Keikonium Posted May 16, 2006 Report Share Posted May 16, 2006 (edited) I left my computer on for a few hours wile watching television with just the bare essintials running. I still received the pop ups, so I dobt it's MSN (it better not be anyway...). Task Manager is clean, as is the add/remove programs list. Program files directory is clean, as is the start menu. I have located the problem (must be just a part of the problem), just can't get rid of it.Here is a HJT log:-----------------------------------------------------------------Logfile of HijackThis v1.99.1Scan saved at 7:59:51 PM, on 15/05/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\UberIcon\UberIcon Manager.exeC:\Program Files\SpywareGuard\sgmain.exeC:\Program Files\Stardock\ObjectDock\ObjectDock.exeC:\Program Files\Styler\Styler.exeC:\Program Files\T Clock\tclock.exeC:\Program Files\SpywareGuard\sgbhp.exeD:\utorrent.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\PS Tray Factory\PSTrayFactory.exeC:\Program Files\foobar2000\foobar2000.exeC:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exeC:\DOCUME~1\Owner\LOCALS~1\Temp\Adobelm_Cleanup.0001C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeC:\DOCUME~1\Owner\LOCALS~1\Temp\Adobelm_Cleanup.0001C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\HiJack This\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostF2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exeO3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dllO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOMO4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXEO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exeO4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exeO4 - Startup: Styler.lnk = ?O4 - Startup: T Clock.lnk = C:\Program Files\T Clock\tclock.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dllO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123520839636O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146458157750O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cabO20 - AppInit_DLLs: wbsys.dll MsgPlusLoader.dllO20 - Winlogon Notify: MCPClient - C:\WINDOWS\O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO20 - Winlogon Notify: winjjq32 - C:\WINDOWS\SYSTEM32\winjjq32.dllO21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: OmniHTTPd Professional (OmniHTTPd) - Unknown owner - C:\Program Files\OmniSecure\ohttpd.exe (file missing)O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe-----------------------------------------------------------------The stuff I have bolded, I am not sure how to get rid of. The stuff I italiced I think may be an issue. And the one file I bolded and italiced I can't seem to remove (I know what it is though ).Oh, here is the file that I can't delete:I can't delete it in regular windows, I can't delete it with !Killbox. I can delete it in Safe Mode, but it regenerates when I reboot . Edited May 16, 2006 by Keikonium Link to post Share on other sites
jwbirdsong Posted May 23, 2006 Report Share Posted May 23, 2006 Not sure how or why you sat so long unhelped, but I am truly sorry..if you still need assistance please post an updated HijackThis log Link to post Share on other sites
jwbirdsong Posted June 13, 2006 Report Share Posted June 13, 2006 Inactive topic...If you still need help on this problem, contact me or one of the Moderators to re-open this up.Topic closed. Link to post Share on other sites
Recommended Posts