View Full Version : iexplore.exe slowing down computer
miss spooky
2010-01-18, 13:50
HI,
My computer has been running really slow for the last few weeks, I have checked in the task menu and there is an iexplore.exe which is running extremely high with cpu going uot 100% at times. My harddrive sound like it's going to take off.
I've read up that this can be a virus but not sure how we got it or what to do about it. All scanners - AVG, Spybot etc come up clean.
I've done an hjt:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:53, on 18/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\InkSaver\InkSaver.exe
C:\WINDOWS\system32\wltray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Belkin\F5D7051v3\BelkinWCUI.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [InkSaver] C:\Program Files\InkSaver\InkSaver.exe hide
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZUman000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240517858593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240517848640
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - http://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://skyonline.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://vexcast.com/download/vexcast.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 9578 bytes
Hi miss spooky
Please download DDS (http://download.bleepingcomputer.com/sUBs/dds.scr) and save it to your desktop.
Disable any script blocking protection Double click dds.scr to run the tool. When done, DDS.txt and Attach.txt will open.
Save both reports to your desktop.
Please copy/paste the contents of the following reports in your next reply:
DDS.txt
Attach.txt
miss spooky
2010-01-23, 14:58
Hi,
Here's DDS.txt, do you want attach.txt as it is or should it be zipped as per instructions on program? Haven't posted it cos of query...
DDS (Ver_09-12-01.01) - NTFSx86
Run by Donna at 13:58:42.64 on 23/01/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.322 [GMT 0:00]
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\InkSaver\InkSaver.exe
C:\WINDOWS\system32\wltray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPE.EXE
C:\Program Files\Belkin\F5D7051v3\BelkinWCUI.exe
C:\Documents and Settings\Donna\Local Settings\temp\nvvscv.exe
C:\Documents and Settings\Donna\Local Settings\temp\a32pasop.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Donna\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://virginmedia.com/
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SRS Audio Sandbox] "c:\program files\srs labs\audio sandbox\SRSSSC.exe" /hideme
uRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [EPSON Stylus Photo RX560 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibpe.exe /fu "c:\docume~1\donna\locals~1\temp\E_S5D.tmp" /EF "HKCU"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [InkSaver] c:\program files\inksaver\InkSaver.exe hide
mRun: [Broadcom Wireless Manager] c:\windows\system32\wltray.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [EPSON Stylus Photo RX560 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibpe.exe /fu "c:\windows\temp\E_SD0.tmp" /EF "HKCU"
StartupFolder: c:\docume~1\donna\startm~1\programs\startup\1964233.lnk - c:\documents and settings\donna\local settings\temp\nvvscv.exe
StartupFolder: c:\docume~1\donna\startm~1\programs\startup\2070234.lnk - c:\documents and settings\donna\local settings\temp\a32pasop.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d7051v3\BelkinWCUI.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: <NO NAME> =
IE: &Search - ?p=ZUman000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\spybot~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240517858593
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240517848640
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://skyonline.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://vexcast.com/download/vexcast.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\donna\applic~1\mozilla\firefox\profiles\whd6mz54.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/english/
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/english/
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_fs&search=
FF - component: c:\documents and settings\all users\application data\mozilla\firefox extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\documents and settings\all users\application data\mozilla\firefox extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-5-18 12552]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-18 206256]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-18 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-18 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-18 108552]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-7-20 587096]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-18 297752]
R3 NdisWDM;Belkin Wireless G Plus USB Network Adapter Service;c:\windows\system32\drivers\NdisWDM.sys [2009-4-23 198144]
S2 AKEProtect;AKEProtect;\??\c:\program files\anti keylogger elite\akeprotect.sys --> c:\program files\anti keylogger elite\AKEProtect.sys [?]
S2 SessionLauncher;SessionLauncher; [x]
S2 XuparyDriver;Xupary Driver;\??\c:\windows\system32\xupary.sys --> c:\windows\system32\xupary.sys [?]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2007-10-13 20160]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-5-18 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-5-18 1097096]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]
S4 XuparySrv;Xupary Service; [x]
=============== Created Last 30 ================
2042-06-16 02:56:54 3120 ----a-w- c:\windows\MF_C420.lfa
2010-01-22 11:31:28 0 d-----w- c:\program files\InkSaver
2010-01-21 16:37:42 0 d-----w- c:\program files\EPSON Print CD
2010-01-21 16:36:08 0 d-----w- c:\docume~1\alluse~1\applic~1\UDL
2010-01-21 16:32:52 0 d-----w- c:\program files\epson
2010-01-21 16:32:30 25 ----a-w- c:\windows\CDE RX560EIPS.ini
2010-01-21 16:32:17 0 d-----w- c:\docume~1\alluse~1\applic~1\EPSON
2010-01-21 16:32:09 49152 ----a-w- c:\windows\system32\E_DCINST.DLL
2010-01-21 16:32:07 75264 ----a-w- c:\windows\system32\E_FLBBPE.DLL
2010-01-21 16:32:07 62976 ----a-w- c:\windows\system32\E_FD4BBPE.DLL
2010-01-21 16:19:04 63488 ----a-w- c:\windows\system32\escwiad.dll
2010-01-03 11:54:20 0 d-----w- c:\program files\FamilySearch
2010-01-02 16:47:02 0 d-----w- c:\docume~1\donna\applic~1\RootsMagic
2010-01-02 16:46:14 0 d-----w- c:\program files\common files\RootsMagic Shared
2010-01-02 16:45:53 0 d-----w- c:\program files\RootsMagic 4
2010-01-02 16:45:53 0 d-----w- c:\docume~1\alluse~1\applic~1\RootsMagic
2009-12-31 17:42:22 90112 ----a-w- c:\windows\system32\lfjbg13n.dll
2009-12-31 17:42:22 73728 ----a-w- c:\windows\system32\lffax13n.dll
2009-12-31 17:42:22 453120 ----a-w- c:\windows\system32\ltkrn13n.dll
2009-12-31 17:42:22 445440 ----a-w- c:\windows\system32\ltimg13n.dll
2009-12-31 17:42:22 388608 ----a-w- c:\windows\system32\lfcmp13n.dll
2009-12-31 17:42:22 265216 ----a-w- c:\windows\system32\ltdis13n.dll
2009-12-31 17:42:22 246272 ----a-w- c:\windows\system32\lfj2k13n.dll
2009-12-31 17:42:22 206848 ----a-w- c:\windows\system32\ltefx13n.dll
2009-12-31 17:42:22 189976 ----a-w- c:\windows\system32\mfimgvwr.ocx
2009-12-31 17:42:22 1693696 ----a-w- c:\windows\system32\ltclr13n.dll
2009-12-31 17:42:22 154112 ----a-w- c:\windows\system32\ltfil13n.dll
2009-12-31 17:42:22 142848 ----a-w- c:\windows\system32\lftif13n.dll
2009-12-31 17:42:04 0 d-----w- c:\program files\MFInstall
==================== Find3M ====================
2009-12-07 19:41:59 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-07 19:41:58 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-10 12:11:37 23190736 ----a-w- c:\program files\Second_Life_1-23-4-123908_Setup.exe
2008-05-23 12:52:04 443952 ----a-w- c:\program files\msgr8uk.exe
2007-11-13 21:18:08 8 --sh--r- c:\windows\system32\CE16F6022A.dll
2009-05-19 16:10:16 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051920090520\index.dat
2009-05-20 13:40:25 49152 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009052020090521\index.dat
2009-05-21 15:28:45 49152 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009052120090522\index.dat
============= FINISH: 13:59:19.18 ===============
Please copy/paste it to your next reply :)
miss spooky
2010-01-24, 17:54
Hi,
Here's attch.txt then:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-12-01.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 13/10/2007 15:42:39
System Uptime: 23/01/2010 13:53:33 (0 hours ago)
Motherboard: Acer | | EM61SM/EM61PM
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket M2 | 2209/201mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 49 GiB total, 11.479 GiB free.
D: is FIXED (NTFS) - 49 GiB total, 0.628 GiB free.
E: is FIXED (NTFS) - 56 GiB total, 19.66 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
N: is FIXED (NTFS) - 75 GiB total, 11.025 GiB free.
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_80561019&REV_12\4&37FC6483&0&0058
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_80561019&REV_12\4&37FC6483&0&0058
Service:
==== System Restore Points ===================
RP63: 07/12/2009 00:18:03 - System Checkpoint
RP64: 08/12/2009 08:14:53 - System Checkpoint
RP65: 09/12/2009 09:00:21 - System Checkpoint
RP66: 10/12/2009 09:06:51 - System Checkpoint
RP67: 11/12/2009 08:38:16 - Avg8 Update
RP68: 11/12/2009 08:38:43 - Avg8 Update
RP69: 12/12/2009 11:03:32 - System Checkpoint
RP70: 13/12/2009 11:52:35 - System Checkpoint
RP71: 14/12/2009 12:46:57 - System Checkpoint
RP72: 15/12/2009 13:11:09 - System Checkpoint
RP73: 16/12/2009 14:51:26 - System Checkpoint
RP74: 17/12/2009 15:11:12 - System Checkpoint
RP75: 18/12/2009 15:12:25 - System Checkpoint
RP76: 19/12/2009 16:00:27 - System Checkpoint
RP77: 20/12/2009 16:51:43 - System Checkpoint
RP78: 21/12/2009 18:08:19 - System Checkpoint
RP79: 22/12/2009 08:33:24 - Avg8 Update
RP80: 23/12/2009 13:49:29 - System Checkpoint
RP81: 24/12/2009 08:30:06 - Restore Operation
RP82: 25/12/2009 08:53:57 - System Checkpoint
RP83: 26/12/2009 09:34:07 - System Checkpoint
RP84: 27/12/2009 10:15:37 - System Checkpoint
RP85: 28/12/2009 12:31:52 - System Checkpoint
RP86: 29/12/2009 08:29:12 - Avg8 Update
RP87: 30/12/2009 11:25:48 - System Checkpoint
RP88: 31/12/2009 08:39:19 - Avg8 Update
RP89: 01/01/2010 11:28:29 - System Checkpoint
RP90: 02/01/2010 12:15:35 - System Checkpoint
RP91: 03/01/2010 15:10:09 - System Checkpoint
RP92: 04/01/2010 16:43:18 - System Checkpoint
RP93: 05/01/2010 18:10:18 - System Checkpoint
RP94: 06/01/2010 19:05:21 - System Checkpoint
RP95: 08/01/2010 09:04:27 - System Checkpoint
RP96: 09/01/2010 09:36:10 - System Checkpoint
RP97: 10/01/2010 11:03:44 - System Checkpoint
RP98: 11/01/2010 11:30:08 - System Checkpoint
RP99: 12/01/2010 11:32:38 - System Checkpoint
RP100: 13/01/2010 11:52:11 - System Checkpoint
RP101: 14/01/2010 12:42:47 - System Checkpoint
RP102: 15/01/2010 13:10:22 - System Checkpoint
RP103: 16/01/2010 13:34:34 - System Checkpoint
RP104: 17/01/2010 14:45:52 - System Checkpoint
RP105: 18/01/2010 15:02:08 - System Checkpoint
RP106: 19/01/2010 09:54:32 - Avg8 Update
RP107: 20/01/2010 10:34:04 - System Checkpoint
RP108: 21/01/2010 12:34:02 - System Checkpoint
RP109: 21/01/2010 16:33:51 - Installed EPSON EasyPrintModule
RP110: 21/01/2010 16:34:10 - Installed InstallShield Restore Point
RP111: 21/01/2010 16:34:34 - Installed InstallShield Restore Point
RP112: 21/01/2010 16:37:18 - Installed EPSON PRINT Image Framer Tool
RP113: 21/01/2010 16:37:42 - Installed EPSON Print CD
RP114: 21/01/2010 16:38:11 - Installed EPSON Web-To-Page
RP115: 21/01/2010 16:38:29 - Installed EPSON Easy Photo Print
RP116: 21/01/2010 16:38:32 - Installed EPSON Easy Photo Print
RP117: 21/01/2010 16:41:55 - Installed EPSON Attach To Email
RP118: 21/01/2010 16:42:21 - Installed EPSON Scan Assistant
RP119: 21/01/2010 16:42:46 - Installed EPSON File Manager
RP120: 21/01/2010 16:42:50 - Installed EPSON File Manager
RP121: 21/01/2010 16:44:08 - Installed Camera RAW Plug-In for EPSON Creativity Suite
RP122: 21/01/2010 16:44:15 - Installed Camera RAW Plug-In for EPSON Creativity Suite
RP123: 21/01/2010 17:13:35 - Removed Print to Fax
RP124: 21/01/2010 17:26:25 - Installed InkSaver
RP125: 21/01/2010 17:27:16 - Installed InkSaver
RP126: 21/01/2010 17:32:43 - Installed InkSaver
RP127: 21/01/2010 17:38:42 - Installed QuickTime
RP128: 22/01/2010 11:03:49 - Installed InkSaver
RP129: 22/01/2010 11:27:57 - Installed InkSaver
RP130: 22/01/2010 11:44:31 - Configured InkSaver
RP131: 23/01/2010 11:44:36 - System Checkpoint
==== Installed Programs ======================
AAC Decoder
Ad-Aware 2007
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.6
Apple Software Update
AutoUpdate
AVG 8.5
Belkin Wireless G Plus USB Network Adapter Setup
BlueSoleil
Business Plan Pro 2007
Camera RAW Plug-In for EPSON Creativity Suite
CCleaner
ConvertXtoDVD 3.8.0.193f
DirectVobSub (remove only)
DirectXInstallService
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
EA SPORTS online 2008
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Print CD
EPSON PRINT Image Framer Tool
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
EPSON Web-To-Page
ERUNT 1.1j
ESPRX560_590 User's Guide
Garmin Communicator Plugin
Google Toolbar for Internet Explorer
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB970653-v3)
IncrediMail
IncrediMail JunkFilter Plus
Indiana Jones and the Emperors Tomb
InkSaver
Java(TM) 6 Update 17
Java(TM) 6 Update 3
Java(TM) 6 Update 5
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
mIRC
MKV Splitter
Mozilla Firefox (2.0.0.2)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB927977)
Nero 7 Ultra Edition
neroxml
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Pac Man Advanced 1.1.0
PCast 5.0
Personal Ancestral File 5
PowerISO
PPMate Network TV 2.3.1.76
Prism
QuickTime
Realtek High Definition Audio Driver
RootsMagic 4.0.7.1
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Sony Ericsson PC Suite
SopCast 2.0.4
Spybot - Search & Destroy
Spyware Doctor 6.0
SRS Audio Sandbox
Tomb Raider: Anniversary 1.0
TVAnts 1.0
TVUPlayer 2.4.5.1
Universal Document Converter
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb973514)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.4053
VCRedistSetup
Veetle TV 0.9.15
VeohTV BETA
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
ZTE Mobile Connection
Zune Desktop Theme
==== Event Viewer Messages From Past Week ========
21/01/2010 17:15:32, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
21/01/2010 17:13:33, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\wiafbdrv.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
21/01/2010 08:35:48, error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the path specified.
==== End Of File ===========================
Please go to ESET Online Scanner (http://www.eset.eu/online-scanner) - © ESET All Rights Reserved... to run an online scan.
Note: You - will - need to use Internet Explorer for this scan!
Check the box next to "YES, I accept the Terms of Use."
Click "Start"
Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
Once installed, the scanner will be initialized.
Click "Start". Make sure that the options: Remove found threats is UNCHECKED
Scan unwanted applications is CHECKED
Click "Scan"
Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
Use Notepad to open the log file located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste the contents of log.txt in your next reply.
miss spooky
2010-01-25, 10:40
report from est0 scan:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16876 (vista_gdr.090625-2339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=03526308c3fe3f4aab145dadea99b30c
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-01-25 08:35:25
# local_time=2010-01-25 08:35:25 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 21657800 21657800 0 0
# compatibility_mode=769 16774142 0 3 22251086 22251155 0 0
# compatibility_mode=1024 16777175 100 0 22251085 22251085 0 0
# compatibility_mode=2560 16777191 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 3774 3774 0 0
# compatibility_mode=9217 16777214 0 9 22685995 32693985 0 0
# scanned=89534
# found=12
# cleaned=0
# scan_time=2681
C:\Anti Spyware\ComboFix\Qoobox\Quarantine\C\WINDOWS\system32\ugebiriv.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Documents and Settings\Donna\Local Settings\temp\1157319.exe multiple threats 00000000000000000000000000000000 I
C:\Documents and Settings\Donna\Local Settings\temp\330434.exe NSIS/TrojanDownloader.Agent.NBK trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Donna\Local Settings\temp\a32pasop.exe NSIS/TrojanDownloader.Agent.NBK trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Donna\Local Settings\temp\Draxton.exe NSIS/TrojanDownloader.Agent.NBK trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Donna\Local Settings\temp\EULA.exe NSIS/TrojanDownloader.Agent.NBK trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Donna\Local Settings\temp\ntexplore.exe Win32/TrojanDownloader.Agent.PQD trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Donna\Local Settings\temp\nvvscv.exe NSIS/TrojanDownloader.Agent.NBK trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Donna\Local Settings\temp\SLscv.exe multiple threats 00000000000000000000000000000000 I
D:\Prog Downloads\Printer_Ink_Saver_v2.3_by_HP\Portable-MultiTranse v5.1.1.exe NSIS/TrojanDownloader.Agent.NBK trojan 00000000000000000000000000000000 I
D:\Usefull Programmes\Nero 7.8.5.0\Nero 7.8.5.0.exe Win32/Toolbar.AskSBar application 00000000000000000000000000000000 I
N:\Usefull Programmes\Nero 7.8.5.0\Nero 7.8.5.0.exe Win32/Toolbar.AskSBar application 00000000000000000000000000000000 I
Please click this link-->Jotti (http://virusscan.jotti.org/)
Copy/paste file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).
D:\Prog Downloads\Printer_Ink_Saver_v2.3_by_HP\Portable-MultiTranse v5.1.1.exe
Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
miss spooky
2010-01-27, 13:58
Hi Shaba,
Just to let you know that my ISP has disconnected my BB for the time being. Can't pay bill for at least a week so I am unable to carry on at mo.
Once BB is back on, I will drop line in this thread.
(On friends computer)
Many thanks
MS
Due to the lack of feedback this Topic is closed.
If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
Everyone else please begin a New Topic.