C:\Documents and Settings\Kim\Application Data\AVG7
    2008-02-15 03:11 --------- d-----w C:\Documents and Settings\katie\Application Data\AVG7
    2008-02-12 02:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
    2008-02-12 00:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-12 00:37 --------- d-----w C:\Program Files\Blink
    2008-02-12 00:06 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-02-10 20:27 --------- d-----w C:\Documents and Settings\Kim\Application Data\AdobeUM
    2008-01-29 00:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
    2008-01-15 08:38 --------- d-----w C:\Documents and Settings\katie\Application Data\alot
    2008-01-04 06:03 19,584 ----a-w C:\WINDOWS\system32\drivers\bvxqokll.dat
    2005-07-29 00:19 237,056 ----a-w C:\WINDOWS\inf\DWL-G122\USB55N50.sys
    2005-07-29 00:19 236,928 ----a-w C:\WINDOWS\inf\DWL-G122\USB55N51.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
    "DW4 "= "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 06:51 715888]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP "= "C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 18:42 1404928]
    "IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 18:22 94208]
    "HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 18:19 77824]
    "Persistence "= "C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 18:23 114688]
    "DLA "= "C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 04:20 122940]
    "HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 18:51 233472]
    "HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-13 01:14 188416]
    "AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-22 09:02 579072]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2006-05-20 10:00 98304]
    "MSKDetectorExe "= "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 13:49 1121280]
    "ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
    "ISUSPM Startup "= "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]
    "HP Software Update "= "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 10:24 49152]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run "= "C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 08:43 219136]

    C:\Documents and Settings\Kim\Start Menu\Programs\Startup\
    SpamBayes Tray Icon.lnk - C:\Program Files\SpamBayes\bin\sb_tray.exe [2005-03-23 16:08:44 45056]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    D-Link AirPlus G Wireless Utility.lnk - C:\Program Files\D-Link\AirPlusG DWL-G122\AirPlus.exe [2005-10-04 16:23:04 389120]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-20 09:56:47 24576]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
    appsecdll REG_EXPAND_SZ C:\WINDOWS\system32\AppCert\wsil32.dll


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1f286e4-e53e-11db-a9a5-0015e9108ebe}]
    \Shell\AutoRun\command - F:\setupSNK.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-02-09 00:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (TOM-Thomas).job "
    - c:\program files\mcafee.com\vso\mcmnhdlr.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-17 06:20:26
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\wdfmgr.exe
    .
    **************************************************************************
    .
    Completion time: 2008-02-17 6:24:53 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-17 12:24:42
    .
    2008-01-09 09:00:46 --- E O F ---

    *********************************
    *********************************
    HijackThis
    *********************************
    *********************************

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:39:20 AM, on 2/17/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
    C:\Program Files\D-Link\AirPlusG DWL-G122\AirPlus.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe "
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe "
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe "
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
    O4 - HKUS\S-1-5-21-1260173199-2990448128-1835637949-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - S-1-5-21-1260173199-2990448128-1835637949-1007 Startup: SpamBayes Tray Icon.lnk = C:\Program Files\SpamBayes\bin\sb_tray.exe (User '?')
    O4 - Startup: SpamBayes Tray Icon.lnk = C:\Program Files\SpamBayes\bin\sb_tray.exe
    O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = C:\Program Files\D-Link\AirPlusG DWL-G122\AirPlus.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Go to Blink - {95F6242A-62E4-4756-892F-F5D5D399CA25} - C:\Program Files\Blink\home.js (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Blink Service - Blink.com, Inc. - C:\Program Files\Blink\blink.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    --
    End of file - 5646 bytes
     
    Lee M,
    #3
  5. 2008/02/17
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Lee M
    Lets try this again, I never seen Combofix fail to delete so many files??

    Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

    Blink

    Please note any other programs that you dont recognize in that list and post them in your next response


    Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
    Click here to see how to use CFScript.txt
    Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    Code:
    File::
C:\WINDOWS\system32\avmetero.dll 
C:\WINDOWS\system32\dmservers.dll
C:\WINDOWS\system32\19348B8657.sys
C:\WINDOWS\system32\57868B3419.sys
C:\WINDOWS\system32\AppCert\wsil32.dll

Folder::
C:\Program Files\Blink

Driver::
C:\WINDOWS\system32\drivers\bvxqokll.dat

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CFEF5D5-66BB-4133-B701-2BE2156D58CF}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45619E36-F820-48A8-ADCE-F6841879AE52}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loygxpjt] 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
 "appsecdll "=-
    Please post the log it produces.

    Thanks
    Geri
     
    Geri,
    #4
  6. 2008/02/17
    Lee M

    Lee M Inactive Thread Starter

    Joined:
    2008/02/16
    Messages:
    4
    Likes Received:
    0
    Geri
    I Removed as many programs as I could in Control Panel and then dropped the script you wrote onto ComboFix. After the computer rebooted the CPU useage is back down to Zero instead of being pegged at 100%! Thank you very much!
    Here is the ComboFix log:

    ComboFix 08-02-17.2 - Kim 2008-02-17 12:54:38.3 - NTFSx86

    Running from: C:\Documents and Settings\Kim\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Kim\Desktop\CFScript.txt

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    C:\WINDOWS\system32\19348B8657.sys
    C:\WINDOWS\system32\57868B3419.sys
    C:\WINDOWS\system32\AppCert\wsil32.dll
    C:\WINDOWS\system32\avmetero.dll
    C:\WINDOWS\system32\dmservers.dll
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\avmetero.dll
    C:\WINDOWS\system32\dmservers.dll
    C:\Program Files\Blink
    C:\Program Files\Blink\blink.exe
    C:\WINDOWS\system32\19348B8657.sys
    C:\WINDOWS\system32\57868B3419.sys
    C:\WINDOWS\system32\AppCert\wsil32.dll
    C:\WINDOWS\system32\avmetero.dll
    C:\WINDOWS\system32\dmservers.dll

    .
    ((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
    .

    2008-02-17 11:15 . 2008-02-17 11:15 <DIR> d-------- C:\Deckard
    2008-02-16 13:46 . 2008-02-16 13:46 <DIR> d-------- C:\Program Files\Trend Micro
    2008-02-11 21:40 . 2008-02-14 20:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
    2008-02-11 21:36 . 2006-05-20 10:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
    2008-02-01 16:38 . 2008-02-01 16:38 <DIR> d-------- C:\Documents and Settings\katie\Application Data\AdobeUM
    2008-01-26 13:51 . 2008-01-26 13:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-17 18:28 --------- d-----w C:\Program Files\WildTangent
    2008-02-17 17:32 --------- d-----w C:\Documents and Settings\Kim\Application Data\AVG7
    2008-02-15 03:11 --------- d-----w C:\Documents and Settings\katie\Application Data\AVG7
    2008-02-12 02:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
    2008-02-12 00:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-12 00:06 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-02-10 20:27 --------- d-----w C:\Documents and Settings\Kim\Application Data\AdobeUM
    2008-01-29 00:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
    2008-01-15 08:38 --------- d-----w C:\Documents and Settings\katie\Application Data\alot
    2008-01-04 06:03 19,584 ----a-w C:\WINDOWS\system32\drivers\bvxqokll.dat
    2005-07-29 00:19 237,056 ----a-w C:\WINDOWS\inf\DWL-G122\USB55N50.sys
    2005-07-29 00:19 236,928 ----a-w C:\WINDOWS\inf\DWL-G122\USB55N51.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
    "DW4 "= "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 06:51 715888]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP "= "C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 18:42 1404928]
    "IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 18:22 94208]
    "HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 18:19 77824]
    "Persistence "= "C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 18:23 114688]
    "DLA "= "C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 04:20 122940]
    "HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 18:51 233472]
    "HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-13 01:14 188416]
    "AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-22 09:02 579072]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2006-05-20 10:00 98304]
    "MSKDetectorExe "= "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 13:49 1121280]
    "ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
    "ISUSPM Startup "= "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]
    "HP Software Update "= "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 10:24 49152]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run "= "C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 08:43 219136]

    C:\Documents and Settings\Kim\Start Menu\Programs\Startup\
    SpamBayes Tray Icon.lnk - C:\Program Files\SpamBayes\bin\sb_tray.exe [2005-03-23 16:08:44 45056]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    D-Link AirPlus G Wireless Utility.lnk - C:\Program Files\D-Link\AirPlusG DWL-G122\AirPlus.exe [2005-10-04 16:23:04 389120]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-20 09:56:47 24576]


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

    mpaweimo

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1f286e4-e53e-11db-a9a5-0015e9108ebe}]
    \Shell\AutoRun\command - F:\setupSNK.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-02-09 00:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (TOM-Thomas).job "
    - c:\program files\mcafee.com\vso\mcmnhdlr.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-17 12:56:46
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\wdfmgr.exe
    .
    **************************************************************************
    .
    Completion time: 2008-02-17 12:58:22 - machine was rebooted [Kim]
    ComboFix-quarantined-files.txt 2008-02-17 18:58:07
    ComboFix2.txt 2008-02-17 18:42:22
    ComboFix3.txt 2008-02-17 12:24:56
    .
    2008-01-09 09:00:46 --- E O F ---
     
    Lee M,
    #5
  7. 2008/02/17
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Lee M
    OK good to hear, need to do another thing though.

    First, we need to backup your registry:
    Please go to Start > Run
    Paste in the following line:
    • regedit /e c:\registrybackup.reg
    Click OK.
    It won't appear to be doing anything, that's normal.
    Your mouse pointer may turn to an hour glass for a minute.
    Please continue when it no longer has the hour glass.


    Open "NotePad" Copy the contents of the quote box below to the blank NotePad.
    Click "File" > "Save as "
    In the "Save In" box at the top click the down arrow and select DeskTop

    In the "File name" type in: fix.reg
    In the "Save As Type" select: All Files
    Once saved, Go to your desktop double click "fix.reg file" and let it merge with the registry.

    Code:
    REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs]
mpaweimo=-

    Download ATF Cleaner by Atribune and save it to your Desktop.
    This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
    Double click ATF-Cleaner.exe to run the program.
    Check the boxes to the left of:

    Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Prefetch
    Java Cache
    Recycle bin

    The rest are optional - if you want it to remove everything check "Select All ".
    Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.


    Then lets get a on-line scan.
    Please do an online scan with Kaspersky WebScanner

    Click on "Accept" If your pop "“up blocker blocks the ActiveX download, allow it, click on "Accept" again

    You will be promted to install an ActiveX component from Kaspersky, Click Yes or Install.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives
        Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This will start the program and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.
    • Copy and paste that information in your next post.

    Please post the Kaspersky log.

    Thanks
    Geri
     
    Geri,
    #6
  8. 2008/02/17
    Lee M

    Lee M Inactive Thread Starter

    Joined:
    2008/02/16
    Messages:
    4
    Likes Received:
    0
    Geri

    OK, but first I need to get my wireless connection working, so I can get to the 'net. I've been moving files back and forth with a JumpDrive.

    Lee
     
    Lee M,
    #7

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...