View Full Version : ok, I definately need help
newtazewell
2009-06-07, 20:46
IE 7 on win xp sp2 was loading way too slow. Updated to ie8 and sp3, didn't help. Tried new spyware and virus programs.... again no help. It did find about 5-6 trojans and worms.. each new prog. I added found something. I did the system restore twice, last time back 1 month,but still no help. I also did the ie reset, same result. Takes 5 min's to load. Updated spybot and found 7 more trojans??? still ie is slow. Here's my HJT file. Someone help......:confused:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:49:25 AM, on 6/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\anti spy and others\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Grogg\Desktop\spyware and other programs\hi jack this and related\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.f-secure.com/enu/home/
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [CARPService] "carpserv.exe"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] "C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cmaudio] "RunDll32" cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LoadPowerProfile] "Rundll32.exe" powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [LXCECATS] "rundll32" C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [ParetoLogic Anti-Spyware] "C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" -NM -hidesplash
O4 - HKCU\..\Run: [DriverCure] "C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe" -scan
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Global Startup: Enable Wireless Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133004748703
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://www.directv.direcway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\anti spy and others\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LXCECustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEserv.exe
O23 - Service: lxce_device - - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: NProtectService - Unknown owner - (no file)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Games\Grogg\sis\SiSoftware Sandra Professional Business XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Games\Grogg\sis\SiSoftware Sandra Professional Business XII.SP1\RpcSandraSrv.exe
O23 - Service: SNDSrvc - Acronis - (no file)
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - (no file)
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
--
End of file - 14687 bytes
little eagle
2009-06-08, 04:29
Download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location and post it here. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
--------------------------------
I'd also like to see an Uninstall List.
Open up HijackThis.
Click on Open the Misc Tools section button
Click on Open Uninstall Manager
Click on Save
A notepad document will open with a list of your installed programs.
Please copy that into your reply.
newtazewell
2009-06-08, 22:53
didn't help.. here's the other stuff. Thank you for helping me.
HJT uninstall
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Ad-Aware 2007
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Product/Adobe Studio Update 10/2001
Adobe Reader 8.1.4
Adobe Shockwave Player 11.5
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Display Driver
ATI HYDRAVISION
ATI Parental Control & Encoder
ATI Problem Report Wizard
Avanquest update
avast! Antivirus
CC_ccStart
CCC
ccCommon
C-Media 3D Audio
CoffeeCup Visual Site Designer Software
Comanche 4
Critical Update for Windows Media Player 11 (KB959772)
Dealio Toolbar
Delta Force - Black Hawk Down
Delta Force Black Hawk Down Demo
DOOM Collector's Edition
Driver Detective
EAX Unified
EAX(tm) Unified (SHELL)
ERUNT 1.1j
Far Cry
Far Cry 2
FEARCombat
Futuremark SystemInfo
GameSpy Arcade
Grand Theft Auto - Vice City
GTA San Andreas
GUN (TM)
Heretic II
HijackThis 2.0.2
Honda EPC Motorcycles
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hoyle Card Games 4
HP PrecisionScan Pro
HP Scan-to-Web Wizard
InterVideo XPack (Combo)
iTunes
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
KoolMoves 6.2.0
Lernout & Hauspie TruVoice American English TTS Engine
Lexmark 4300 Series
Lexmark Fax Solutions
LimeWire 5.1.1
Macromedia Flash Player
Malwarebytes' Anti-Malware
Media Library Management Wizard
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Motocross Madness 2
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
MONOPOLY HERE & NOW EDITION
Motherboard Monitor 5.0
Moto Racer
Motorola Driver Installation 3.2.0
Motorola Phone Tools
Motorola Software Update
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
MP3 Player
MSN Messenger 6.2
MSN Music Assistant
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MySpaceIM
No One Lives Forever 2
NVIDIA Display Driver
Nvu 1.0
ParetoLogic Anti-Spyware
ParetoLogic Data Recovery
ParetoLogic DriverCure
ParetoLogic Privacy Controls
PartyPokerNet
Personal License Update Wizard for Windows Media Player
Photo Explosion SE 2.0
Photo Recovery Genius 1.2
Photo Story 3 for Windows
Picture Package
Pixtra OmniStitcher
Planescape - Torment
Plus! MP3 Audio Converter LE
PunkBuster Services
QuickBooks Basic Edition 2004
QuickTime
RealArcade
RealPlayer
RegCure 1.5.2.7
Rock Manager
Roll
Samsung USB Driver (MCCI 4.34) WHQL v3.4
Seagate*DiscWizard
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Sentinel System Driver
Serif PhotoPlus 6.0
SiSoftware Sandra 2002 Standard
SiSoftware Sandra Professional Business XII.SP1
Soldier of Fortune
Sony USB Driver
Soulbringer
Spy Sweeper
Spy Sweeper Core
Spybot - Search & Destroy
SpywareBlaster 4.2
Sqirlz Morph
Switch
SymNet
The Game Of Mah Jong v1.1
Tomb Raider Chronicles
Trijong
TweakNow PowerPack Professional
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Outlook 2007 Junk Email Filter (kb968503)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Uru - Ages Beyond Myst
Virtual Earth 3D (Beta)
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Live installer
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Media Bonus Pack for Windows XP
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows Support Tools
Windows XP Service Pack 3
Windows XP Uninstall
WinRAR archiver
Wireless Keyboard and Mouse
WordPerfect Office 11
Xfire (remove only)
Yahoo! Browser Services
Yahoo! Messenger
Malwarebytes' Anti-Malware 1.37
Database version: 2249
Windows 5.1.2600 Service Pack 3
6/8/2009 2:34:04 PM
mbam-log-2009-06-08 (14-34-04).txt
Scan type: Full Scan (C:\|)
Objects scanned: 321433
Time elapsed: 56 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\emlkdvo.bqxd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pwnbho.video (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4aac4708-fe47-4b80-92ef-47406444ddd2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{4aac4708-fe47-4b80-92ef-47406444ddd2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c2de4340-cb68-450f-90cd-9be1a26739d7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\emotrlq.bxwq (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\emotrlq.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\SYSTEM32\AtlBrowser.exe (Dialer) -> Quarantined and deleted successfully.
c:\program files\motorola phone tools\MPT_TEST_Info.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Grogg\local settings\temporary internet files\chpwim2210wxp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
little eagle
2009-06-09, 03:34
Be sure to keep SunJava, updated the new version is 6.0 update 14
In Add/Remove programs click on these and press *remove*
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
It is important to remove older versions as these are the ones with the holes in them.
Download Newest >>>> http://www.java.com/en/download/index.jsp
Once installed you can test to see that it is in fact installed >>>>
Sun Java Test (http://www.java.com/en/download/installed.jsp)
--------------------------------------
Then download ComboFix from one of these locations:
Link 1 (http://subs.geekstogo.com/ComboFix.exe)
Link 2 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 3 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)
Double click on ComboFix.exe & follow the prompts.
Note: Combofix will run without the Recovery Console installed.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
"copy/paste" a new HijackThis log file into this thread as well.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Give it atleast 20-30 minutes to finish if needed.
Also please describe how your computer behaves at the moment.
newtazewell
2009-06-09, 05:20
thanks for your patience and I really appriciate your help. It still take 2 1/2 min for ie to load. Better than the 5 before.
here are the other files you asked for.
ComboFix 09-06-08.02 - Grogg 06/08/2009 20:52.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1484 [GMT -5:00]
Running from: c:\documents and settings\Grogg\Desktop\spyware and other programs\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090608-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Grogg\Local Settings\Temporary Internet Files\v8301011.zip
c:\windows\search_res.txt
c:\windows\system32\tmp.reg
c:\windows\system32\Ultra.dll
c:\windows\Web\default.htt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WKSPATCH
((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 )))))))))))))))))))))))))))))))
.
2009-06-09 01:22 . 2009-06-09 01:22 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-09 01:21 . 2009-06-09 01:21 152576 ----a-w- c:\documents and settings\Grogg\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-08 17:54 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-08 17:54 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-08 17:53 . 2009-06-08 17:53 -------- d-----w- c:\documents and settings\Grogg\Application Data\Malwarebytes
2009-06-08 17:53 . 2009-06-08 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-07 16:59 . 2009-06-07 16:59 -------- d-----w- C:\Intel
2009-06-07 13:14 . 2009-06-07 13:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-07 13:02 . 2009-06-07 13:02 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-06-07 12:56 . 2009-06-07 12:57 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-06-07 12:56 . 2009-06-07 12:57 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-06-07 12:11 . 2009-06-07 12:11 111304 ----a-w- c:\documents and settings\Administrator.RE.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-07 12:07 . 2009-06-07 12:07 -------- d-sh--w- c:\documents and settings\Administrator.RE.000\PrivacIE
2009-06-07 12:06 . 2009-06-07 12:06 -------- d-sh--w- c:\documents and settings\Administrator.RE.000\IETldCache
2009-06-07 03:29 . 2009-06-07 03:29 -------- d-----w- c:\program files\ERUNT
2009-06-07 01:55 . 2009-06-07 01:55 -------- d-sh--w- c:\documents and settings\Steph\PrivacIE
2009-06-07 01:51 . 2009-06-07 01:51 -------- d-----w- c:\documents and settings\Steph\Application Data\Webroot
2009-06-07 01:49 . 2009-06-07 01:49 -------- d-sh--w- c:\documents and settings\Steph\IETldCache
2009-06-07 01:32 . 2009-06-07 01:32 -------- d-----w- c:\documents and settings\Grogg\Local Settings\Application Data\Apple
2009-06-07 00:49 . 2009-06-07 00:49 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-07 00:08 . 2007-02-22 23:32 344064 ----a-w- c:\windows\system32\lxcecoin.dll
2009-06-07 00:08 . 2007-03-05 10:00 421888 ----a-w- c:\windows\system32\lxcedrs.dll
2009-06-07 00:08 . 2005-02-24 22:23 61440 ----a-w- c:\windows\system32\lxcecnv4.dll
2009-06-07 00:08 . 2007-01-30 15:35 274432 ----a-w- c:\windows\system32\lxceinst.dll
2009-06-07 00:08 . 2007-01-30 15:35 397312 ----a-w- c:\windows\system32\lxceiesc.dll
2009-06-07 00:08 . 2007-01-30 15:22 413696 ----a-w- c:\windows\system32\lxceinpa.dll
2009-06-07 00:08 . 2007-01-30 15:18 323584 ----a-w- c:\windows\system32\lxcehcp.dll
2009-06-06 23:30 . 2009-06-06 23:30 -------- d-----w- c:\documents and settings\Grogg\Application Data\DriverCure
2009-06-06 23:20 . 2009-06-06 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2009-06-06 23:17 . 2009-06-06 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-06-06 23:15 . 2009-06-06 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-06-06 23:15 . 2009-06-06 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Cached Installations
2009-06-06 23:15 . 2009-06-06 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Spyware
2009-06-06 23:15 . 2009-06-06 23:15 -------- d-----w- c:\program files\ParetoLogic
2009-06-06 23:15 . 2009-06-06 23:15 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-06-06 22:34 . 2009-06-06 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-06-06 22:07 . 2009-06-06 22:07 9158 ----a-r- c:\documents and settings\Grogg\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2009-06-06 22:07 . 2009-06-06 22:07 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-06-06 22:06 . 2009-03-18 02:05 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-06-06 22:06 . 2009-03-16 20:17 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2009-06-06 22:05 . 2009-03-16 20:27 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-06-06 22:05 . 2008-01-10 02:35 887724 ----a-r- c:\windows\system32\ativva6x.dat
2009-06-06 22:05 . 2008-01-10 02:35 3107788 ----a-r- c:\windows\system32\ativva5x.dat
2009-06-06 22:05 . 2009-02-23 21:39 184394 ----a-w- c:\windows\system32\atiicdxx.dat
2009-06-06 22:05 . 2008-01-10 02:35 3107788 ----a-r- c:\windows\system32\ativvaxx.dat
2009-06-06 21:27 . 2009-05-13 20:39 1563008 ----a-w- c:\windows\WRSetup.dll
2009-06-06 21:27 . 2009-06-06 21:27 -------- d-----w- c:\documents and settings\Grogg\Application Data\Webroot
2009-06-06 21:27 . 2009-06-06 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2009-06-06 21:27 . 2009-06-06 21:27 -------- d-----w- c:\program files\Webroot
2009-06-06 21:14 . 2009-06-06 21:14 164 ----a-w- C:\install.dat
2009-06-06 13:39 . 2009-06-06 13:39 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-06 13:32 . 2009-06-06 13:32 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-05 21:54 . 2009-06-05 21:54 -------- d-sh--w- C:\FOUND.093
2009-06-05 21:48 . 2009-06-05 21:48 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-05 21:48 . 2009-06-05 21:48 -------- d--h--r- C:\$vault$.avg
2009-06-05 21:48 . 2009-06-05 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg7
2009-06-05 21:47 . 2009-06-05 21:47 -------- d-----w- c:\program files\PC MightyMax
2009-06-05 21:47 . 2009-06-05 21:47 -------- d-----w- c:\program files\GameSpy Arcade
2009-06-05 17:14 . 2009-06-05 17:14 -------- d-----w- c:\documents and settings\Grogg\Local Settings\Application Data\Google
2009-06-05 17:13 . 2009-06-05 17:13 -------- d-sh--w- c:\documents and settings\Grogg\IECompatCache
2009-06-05 16:57 . 2009-06-05 16:57 -------- d-sh--w- c:\documents and settings\Grogg\PrivacIE
2009-06-05 14:57 . 2009-06-05 14:57 10520 ----a-w- c:\windows\system32\avgrsstx(2).dll
2009-06-05 14:56 . 2009-06-05 14:57 -------- d-----w- c:\windows\system32\drivers\Avg(2)
2009-06-05 14:56 . 2009-06-05 14:56 -------- d-----w- c:\program files\AVG
2009-06-05 14:56 . 2009-06-05 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-05 01:49 . 2009-06-05 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI(3)
2009-06-05 01:32 . 2009-06-05 01:32 -------- d-sh--w- c:\documents and settings\Grogg\IETldCache
2009-06-05 01:32 . 2009-06-05 01:32 -------- d-----w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-05 01:30 . 2009-06-05 01:30 -------- d-----w- c:\windows\ie8updates
2009-06-05 01:27 . 2009-06-05 01:27 -------- d--h--w- c:\windows\ie8
2009-06-05 01:25 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-06-04 20:13 . 2009-06-04 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI(2)
2009-06-04 17:56 . 2009-06-04 17:56 -------- d-----w- c:\program files\Common Files\Logitech
2009-06-04 17:55 . 2009-06-04 17:55 -------- d-----w- c:\program files\Logitech
2009-05-25 23:48 . 2009-05-25 23:48 -------- d-sh--w- C:\FOUND.092
2009-05-19 15:16 . 2009-05-19 15:16 -------- d-sh--w- C:\FOUND.091
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 01:51 . 2008-01-23 23:32 111304 ----a-w- c:\documents and settings\Steph\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-06 23:30 . 2007-07-14 12:55 111304 ----a-w- c:\documents and settings\Grogg\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-06 21:27 . 2009-04-23 00:48 164 ----a-w- c:\windows\install.dat
2009-06-05 14:39 . 2009-06-05 14:39 1887 ----a-w- c:\documents and settings\All Users\Application Data\xml4.tmp
2009-06-05 14:39 . 2009-06-05 14:39 13441 ----a-w- c:\documents and settings\All Users\Application Data\xml3.tmp
2009-06-05 14:39 . 2009-06-05 14:39 7972 ----a-w- c:\documents and settings\All Users\Application Data\xml2.tmp
2009-04-21 23:27 . 2009-04-21 23:27 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-04-21 23:27 . 2009-04-21 23:27 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-04-21 23:27 . 2009-04-21 23:27 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-04-19 20:07 . 2009-04-19 20:01 5 ----a-w- c:\windows\sbacknt.bin
2009-04-19 19:42 . 2009-04-19 19:42 152904 ----a-w- c:\windows\system32\vghd.scr
2009-04-19 19:42 . 2009-04-19 19:42 -------- d-----w- c:\program files\vghd
2009-04-19 11:47 . 2009-04-19 11:47 -------- d-----w- c:\documents and settings\Grogg\Application Data\TweakNow PowerPack
2009-03-18 22:55 . 2009-05-06 03:59 607472 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUpdater\yupdater.exe
2009-03-16 21:33 . 2004-08-04 05:29 3597312 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-03-16 20:26 . 2004-08-04 07:56 328704 ----a-w- c:\windows\system32\ati2dvag.dll
2009-03-16 20:17 . 2008-01-10 02:58 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-03-16 20:16 . 2008-01-10 02:57 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-03-16 20:16 . 2008-01-10 02:57 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-03-16 20:16 . 2008-01-10 02:57 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-03-16 20:16 . 2008-01-10 02:57 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-03-16 20:15 . 2008-01-10 02:56 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-03-16 20:13 . 2008-01-10 02:55 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-03-16 20:06 . 2004-08-04 07:56 3820736 ----a-w- c:\windows\system32\ati3duag.dll
2009-03-16 20:04 . 2009-03-16 20:04 11563008 ----a-w- c:\windows\system32\atioglxx.dll
2009-03-16 19:53 . 2004-08-04 07:56 2675328 ----a-w- c:\windows\system32\ativvaxx.dll
2009-03-16 19:40 . 2009-03-16 19:40 49664 ----a-w- c:\windows\system32\atimpc32.dll
2009-03-16 19:40 . 2008-01-10 02:24 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-03-16 19:36 . 2008-01-10 02:20 475136 ----a-w- c:\windows\system32\atikvmag.dll
2009-03-16 19:35 . 2008-01-10 02:15 303104 ----a-w- c:\windows\system32\atiok3x2.dll
2009-03-16 19:35 . 2009-03-16 19:35 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-03-16 19:35 . 2009-03-16 19:35 131072 ----a-w- c:\windows\system32\atiadlxx.dll
2009-03-16 19:34 . 2009-03-16 19:34 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-03-16 19:34 . 2008-01-10 02:18 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-03-16 19:34 . 2008-01-10 02:17 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-03-16 19:33 . 2009-03-16 19:33 3264512 ----a-w- c:\windows\system32\aticaldd.dll
2009-03-16 19:28 . 2004-08-04 07:56 630784 ----a-w- c:\windows\system32\ati2cqag.dll
2009-01-29 21:22 . 2009-01-29 21:22 6 ----a-w- c:\program files\setup.ini
2002-08-01 00:55 . 2009-04-19 11:44 104 --sh--w- c:\windows\WSYS049.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-11-25 49152]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ParetoLogic Anti-Spyware"="c:\program files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" [2009-06-03 2643312]
"DriverCure"="c:\program files\ParetoLogic\DriverCure\DriverCure.exe" [2009-04-26 3023640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-08-08 1945424]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-08-08 148760]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-03-16 299008]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-07 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-09 148888]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-05-13 6345840]
"CARPService"="carpserv.exe" - c:\windows\SYSTEM32\carpserv.exe [2001-12-22 4608]
"LoadPowerProfile"="powrprof.dll" - c:\windows\SYSTEM32\powrprof.dll [2008-04-14 17408]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-11-25 49152]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
c:\documents and settings\RE\Start Menu\Programs\Startup\
Ubisoft register.lnk - c:\program files\Ubisoft\Register\schedule.exe [2006-12-10 28672]
c:\documents and settings\Grogg\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
PowerReg Scheduler.exe [2006-12-27 189952]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Enable Wireless Keyboard Driver.lnk - c:\program files\Wireless Device\Wireless Keyboard\Magickey.exe [2004-4-12 188416]
Enable Wireless Mouse Driver.lnk - c:\program files\Wireless Device\Wireless Mouse\MouseAp.exe [2004-4-12 221184]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{51C55F9E-C308-4c95-89AB-8858D8AFD819}"= "c:\program files\ParetoLogic\Anti-Spyware\PASShlExt.dll" [2009-06-03 98304]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\Groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\onenote.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 ssfs0bbc;ssfs0bbc;c:\windows\SYSTEM32\DRIVERS\ssfs0bbc.sys [4/21/2009 6:27 PM 29808]
R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [4/4/2008 12:52 PM 114768]
R1 kbfilter;Keyboard Filter Driver;c:\windows\SYSTEM32\DRIVERS\kbfilter.sys [4/12/2004 5:46 PM 11886]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [4/4/2008 12:52 PM 20560]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [6/6/2009 4:27 PM 1205760]
R3 SaiH0471;SaiH0471;c:\windows\SYSTEM32\DRIVERS\SaiH0471.sys [10/20/2004 11:38 AM 56704]
S2 LXCECustomerConnect;LXCECustomerConnect;c:\windows\SYSTEM32\spool\drivers\w32x86\3\lxceserv.exe [3/22/2005 5:46 AM 62384]
S2 NProtectService;NProtectService; [x]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 crtaud;Conexant Riptide WDM Audio Driver;c:\windows\SYSTEM32\DRIVERS\crtaud.sys [7/26/2005 2:13 PM 42112]
S3 ES2846;ESS ES2846 Home Phone Networking Adapter Driver;c:\windows\SYSTEM32\DRIVERS\ES2846.SYS [2/1/2002 5:20 PM 67072]
S3 itsernum;itsernum Filter ÅX°Êµ{¦¡;c:\windows\SYSTEM32\DRIVERS\itsernum.sys [4/6/2004 8:13 PM 20133]
S3 METROP;Hewlett-Packard ScanJet 5300C/5370C;c:\windows\SYSTEM32\DRIVERS\hp53pw2k.sys [4/7/2004 2:37 PM 131712]
S3 rpfun;Conexant Riptide Dummy Driver;c:\windows\SYSTEM32\DRIVERS\rpfun.sys [7/26/2005 2:13 PM 3840]
S3 rthwcls;Conexant Riptide Bus / Firmware Downloader;c:\windows\SYSTEM32\DRIVERS\rthwcls.sys [7/26/2005 2:13 PM 30720]
S3 XIRLINK;IBM PC Camera;c:\windows\SYSTEM32\DRIVERS\C-itNT.sys [4/16/2004 9:18 AM 899884]
S4 BackWeb Plug-in - 4476822;F-Secure 2006; [x]
.
Contents of the 'Scheduled Tasks' folder
2009-01-15 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]
2009-06-09 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]
2009-06-06 c:\windows\Tasks\wrSpySweeper_LEE20B12107714B558F54041D538D5EE3.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-06-06 20:40]
2009-06-06 c:\windows\Tasks\wrSpySweeper_LEE20B12107714B558F54041D538D5EE3.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-06-06 20:40]
2009-06-06 c:\windows\Tasks\ParetoLogic Update.job
- c:\program files\Common Files\ParetoLogic\UUS\Pareto_Update.exe [2009-06-03 18:39]
2009-06-07 c:\windows\Tasks\ParetoLogic Anti-Spyware.job
- c:\program files\ParetoLogic\Anti-Spyware\Pareto_AS.exe [2009-06-03 13:26]
2009-06-06 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 17:25]
2009-06-06 c:\windows\Tasks\ParetoLogic Privacy Controls_{55B2A6F6-52F0-11DE-8C2F-00038A000015}.job
- c:\program files\ParetoLogic\Privacy Controls\Pareto_PC.exe [2008-11-25 16:29]
2009-06-06 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-04-26 12:44]
2009-06-08 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 17:25]
2009-06-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
- - - - ORPHANS REMOVED - - - -
ShellIconOverlayIdentifiers-{7D688A77-C613-11D0-999B-00C04FD655E1} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
SafeBoot-procexp90.Sys
SafeBoot-svcWRSSSDK
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://support.f-secure.com/enu/home/
LSP: c:\windows\system32\ua_lsp.dll
Trusted Zone: taxactonline.com\www
DPF: Microsoft XML Parser for Java
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 20:58
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\docume~1\Grogg\LOCALS~1\Temp\catchme.dll 65536 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1229272821-630328440-725345543-1010\Software\SecuROM\License information*]
"datasecu"=hex:27,fd,45,f1,9f,78,2e,cf,95,8b,0f,cd,c0,cb,58,9a,af,5c,02,b6,22,
0d,41,09,b8,82,6c,31,c6,41,49,f9,08,20,05,2f,a5,8b,5c,63,22,00,ed,3b,15,1a,\
"rkeysecu"=hex:e8,3f,19,5c,cc,c5,30,58,58,e2,d2,cd,2d,08,b5,64
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3785E4EB-E86F-A1E2-47BA-3048B2524C09}\InProcServer32*]
"iaggnfmnfjldflfmgg"=hex:6b,61,69,70,63,6e,6a,64,63,63,6c,68,6f,61,65,69,63,6b,
6e,67,63,6c,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(492)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(556)
c:\windows\system32\relog_ap.dll
c:\windows\system32\ua_lsp.dll
- - - - - - - > 'explorer.exe'(3124)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\program files\ANTI SPY AND OTHERS\AD-AWARE 2007\AAWSERVICE.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
c:\program files\COMMON FILES\SEAGATE\SCHEDULE2\SCHEDUL2.EXE
c:\program files\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\LXCECOMS.EXE
c:\windows\SYSTEM32\PNKBSTRA.EXE
c:\windows\SYSTEM32\PNKBSTRB.EXE
c:\windows\SYSTEM32\LOCATOR.EXE
c:\windows\SYSTEM32\SNMP.EXE
c:\program files\WEBROOT\WEBROOTSECURITY\SPYSWEEPER.EXE
c:\windows\SYSTEM32\RUNDLL32.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Wireless Device\Wireless Keyboard\osd.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Webroot\WebrootSecurity\SSU.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-06-09 21:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-09 02:06
Pre-Run: 311,890,739,200 bytes free
Post-Run: 312,275,927,040 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
330 --- E O F --- 2009-06-06 17:37
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:05 PM, on 6/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\anti spy and others\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Grogg\Desktop\spyware and other programs\hi jack this and related\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.f-secure.com/enu/home/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [CARPService] "carpserv.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LoadPowerProfile] "Rundll32.exe" powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [ParetoLogic Anti-Spyware] "C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" -NM -hidesplash
O4 - HKCU\..\Run: [DriverCure] "C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe" -scan
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Global Startup: Enable Wireless Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133004748703
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://www.directv.direcway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\anti spy and others\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LXCECustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEserv.exe
O23 - Service: lxce_device - - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: NProtectService - Unknown owner - (no file)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Games\Grogg\sis\SiSoftware Sandra Professional Business XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Games\Grogg\sis\SiSoftware Sandra Professional Business XII.SP1\RpcSandraSrv.exe
O23 - Service: SNDSrvc - Acronis - (no file)
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - (no file)
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
--
End of file - 13813 bytes
little eagle
2009-06-09, 12:41
Close all programs leaving only HijackThis running. Place a check against each of the following,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - Startup: PowerReg Scheduler.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
Click on Fix Checked when finished and exit HijackThis.
Reboot and rescan with HiJackThis and post a new log here.
Also please describe how your computer behaves at the moment.
newtazewell
2009-06-09, 20:38
Ran very slow during reboot. Very, very slow loading ie home page, even then only got the top banner of the msn home page.
Here's my HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:25 PM, on 6/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\anti spy and others\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\lxcecoms.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Grogg\Desktop\spyware and other programs\hi jack this and related\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.f-secure.com/enu/home/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [CARPService] "carpserv.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LoadPowerProfile] "Rundll32.exe" powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [ParetoLogic Anti-Spyware] "C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" -NM -hidesplash
O4 - HKCU\..\Run: [DriverCure] "C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe" -scan
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Global Startup: Enable Wireless Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133004748703
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://www.directv.direcway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\anti spy and others\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LXCECustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEserv.exe
O23 - Service: lxce_device - - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: NProtectService - Unknown owner - (no file)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Games\Grogg\sis\SiSoftware Sandra Professional Business XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Games\Grogg\sis\SiSoftware Sandra Professional Business XII.SP1\RpcSandraSrv.exe
O23 - Service: SNDSrvc - Acronis - (no file)
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - (no file)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
--
End of file - 13390 bytes
newtazewell
2009-06-10, 03:23
Another note, my wife has a seperate user account on this computer. She said her's load quickly and connects to the internet in less than a minute....?
little eagle
2009-06-10, 05:57
Go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.
newtazewell
2009-06-10, 21:30
quick question... Is that file you want me to download supposed to be over 78 Mb.? Didn't seem right. Or, am I gonna be in even more trouble??? started downlaod and left computer... when I came back it was at about 30 % .
newtazewell
2009-06-11, 03:58
I E still slow loading 4 minutes.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, June 10, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, June 10, 2009 23:18:22
Records in database: 2335428
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
E:\
F:\
J:\
Scan statistics:
Files scanned: 182242
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:28:27
No malware has been detected. The scan area is clean.
The selected area was scanned.
little eagle
2009-06-11, 05:49
Can you go to add and remove programs and remove IE8.
This will let you run IE7. Let me know if 7 loads quicker.
newtazewell
2009-06-11, 23:16
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, June 11, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, June 11, 2009 19:42:47
Records in database: 2113614
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: standard
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
E:\
F:\
J:\
Scan statistics:
Files scanned: 185941
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:37:35
No malware has been detected. The scan area is clean.
The selected area was scanned.
little eagle
2009-06-12, 01:25
Reboot and rescan with HiJackThis and post a new log here.
Also please describe how your computer behaves at the moment.
newtazewell
2009-06-12, 04:41
WOOOHOOOO... ok, I had to uninstall sp3 then ie8 and would not connect at all. Reinstalled ie8 downloaded ie7, uninstalled both ie 8 & 7. Worked fine with ie6 .. installed ie7 is now working almost as before. Web pages open in seconds... I do believe my baby is cured. Thanks for your patience and help. Anything else to do? here's the HJT file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:36:02 PM, on 6/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\anti spy and others\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Grogg\Desktop\spyware and other programs\hi jack this and related\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.f-secure.com/enu/home/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [CARPService] "carpserv.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LoadPowerProfile] "Rundll32.exe" powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [ParetoLogic Anti-Spyware] "C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" -NM -hidesplash
O4 - HKCU\..\Run: [DriverCure] "C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe" -scan
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Global Startup: Enable Wireless Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133004748703
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://www.directv.direcway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\anti spy and others\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LXCECustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEserv.exe
O23 - Service: lxce_device - - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: NProtectService - Unknown owner - (no file)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Games\Grogg\sis\SiSoftware Sandra Professional Business XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Games\Grogg\sis\SiSoftware Sandra Professional Business XII.SP1\RpcSandraSrv.exe
O23 - Service: SNDSrvc - Acronis - (no file)
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - (no file)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
--
End of file - 13207 bytes
little eagle
2009-06-12, 04:55
Glad to here your flying while surfing.
Anything else before we close this thread?
newtazewell
2009-06-12, 12:57
Nothing else, other than to again say THANK YOU SO VERY MUCH....
Roger