Tom MyBoy et al: Another 100% CPU problem

Hi,
Thanks for your help everyone, I have been sitting here for hours trying to fix this problem. I am in an online class and the homework is overdue so I am very stressed and need to get this fixed.

100% CPU Usage, freezing browser and sssllllooooowwwww.

I ran Network Associates Viruscan and it removed a trojan.
I ran AdAware.
I ran SpyBot Search and Destroy and removed a malware.
I ran BHODemon and "changed" a BHO.
I ran NoAdware and removed parasites.

It seems to be better: not much clicking and the fan is not running, but I am worried about getting back to class.

What else needs to be done, please ???

And what can be done to prevent this from happening again?

Here is the HiJack record. Please help.

Thanks. twinklesparkle

Logfile of HijackThis v1.97.7
Scan saved at 1:35:26 AM, on 10/17/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\SYSTEM32\Rpcnet.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\uuirwa.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DELL\AccessDirect\dadapp.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\DELL\AccessDirect\DadTray.exe
C:\WINNT\system32\eotqsjx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Documents and Settings\mspranza\My Documents\Virus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50032
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINNT\mxTarget.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [lynmafihqfeea] C:\WINNT\system32\eotqsjx.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [es] C:\WINNT\system32\es.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll
O16 - DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - https://conference.oracle.com/imtapp/res/jar/cnsload.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38152.4283449074
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = slzusd.k12.ca.us
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = slzusd.k12.ca.us
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = slzusd.k12.ca.us

Hi twinklesparkle,

You have several things going on in your log....

First, download this Peper trojan uninstaller:

http://downloads.subratam.org/Newuninst.exe

Double click on 'uninst.exe' and press Uninstall. Let it run and terminate. You must be on line to have this work and allow any attempts for the program to connect to internet if your firewall requests access.

Next verify your work by downloading PeperFix tool:

http://downloads.subratam.org/PeperFix.exe

Save it to your desktop, doubleclick on it, click 'Find and Fix' and let it run.

Next....

Please download and run LSPFix from here:

http://cexx.org/LSPFix.exe

On the opening screen, click "I know what I'm doing".. Check all instances of "calsp.dll" (and nothing else), and move them to the "Remove" pane. Then click Finish.

Reboot

Perform a couple of online virus scans. Choose at least two of the following sites listed.

Trend Micro Housecall
http://housecall.trendmicro.com/

Panda Active Scan
www.pandasoftware.com/activescan/activescan

Bitdefender
http://www.bitdefender.com/scan/licence.php

Please copy and paste the logs from the scans into your next post.

Next....

Please update HijackThis, you are using an outdated version:

Open HijackThis, click Config > Misc Tools > Check for Update online

Or download a copy of version 1.98.2 at:

http://www.majorgeeks.com/download3155.html

Post a fresh log with this new version.

Tom

Thank you so much, Tom!!! You are amazing!!!

Just taking a break to say that when doing the LSP-Fix, it looked as if there were 3 instances of calsp.dll which promptly changed to
msafd.dll and msvpsp.dll

Either is was or it was my lack of sleep.!!!

Be back soon!!

Thanks again

Tom,

Regarding firewall, I am using my work's laptop.

We have a firewall at work.

I installed a firewall with a wireless system on this last year but it was only strong enough for one room . Thus my firewall is gone as well.

I am assuming I do not have a firewall when I am at home now.

Can you recommend a free downloadable or any other kind of firewall?

Thanks!

twinklesparkle

24 Infected files

Was unable to cut and paste log.

Deleted 23 files.

JOKE GESCHENKA.A was unaccessible and unable to be deleted.

Incident Status Location

Virus:Trj/Iconz.A No disinfected C:\WINNT\iconz3.exe

I have noticed that one of these viruses will not let me paste what I have copied the first time and pastes something else.

I think I should have clicked on Auto Clean?

C:\Documents and Settings\dwright\Local Settings\Temporary Internet Files\Content.IE5\31KXSH9P\thnall1m[1].exe=>(ASPack 2.12): infected with Trojan.Downloader.Agent.AF
C:\Documents and Settings\mspranza\Local Settings\Temp\jkill.exe: infected with Application.ProcKill.Jk
C:\Documents and Settings\mspranza\Local Settings\Temp\randreco.exe=>(ASPack 2.12): infected with Trojan.Downloader.Agent.AF
C:\Documents and Settings\mspranza\Local Settings\Temp\thin-118-1-x-x.exe=>(ASPack 2.12): infected with Trojan.Downloader.Agent.AF
C:\Documents and Settings\mspranza\Local Settings\Temporary Internet Files\Content.IE5\GX6NODQ3\thnall1m[1].exe=>(ASPack 2.12): infected with Trojan.Downloader.Agent.AF
C:\RECYCLER\S-1-5-21-1245263740-964573601-1501187911-3092\Dc700.exe: infected with Adware.Serchentrix.A
C:\RECYCLER\S-1-5-21-1245263740-964573601-1501187911-3092\Dc751.exe: infected with Application.IBIS.Toolbar
C:\RECYCLER\S-1-5-21-1245263740-964573601-1501187911-3092\Dc752.dll: infected with Trojan.Downloader.Agent.BR
C:\RECYCLER\S-1-5-21-1245263740-964573601-1501187911-3092\Dc767.exe: infected with Application.IBIS.Toolbar
C:\RECYCLER\S-1-5-21-1245263740-964573601-1501187911-3092\Dc768.dll: infected with Adware.Look2Me.B
C:\RECYCLER\S-1-5-21-1245263740-964573601-1501187911-3092\Dc769.dll: infected with Adware.Look2Me.B
C:\RECYCLER\S-1-5-21-1245263740-964573601-1501187911-3092\Dc770.dll: infected with Adware.Look2Me.B
C:\RECYCLER\S-1-5-21-1245263740-964573601-1501187911-3092\Dc772.dll: infected with Trojan.Downloader.Agent.BR
C:\RECYCLER\S-1-5-21-1245263740-964573601-1501187911-3092\Dc773.dll: infected with Adware.Look2Me.B
C:\RECYCLER\S-1-5-21-1245263740-964573601-1501187911-3092\Dc774.dll: infected with Adware.Look2Me.B
C:\RECYCLER\S-1-5-21-1245263740-964573601-1501187911-3092\Dc776.exe: infected with Trojan.Lookme.A
C:\RECYCLER\S-1-5-21-1245263740-964573601-1501187911-3092\Dc790.exe=>(ASPack 2.12): infected with Trojan.Downloader.Agent.AF
C:\RECYCLER\S-1-5-21-1245263740-964573601-1501187911-3092\Dc795.exe: infected with Adware.Serchentrix.A
C:\RECYCLER\S-1-5-21-1245263740-964573601-1501187911-3092\Dc796.exe=>(ASPack 2.12): infected with Trojan.Downloader.Agent.AB
C:\WINNT\system32\yyabpu.dat: infected with Application.Adware.ClkOptimizer.A
C:\WINNT\system32\zzwoca.dll: infected with Application.Adware.ClkOptimizer.A
C:\WINNT\Temp\f697563.exe: infected with Application.Adware.ClkOptimizer.A
C:\WINNT\Temp\wtmp.exe: infected with Application.Adware.ClkOptimizer.A
D:\Addresses and Phone Numbers\Dreamweaver MX\JVM\lib\jaws.jar=>sunw/demo/classfile/UTF8Constant.class: bad crc
D:\Addresses and Phone Numbers\Dreamweaver MX\JVM\lib\rt.jar=>sunw/util/EventObject.class: bad crc

Logfile of HijackThis v1.98.2
Scan saved at 1:38:56 PM, on 10/18/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\SYSTEM32\Rpcnet.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\uuirwa.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DELL\AccessDirect\dadapp.exe
C:\Program Files\DELL\AccessDirect\DadTray.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\WINNT\system32\eotqsjx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\DOCUME~1\mspranza\LOCALS~1\Temp\Retrieve.exe
C:\DOCUME~1\mspranza\LOCALS~1\Temp\f29239163.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Documents and Settings\mspranza\My Documents\Virus\HijackThis.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\mspranza\LOCALS~1\Temp\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINNT\mxTarget.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [lynmafihqfeea] C:\WINNT\system32\eotqsjx.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKCU\..\Run: [es] C:\WINNT\system32\es.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - https://conference.oracle.com/imtapp/res/jar/cnsload.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = slzusd.k12.ca.us
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = slzusd.k12.ca.us
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = slzusd.k12.ca.us

Tom,

Is this computer just getting worse in between scans?

I work at an elementary school Do you think it would be better to ask the IT people here to reimage it? They get annoyed sometimes because I have them do a log of things for me.

Again, what kind of firewall should I use.

Thanks again for your help!!!!

twinklesparkle

Hi twinklesparkle,

All of the free firewalls I know of are for private use only. I am suprised your IT department doesn't have a contract with one of the popular compaines.

http://www.zonelabs.com has about the best entry level firewall.

Also, I am surprised that the Network Associates antivirus program you have running on your computer is letting all these infections in. Do you know if it is up to date and you are receiving virus definition updates regularly?

As for continuing with the removal process... yes it will take some work to remove all the infections. There are multiple virus, spyware and adware entries in your log.

It will be ultimately your choice if we continue....

Please let me know if you would like to continue. I will be happy to help.

Tom

Hi Tom,

Thanks so much for your help, i really appreciate it.

The school district is behind a firewall, but I have heard that there are viruses inside the network.
(I take my laptop home)

I called IT today and the guy said that Firewalls are to protect from hackers not viruses and was unable to recommend anything for me.

IT has ePolicy Orchestrator Agent running when I am on the Network at school for updates. It was last updated today at 11:35 am. However, you have to run the scan yourself. As I said in the first post, I ran it and it found only one virus.
I do not know if these IT guys have everything set up properly.Is there a way to check?

The guy at IT says I got these from clicking on Pop-Ups. How could this be true? I do not click on pop-ups unless it's the exit X. The toolbar pop-up blockers do not work for everything.

I would love to continue with this Tom. I have a feeling that if I reimage, the same stuff will happen again.

Thanks again and I look forward to your reply.

twinklesparkle

I have downloaded http://www.mozilla.org/products/firefox/ and with this browser am able to finally get back into my online class.

I agree, firewalls are primarily used for intruder protection. However, they also block traffic from some virus' and trojan horse programs by keeping the ports they exploit closed.

As to the existing antivirus software at school: I do not know of anyway to test their software. Common sense tells me if you had that many virus' on your machine, how good can it be?