PDA

View Full Version : Massive slowdown



cmcveigh
2008-09-27, 17:23
Hi there,

Apologies, I had to go away while this was being dealt with, so the original thread was closed due to inactivity.

Original thread here http://forums.spybot.info/showthread.php?t=33983

I've followed all the instructions of your last post, kasperky online scanner report and new HJT log below.

Thursday, September 25, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, September 25, 2008 14:58:36
Records in database: 1258880


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\

Scan statistics
Files scanned 59756
Threat name 10
Infected objects 79
Suspicious objects 0
Duration of the scan 01:29:26

File name Threat name Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06040000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.fp 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\ahykdbtn.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\anbyrbmj.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\awqtiyvk.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\cijbfimo.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\ckyeaxir.dll.bac_a00532 Infected: not-a-virus:AdWare.Win32.Virtumonde.acy 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\detadjxw.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\duhduesu.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\efurqbfv.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\elfxeqie.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\enpkpnwa.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\fvbepgjx.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\gedsmpwg.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\gtnndpra.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\gxwthylt.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\hrwhfrct.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\iccbsugy.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\igvtpven.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\incualry.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\ipmwryed.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\jaxsnrsc.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\jhdgreww.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\kdywfmts.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\kjrxeaie.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\kutarren.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\mljiijh.dll.bac_a00532 Infected: Trojan.Win32.Pakes.akr 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\mqnsawkq.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\nnijsjsa.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\nsogulca.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\nwvwcmku.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\obfpelph.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\ocesqhbd.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\oonkopjc.dll.bac_a00532 Infected: Trojan-Spy.Win32.VBStat.h 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\pcelaiwm.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\phldqdep.dll.bac_a00532 Infected: not-a-virus:AdWare.Win32.Virtumonde.acy 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\qireqvkt.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\qqqxekkl.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\rarwxsrj.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\rgocsgmc.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\rjpnvihe.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\sgeerdlk.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\tdiumcia.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\thrmbakl.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\thwciied.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\tkcuogua.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\tmswihat.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\umjvepdv.dll.bac_a00532 Infected: Trojan-Spy.Win32.VBStat.h 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\usagkypw.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\vgxdccim.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\vhenoyfx.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\vnruvwcp.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\vsvmlvxf.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\wflmivtc.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\whqhgtay.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\wutwkoxr.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\xouxeoca.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\.housecall6.6\Quarantine\ymbdsqvh.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck 1

C:\Documents and Settings\nicola\Desktop\torrents\Clone Dvd 2\Clone Dvd 2.exe Infected: Trojan-Dropper.Win32.VB.oz 1

C:\qoobox\Quarantine\C\fbipukh.exe.vir Infected: Trojan-Banker.Win32.Banker.eiq 1

C:\qoobox\Quarantine\C\WINDOWS\system32\bcfwfoib.exe.vir Infected: Trojan.Win32.Agent.bck 1

C:\qoobox\Quarantine\C\WINDOWS\system32\ckyeaxir.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.acy 1

C:\qoobox\Quarantine\C\WINDOWS\system32\dimrbayy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.acy 1

C:\qoobox\Quarantine\C\WINDOWS\system32\fnmhrnsy.exe.vir Infected: Trojan.Win32.Agent.bck 1

C:\qoobox\Quarantine\C\WINDOWS\system32\fxlgcebb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.acy 1

C:\qoobox\Quarantine\C\WINDOWS\system32\fyrnxyra.exe.vir Infected: Trojan.Win32.Agent.bck 1

C:\qoobox\Quarantine\C\WINDOWS\system32\jpgjijoe.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.acy 1

C:\qoobox\Quarantine\C\WINDOWS\system32\jqmwmavg.exe.vir Infected: Trojan.Win32.Agent.bck 1

C:\qoobox\Quarantine\C\WINDOWS\system32\mljiijh.dll.vir Infected: Trojan.Win32.Pakes.akr 1

C:\qoobox\Quarantine\C\WINDOWS\system32\qhifmuat.exe.vir Infected: Trojan.Win32.Agent.bck 1

C:\qoobox\Quarantine\C\WINDOWS\system32\sxmmibwp.exe.vir Infected: Trojan.Win32.Agent.bck 1

C:\qoobox\Quarantine\C\WINDOWS\system32\tubhkjfs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.acy 1

C:\qoobox\Quarantine\C\WINDOWS\system32\vhvpusgs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.acy 1

C:\qoobox\Quarantine\C\WINDOWS\system32\xumvddgu.exe.vir Infected: Trojan.Win32.Agent.bck 1

C:\qoobox\Quarantine\C\WINDOWS\system32\yefvdrfp.exe.vir Infected: Trojan.Win32.Agent.bck 1

C:\qoobox\Quarantine\C\WINDOWS\system32\yppcwcmv.exe.vir Infected: Trojan.Win32.Agent.bck 1

C:\qoobox\Quarantine\catchme2007-10-24_202420.89.zip Infected: Trojan-Downloader.Win32.Agent.dkc 1

C:\qoobox\Quarantine\catchme2007-10-24_202420.89.zip Infected: Rootkit.Win32.Agent.eq 1

C:\qoobox\Quarantine\catchme2007-10-24_202420.89.zip Infected: not-a-virus:AdWare.Win32.Virtumonde.wi 1

C:\qoobox\Quarantine\catchme2007-10-24_202420.89.zip Infected: Trojan.Win32.Pakes.akr 1

The selected area was scanned.




of Trend Micro HijackThis v2.0.2
Scan saved at 15:23:30, on 27/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\cadix\screen saver\cssCtrl.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [srmclean] -C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] -C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [ccApp] -"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] -"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] -C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] -C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] -C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] -C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] -"C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [atwtusb] -atwtusb.exe beta
O4 - HKLM\..\Run: [PenLock] -
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] -"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Washer] c:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: CADIX Screen Saver Control.lnk = C:\cadix\screen saver\cssCtrl.exe
O4 - Startup: Quick StartUp.lnk = ?
O4 - Startup: Start.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Unknown owner - -"C:\Program Files\Symantec AntiVirus\DefWatch.exe" (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - -"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
O23 - Service: SAVRoam (SavRoam) - Unknown owner - -"C:\Program Files\Symantec AntiVirus\SavRoam.exe" (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - -C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Symantec AntiVirus - Unknown owner - -"C:\Program Files\Symantec AntiVirus\Rtvscan.exe" (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)

--
End of file - 9523 bytes

Blade81
2008-09-28, 19:16
Hi

Delete C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06040000.VBN file and items in C:\Documents and Settings\nicola\.housecall6.6\Quarantine folder.

How's the system running now?

cmcveigh
2008-10-01, 19:00
Hi

Delete C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06040000.VBN file and items in C:\Documents and Settings\nicola\.housecall6.6\Quarantine folder.

How's the system running now?

Hi there,

a slight problem, in that when I try and delete this, I get an error message telling me Explorer needs to be closed, then my pc freezes up altogether...

Blade81
2008-10-01, 20:13
Hi

Try to delete the files in safe mode (http://www.computerhope.com/issues/chsafe.htm#02). May I see a fresh hjt log, please?

cmcveigh
2008-10-06, 11:01
Hi

Try to delete the files in safe mode (http://www.computerhope.com/issues/chsafe.htm#02). May I see a fresh hjt log, please?


Hi Blade81,

I'm afraid I am still unable to delete those files, even in safe mode I get the same message: "Windows Explorer has encountered an error and needs to close..."

Then everything just freezes.

Blade81
2008-10-06, 11:13
Hi

Let's try with this. Before that defrag (http://support.microsoft.com/kb/314848) your hard drive.

Please download the OTMoveIt2 by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe).

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):



C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06040000.VBN
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\ahykdbtn.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\anbyrbmj.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\awqtiyvk.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\cijbfimo.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\ckyeaxir.dll.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\detadjxw.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\duhduesu.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\efurqbfv.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\elfxeqie.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\enpkpnwa.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\fvbepgjx.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\gedsmpwg.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\gtnndpra.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\gxwthylt.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\hrwhfrct.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\iccbsugy.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\igvtpven.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\incualry.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\ipmwryed.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\jaxsnrsc.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\jhdgreww.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\kdywfmts.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\kjrxeaie.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\kutarren.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\mljiijh.dll.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\mqnsawkq.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\nnijsjsa.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\nsogulca.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\nwvwcmku.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\obfpelph.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\ocesqhbd.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\oonkopjc.dll.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\pcelaiwm.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\phldqdep.dll.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\qireqvkt.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\qqqxekkl.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\rarwxsrj.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\rgocsgmc.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\rjpnvihe.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\sgeerdlk.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\tdiumcia.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\thrmbakl.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\thwciied.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\tkcuogua.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\tmswihat.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\umjvepdv.dll.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\usagkypw.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\vgxdccim.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\vhenoyfx.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\vnruvwcp.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\vsvmlvxf.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\wflmivtc.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\whqhgtay.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\wutwkoxr.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\xouxeoca.exe.bac_a00532
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\ymbdsqvh.exe.bac_a00532
C:\Documents and Settings\nicola\Desktop\torrents\Clone Dvd 2\Clone Dvd 2.exe


Return to OTMoveIt2, right click in the
Paste Standard List of Files/Folders to Move
window (under the light blue bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

cmcveigh
2008-10-11, 01:24
Hi Blade81:

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06040000.VBN moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\ahykdbtn.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\anbyrbmj.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\awqtiyvk.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\cijbfimo.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\ckyeaxir.dll.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\detadjxw.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\duhduesu.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\efurqbfv.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\elfxeqie.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\enpkpnwa.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\fvbepgjx.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\gedsmpwg.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\gtnndpra.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\gxwthylt.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\hrwhfrct.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\iccbsugy.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\igvtpven.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\incualry.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\ipmwryed.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\jaxsnrsc.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\jhdgreww.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\kdywfmts.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\kjrxeaie.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\kutarren.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\mljiijh.dll.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\mqnsawkq.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\nnijsjsa.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\nsogulca.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\nwvwcmku.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\obfpelph.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\ocesqhbd.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\oonkopjc.dll.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\pcelaiwm.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\phldqdep.dll.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\qireqvkt.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\qqqxekkl.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\rarwxsrj.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\rgocsgmc.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\rjpnvihe.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\sgeerdlk.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\tdiumcia.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\thrmbakl.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\thwciied.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\tkcuogua.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\tmswihat.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\umjvepdv.dll.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\usagkypw.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\vgxdccim.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\vhenoyfx.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\vnruvwcp.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\vsvmlvxf.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\wflmivtc.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\whqhgtay.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\wutwkoxr.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\xouxeoca.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\ymbdsqvh.exe.bac_a00532 moved successfully.
C:\Documents and Settings\nicola\Desktop\torrents\Clone Dvd 2\Clone Dvd 2.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10102008_232211

Blade81
2008-10-11, 10:46
Hi

Post a fresh hjt log too, please. How's the system running?

cmcveigh
2008-10-15, 21:50
Hi there,

Systems running better now, although still a bit slow at times, when browsing normally.

And I still get the error message when using windows explorer.

HJT log below, many thanks:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47:06, on 15/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\cadix\screen saver\cssCtrl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [srmclean] -C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] -C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [ccApp] -"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] -"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] -C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] -C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] -C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] -C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [atwtusb] -atwtusb.exe beta
O4 - HKLM\..\Run: [PenLock] -
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] -"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Washer] c:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: CADIX Screen Saver Control.lnk = C:\cadix\screen saver\cssCtrl.exe
O4 - Startup: Quick StartUp.lnk = ?
O4 - Startup: Start.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Unknown owner - -"C:\Program Files\Symantec AntiVirus\DefWatch.exe" (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - -"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
O23 - Service: SAVRoam (SavRoam) - Unknown owner - -"C:\Program Files\Symantec AntiVirus\SavRoam.exe" (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - -C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Symantec AntiVirus - Unknown owner - -"C:\Program Files\Symantec AntiVirus\Rtvscan.exe" (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)

--
End of file - 9844 bytes

Blade81
2008-10-16, 07:40
Hi

Did you defrag? Do you get windows explorer error on some certain situations only?

cmcveigh
2008-10-20, 16:49
Hi

Did you defrag? Do you get windows explorer error on some certain situations only?

Hi there,

When I try and defrag it tells me I haven't enough space. I'll try and free some drive space up and hopefully it will work.

The explorer error just seems to appear when I'm trying to move/delete/copy files using windows explorer.

Blade81
2008-10-20, 17:21
Hi

Hopefully defrag helps :) Could you create & attach a screenshot of one of those windows explorer errors?

Blade81
2008-10-27, 08:10
Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.