Computer is very slow

Status
Not open for further replies.
cf#14

+ 2004-08-04 11:00:00 156,672 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmipcima.dll
+ 2004-08-04 11:00:00 132,096 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmipdskq.dll
+ 2004-08-04 11:00:00 75,264 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmipicmp.dll
+ 2004-08-04 11:00:00 62,464 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmipiprt.dll
+ 2004-08-04 11:00:00 62,976 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmipjobj.dll
+ 2004-08-04 11:00:00 18,944 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmiprop.dll
+ 2004-08-04 11:00:00 41,472 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmipsess.dll
+ 2004-08-04 11:00:00 52,224 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmitimep.dll
+ 2004-08-04 11:00:00 7,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmm2ext.dll
+ 2004-08-04 11:00:00 402,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmm2filt.dll
+ 2004-08-04 11:00:00 502,272 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmm2fxa.dll
+ 2004-08-04 11:00:00 325,632 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmm2fxb.dll
+ 2004-08-04 11:00:00 5,632 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmm2res2.dll
- 2004-09-15 18:28:00 3,371,008 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmploc.dll
+ 2005-01-28 18:44:28 3,371,008 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmploc.dll
+ 2004-08-04 11:00:00 221,184 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmpns.dll
+ 2004-08-04 11:00:00 115,200 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmsdmoe.dll
+ 2004-08-04 11:00:00 303,616 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmstream.dll
+ 2004-08-04 11:00:00 264,192 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wow32.dll
+ 2004-08-04 11:00:00 10,368 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wowexec.exe
+ 2004-08-04 11:00:00 3,200 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wowfax.dll
+ 2004-08-04 11:00:00 13,824 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wowfaxui.dll
+ 2004-08-04 11:00:00 32,256 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wpabaln.exe
+ 2004-08-04 11:00:00 32,256 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wpnpinst.exe
+ 2004-08-04 11:00:00 5,632 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\write.exe
+ 2004-08-04 11:00:00 12,032 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ws2ifsl.sys
+ 2004-08-04 11:00:00 13,824 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wscntfy.exe
+ 2007-08-01 00:45:22 135,168 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wscript.exe
+ 2004-08-04 11:00:00 9,216 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wshatm.dll
+ 2004-08-04 11:00:00 108,032 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wshbth.dll
+ 2004-08-04 11:00:00 28,672 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wshcon.dll
- 2004-08-04 11:00:00 65,536 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wshext.dll
+ 2007-08-01 00:45:30 69,632 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wshext.dll
+ 2004-08-04 11:00:00 14,336 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wship6.dll
+ 2004-08-04 04:56:48 8,192 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wshirda.dll
+ 2004-08-04 11:00:00 11,776 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wshisn.dll
+ 2004-08-04 11:00:00 7,168 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wshnetbs.dll
+ 2004-08-04 11:00:00 11,776 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wshrm.dll
+ 2004-08-04 02:29:48 12,063 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wsiintxx.sys
+ 2004-08-04 11:00:00 42,496 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wsnmp32.dll
+ 2004-08-04 11:00:00 50,688 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wstdecod.dll
+ 2004-08-04 11:00:00 32,256 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wupdmgr.exe
+ 2004-08-04 02:29:50 19,455 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wvchntxx.sys
+ 2004-08-04 11:00:00 378,368 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wzcdlg.dll
+ 2004-08-04 11:00:00 30,720 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\xcopy.exe
+ 2001-08-17 16:11:14 16,970 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\xem336n5.sys
+ 2004-08-04 11:00:00 174,200 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\xenroll.dll
+ 2001-08-18 02:37:02 99,865 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\xlog.exe
+ 2004-08-04 11:00:00 129,536 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\xmlprov.dll
+ 2004-08-04 11:00:00 50,176 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\xmlprovi.dll
+ 2006-03-01 19:42:42 11,776 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\xolehlp.dll
+ 2001-08-18 02:37:02 4,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\xrxflnch.exe
+ 2001-08-18 02:37:02 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\xrxftplt.exe
+ 2001-08-18 02:36:36 17,408 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\xrxscnui.dll
+ 2001-08-18 02:36:36 23,040 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwbtmp.dll
+ 2004-08-04 04:56:48 116,224 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwiadr.dll
+ 2004-08-04 11:00:00 8,261 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\zoneoc.dll
- 2003-11-19 22:36:26 24,681 ----a-w C:\WINDOWS\SYSTEM32\java.exe
+ 2008-02-22 05:23:35 135,168 ----a-w C:\WINDOWS\SYSTEM32\java.exe
- 2003-11-19 22:36:30 28,779 ----a-w C:\WINDOWS\SYSTEM32\javaw.exe
+ 2008-02-22 05:23:39 135,168 ----a-w C:\WINDOWS\SYSTEM32\javaw.exe
+ 2008-02-22 06:33:32 139,264 ----a-w C:\WINDOWS\SYSTEM32\javaws.exe
- 2006-10-17 16:00:00 491,520 ----a-w C:\WINDOWS\SYSTEM32\jscript.dll
+ 2007-08-01 00:45:24 491,520 ----a-w C:\WINDOWS\SYSTEM32\jscript.dll
+ 2007-07-27 18:49:02 196,683 ----a-w C:\WINDOWS\SYSTEM32\lnod32apiA.dll
+ 2007-07-27 18:49:02 225,355 ----a-w C:\WINDOWS\SYSTEM32\lnod32apiW.dll
+ 2005-12-05 23:25:22 139,264 ----a-w C:\WINDOWS\SYSTEM32\lnod32umc.dll
+ 2005-12-05 16:37:10 106,496 ----a-w C:\WINDOWS\SYSTEM32\lnod32upd.dll
- 2007-03-07 16:36:34 12,619,736 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2008-03-05 12:30:56 19,148,408 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2007-07-30 23:18:34 207,736 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll
- 2008-03-09 22:47:48 53,436 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
+ 2008-03-19 01:01:49 53,436 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
- 2008-03-09 22:47:48 381,692 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
+ 2008-03-19 01:01:49 381,692 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
- 2004-08-04 11:00:00 159,744 ----a-w C:\WINDOWS\SYSTEM32\SCROBJ.DLL
+ 2007-08-01 00:45:28 163,840 ----a-w C:\WINDOWS\SYSTEM32\scrobj.dll
- 2004-08-04 11:00:00 151,552 ----a-w C:\WINDOWS\SYSTEM32\SCRRUN.DLL
+ 2007-08-01 00:45:28 155,648 ----a-w C:\WINDOWS\SYSTEM32\scrrun.dll
+ 2004-12-07 14:11:34 258,352 ----a-w C:\WINDOWS\SYSTEM32\unicows.dll
- 2006-11-08 01:03:36 413,696 ----a-w C:\WINDOWS\SYSTEM32\vbscript.dll
+ 2007-08-01 00:45:28 413,696 ----a-w C:\WINDOWS\SYSTEM32\vbscript.dll
- 2004-08-04 11:00:00 114,688 ----a-w C:\WINDOWS\SYSTEM32\WSCRIPT.EXE
+ 2007-08-01 00:45:22 135,168 ----a-w C:\WINDOWS\SYSTEM32\wscript.exe
- 2004-08-04 11:00:00 28,672 ----a-w C:\WINDOWS\SYSTEM32\WSHCON.DLL
+ 2007-08-01 00:45:30 36,864 ----a-w C:\WINDOWS\SYSTEM32\wshcon.dll
- 2004-08-04 11:00:00 65,536 ----a-w C:\WINDOWS\SYSTEM32\WSHEXT.DLL
+ 2007-08-01 00:45:30 69,632 ----a-w C:\WINDOWS\SYSTEM32\wshext.dll
.
-- Snapshot reset to current date --
 
cf#15

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 17:10 1871872]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-05 19:48 6731312]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 15:33 1388544]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 13:05 212992]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840]
"Ink Monitor"="C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe" [2001-12-07 05:48 258118]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-12-27 21:43 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-31 19:50 180269]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [2000-11-28 06:10 20480]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [2000-11-28 06:10 24576]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [2000-11-28 06:10 49152]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [2000-11-28 06:10 20480]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-04-05 14:41 950272]
"_AntiSpyware"="c:\progra~1\mcafee\MCAFEE~1\masalert.exe" [2006-01-06 16:14 327680]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-02-28 18:00 169984]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-08-15 16:59 374688]
"Auto Auto EPSON Stylus CX3800 Series on TANAYTRUSHA on VINAY"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.exe" [2005-02-07 23:00 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra--c--- 2006-10-23 08:50 71216 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-08-23 20:19 57344 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-05-25 13:16 42032 C:\Program Files\Common Files\AOL\1112543894\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2004-12-18 01:20 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-09-14 10:50 53248 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2004-04-11 22:15 290816 C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
--a------ 2004-04-05 17:33 99480 C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-02-14 19:52 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2005-12-09 02:30 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\America Online 9.0a\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1112543894\\EE\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.1\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\AOL\\1112543894\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ee1c6ad-4b67-11dc-b0de-00038a000015}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-03-15 01:00:00 C:\WINDOWS\Tasks\mcafee antispyware.job"
- c:\progra~1\mcafee\MCAFEE~1\MASCon.exe
"2008-03-07 23:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (TANAYTRUSHA-Tanay).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 21:06:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-18 21:06:58
ComboFix-quarantined-files.txt 2008-03-19 01:06:37
ComboFix2.txt 2008-03-10 00:03:43
ComboFix3.txt 2007-07-26 15:43:34
.
2008-02-14 11:25:07 --- E O F ---
 
HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:03 PM, on 3/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\D-Tools\daemon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [Auto Auto EPSON Stylus CX3800 Series on TANAYTRUSHA on VINAY] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P60 "Auto Auto EPSON Stylus CX3800 Series on TANAYTRUSHA on VINAY" /O16 "\\VINAY\AutoEPSO" /M "Stylus CX3800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-21-2138437063-2238604988-110831785-1006\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-2138437063-2238604988-110831785-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2138437063-2238604988-110831785-1006\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (User '?')
O4 - HKUS\S-1-5-21-2138437063-2238604988-110831785-1006\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-21-2138437063-2238604988-110831785-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2138437063-2238604988-110831785-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-2138437063-2238604988-110831785-1006\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 (User '?')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1205281950437
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://mail.czeusa.com:3000/dwa7W.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11927 bytes
 
I have all the instructions printed out. I have a Dell reinstallation cd. Will that work? Or should I simply download it from MS site?

Also, I have been running combofix and HJT under normal logon. Will they work under Safe Mode, logging on as Admin?
 
I followed the instructions to install the Recovery console, by downloading from the MS site and then dragging the icon onto the combofix icon. It started running the combofix. Since you had not said I should do that I exited out.

But I am not sure that the recovery console has been installed, as I when I re-booted and pressed F8, that option did not show up.
 
It started running the combofix. Since you had not said I should do that I exited out.
Click to expand...
It was supose to run :oops: it was installing the recovery console--- it would have made a log saying that it was installed. :cool:

Why boot in safe mode?

----------------------

Can you drag the file into combofix again.
 
Oh well! I did not realize that. But anyway, I have now installed it from my re-installation CD and it shows up during boot.

In safe mode my computer runs at normal speed and I can actually get things done by double clicking icons. Also, I would not have to worry about shutting down my anti-virus and spamguards. And if I do it just in Safe Mode (without Networking) then I do not have to worry about disconnecting the internet while running ComboFix.

Ofcourse, if ComboFix does not run properly in Safe Mode, I will boot normally and do it.

Anyway, now I have the recovery console installed....
 
Now we need to remove in add and remove programs.
C:\AOL Instant Messenger

Delete the folder after that.. Reinstall the program after that

Run this online scan from ESET

You will need to use Internet explorer for this scan!
  • First, accept the Terms of Use
  • Click: Start
  • When asked, allow the ActiveX control to install
  • Click: Start
  • Make sure the options:
    Remove found threats, and Scan unwanted applications
    are both checked!
  • Click: Scan

When the scan finishes, use Notepad to open the ESET report.
It will be located here C:\Program Files\EsetOnlineScanner\log.txt
 
Here is the log:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2960 (20080319)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=01ab50c0c5a37744832c17345f0303f0
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-03-20 03:17:55
# local_time=2008-03-19 11:17:55 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=292580
# found=0
# scan_time=4551
 
little eagle said:
Now we need to remove in add and remove programs.
C:\AOL Instant Messenger

Delete the folder after that.. Reinstall the program after that
Click to expand...
Well not seeing anything now how is the PC running any trouble?

Reboot and rescan with HiJackThis and post a new log here.
 
FYI, AOL Instatnt Messenger was not in the list of Add/Remove programs, so there was nothing to uninstall. I deleted the folder. I did not really need the program, so I did not re-install it.

As for the system, it is the same as before. Runs perfectly fine in Safe Mode or Safe Mode with Networking. But under normal mode and any of the user accounts, it is extremely slow to load the desktop and respond to clicks on the desktop. Running any program from Task Manager is fine. And no unusual CPU usage.

I will post the HJT log in the evening, when I get home.
 
HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:56 PM, on 3/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\imapi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [Auto Auto EPSON Stylus CX3800 Series on TANAYTRUSHA on VINAY] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P60 "Auto Auto EPSON Stylus CX3800 Series on TANAYTRUSHA on VINAY" /O16 "\\VINAY\AutoEPSO" /M "Stylus CX3800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-21-2138437063-2238604988-110831785-1006\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-2138437063-2238604988-110831785-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2138437063-2238604988-110831785-1006\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (User '?')
O4 - HKUS\S-1-5-21-2138437063-2238604988-110831785-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2138437063-2238604988-110831785-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-2138437063-2238604988-110831785-1006\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 (User '?')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1205281950437
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://mail.czeusa.com:3000/dwa7W.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10731 bytes
 
A lot of programs that are running you really don't need.
these two may be conflicting one needs to be stopped you can use msconfig or delete them with hijackthis.

O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

You can fix these with hijackthis or msconfig also
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-21-2138437063-2238604988-110831785-1006\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 (User '?')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE[
 
I removed a few of them but saw no change in the behavior.

I would have really liked to get to the bottom of this, but, I give up....

I am re-installing XP on another hard drive, and then using this hard-drive to access my data. I hope whatever it was, won't infect this new drive and OS....

Thanks a lot for all your help.
 
Status
Not open for further replies.
Back
Top