winlogon using cpu like crazy

D

Da85Bears

New member
Hey guyz. I was told about you guyz by a bunch of people that said you were the best. So thanks in advance.


Ok my problem started out of no where. My computer would be very very slow. I open task manager to see what the problem was and i see winlogon and lsass slowing things down. My buddy told me to run hijack this and i did. Here are the logs i got after that scan.


Logfile of HijackThis v1.99.0
Scan saved at 10:10:13 AM, on 1/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\apirz.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
D:\anit virus spy ware\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {091233C4-3803-DBCD-4580-0207D9AA1206} - (no file)
O2 - BHO: (no name) - {0C0D6C5B-A2B0-EE72-16BD-682109DA9713} - (no file)
O2 - BHO: (no name) - {0F99594E-3E64-11CB-0E07-AF9D53A31A55} - (no file)
O2 - BHO: (no name) - {11CA3B87-457E-0939-FDEA-0DA8F81A41BB} - (no file)
O2 - BHO: (no name) - {1446CAF7-D2B9-3F02-EFF6-939AF47CF05D} - (no file)
O2 - BHO: (no name) - {145E2E36-9557-E8ED-B3E6-8C523800B7CE} - (no file)
O2 - BHO: (no name) - {160292A8-8482-FF8D-4D84-FBB413F28A39} - (no file)
O2 - BHO: (no name) - {16D199C7-F235-942C-E7CD-484759928237} - (no file)
O2 - BHO: (no name) - {1A478816-E063-0971-D763-1BABBFD87872} - (no file)
O2 - BHO: (no name) - {1B86035E-F039-33BA-B60C-D015083C16FD} - (no file)
O2 - BHO: (no name) - {1CC8EB30-F759-1F87-50B7-491167381C87} - (no file)
O2 - BHO: (no name) - {2285B198-6B1E-F3E9-EDB0-C1211C68788F} - (no file)
O2 - BHO: (no name) - {22913B6F-2B1A-9876-9E3D-460FBCE942CE} - (no file)
O2 - BHO: (no name) - {28742345-13C2-102C-4537-3BD6EC5E7371} - (no file)
O2 - BHO: (no name) - {2E2DE423-5FF9-C089-BD91-26C677AA0E2A} - (no file)
O2 - BHO: (no name) - {30A9ADD5-7E61-D29C-8F16-BC8A3DD7C359} - (no file)
O2 - BHO: (no name) - {321EE590-67C6-6B11-CCA5-70323A77E2B6} - (no file)
O2 - BHO: (no name) - {3959283E-C72B-D2BA-8167-B27A8FA8F55B} - (no file)
O2 - BHO: (no name) - {41196237-BC88-9E50-C0A8-41D2474D43DF} - (no file)
O2 - BHO: (no name) - {43E8A121-AE71-CB7B-0B5A-F99FA66D6EDF} - (no file)
O2 - BHO: (no name) - {46306F43-25AC-5BDC-CDF9-597FEDDF51F2} - (no file)
O2 - BHO: (no name) - {48824338-44C0-7912-89AA-850C0E0875C0} - (no file)
O2 - BHO: Class - {4B32A432-7AED-32E2-A1C8-FB0690AC63E5} - C:\WINDOWS\system32\d3sh32.dll
O2 - BHO: (no name) - {50CD8E84-A084-B58F-5E7E-738A3D10E2B3} - (no file)
O2 - BHO: (no name) - {51365430-633C-3E97-DEE5-CC369E4261D1} - (no file)
O2 - BHO: (no name) - {51A6B4D2-D0E3-4310-535C-BD6BA4535B56} - (no file)
O2 - BHO: (no name) - {538EC479-940F-6ECF-F256-A2FBF6BF035B} - (no file)
O2 - BHO: (no name) - {543E5DEC-9A89-6C8C-67AC-D0B02ABB10D6} - (no file)
O2 - BHO: (no name) - {59658A25-7B74-EDCF-F455-A75FF0E4C8BE} - (no file)
O2 - BHO: (no name) - {598A5F00-4A66-99FC-2B27-4167ACFF6680} - (no file)
O2 - BHO: (no name) - {5B791DC9-4315-DB99-ED8F-D81BA733A257} - (no file)
O2 - BHO: (no name) - {5CE2DA69-80D8-5FD1-46F9-7E4FCBBECD9B} - (no file)
O2 - BHO: (no name) - {6284824B-44A5-4E9F-EC3D-D516A453991C} - (no file)
O2 - BHO: (no name) - {629FEEBC-8D1F-BA64-26C3-686D45062880} - (no file)
O2 - BHO: (no name) - {631A4540-2042-D857-2571-DD87935DB588} - (no file)
O2 - BHO: (no name) - {64DA9837-FB36-C3F8-5C2D-B2B3204EB254} - (no file)
O2 - BHO: (no name) - {66BC6227-B851-2929-8008-EE055DC63DBF} - (no file)
O2 - BHO: (no name) - {67963FF8-29E8-0CE5-8A74-A47B4CB75963} - (no file)
O2 - BHO: (no name) - {67C20972-97E2-F33C-1230-394038D59AC3} - (no file)
O2 - BHO: (no name) - {67C3D253-86E0-3455-99E5-3DD535E435E7} - (no file)
O2 - BHO: (no name) - {6ECE769B-2D3C-88D4-F30D-E4D2878957F1} - (no file)
O2 - BHO: (no name) - {6F602FD6-D87A-FBB2-6E16-961DD4CD1331} - (no file)
O2 - BHO: (no name) - {72C86761-41FA-2CE6-013C-818A177372CF} - (no file)
O2 - BHO: (no name) - {7561BD5A-4319-21D1-6A49-CBCE972E06E8} - (no file)
O2 - BHO: (no name) - {765E05A1-70B8-85E1-675A-5C50FEC0938C} - (no file)
O2 - BHO: (no name) - {785049AB-40E2-B10B-F9E3-2408A16CBAA2} - (no file)
O2 - BHO: (no name) - {790661EE-2B1A-4CDD-90DD-8C75878BD256} - (no file)
O2 - BHO: (no name) - {825BF029-3C62-6A52-430D-BA42846F1741} - (no file)
O2 - BHO: (no name) - {8391BB4C-902C-341B-1536-94FBF69BF523} - (no file)
O2 - BHO: (no name) - {86C7E47D-8CC4-EC0F-E889-9B5424CA008C} - (no file)
O2 - BHO: (no name) - {86F9C2EC-C72F-6F42-D347-7847B66F4535} - (no file)
O2 - BHO: (no name) - {877CAAEB-2293-602B-7876-793995AAE631} - (no file)
O2 - BHO: (no name) - {883B6F6B-1236-FC72-D1A0-9569E99595C6} - (no file)
O2 - BHO: (no name) - {8BB4CD35-4317-18A3-AE58-1B39B48E91E8} - (no file)
O2 - BHO: (no name) - {8EAD04F4-5BB3-9C45-58C9-26C339B63513} - (no file)
O2 - BHO: (no name) - {908C94A7-18BA-B64A-8430-A47DE5203985} - (no file)
O2 - BHO: (no name) - {94277844-A490-FE2F-D4E1-AA6BD7A7D46F} - (no file)
O2 - BHO: (no name) - {987B8229-55C1-631B-7094-093741C88E5A} - (no file)
O2 - BHO: (no name) - {9A81ADE0-5E7F-0E4E-78B9-FD1D291D1B99} - (no file)
O2 - BHO: (no name) - {9B11A21A-3C68-C3A2-1680-1EEA00DE213C} - (no file)
O2 - BHO: (no name) - {9DB19568-2B3F-C178-5B77-2E3940654587} - (no file)
O2 - BHO: (no name) - {9FC679E2-2849-D6F8-4CAF-D99E5CE3512F} - (no file)
O2 - BHO: (no name) - {A010DBE2-CC3D-9634-88DD-0AC37058D49B} - (no file)
O2 - BHO: (no name) - {A1721474-060F-02FE-322F-375BB4E0598B} - (no file)
O2 - BHO: (no name) - {A4842560-CE4E-8858-6B28-E50CEB6F759E} - (no file)
O2 - BHO: (no name) - {A6A63A0E-EAB8-DFAA-6C65-1535AF6EE089} - (no file)
O2 - BHO: (no name) - {A6B28178-FDEC-9648-8BCA-0112C88FB2B4} - (no file)
O2 - BHO: (no name) - {A97F3FDF-D067-02D7-9B41-A262368C2E2C} - (no file)
O2 - BHO: (no name) - {AA1485D7-515B-7E22-9DA5-B4E151317124} - (no file)
O2 - BHO: (no name) - {B012290B-F6CB-AE54-0C3F-C8D408BBF992} - (no file)
O2 - BHO: (no name) - {B77E50A7-B32B-750C-907E-92AD1F76461E} - (no file)
O2 - BHO: (no name) - {BB89D6CC-E122-D820-6D84-036A8D4E2E6C} - (no file)
O2 - BHO: (no name) - {BBD4B1ED-009C-EF4B-86D3-0913CFEE88F4} - (no file)
O2 - BHO: (no name) - {BC234570-5592-DEEC-F787-4BF76F57427B} - (no file)
O2 - BHO: (no name) - {BC92A8D6-EC15-3C14-13BB-52BEF3DFBFA6} - (no file)
O2 - BHO: (no name) - {BFC37431-DFCB-61A3-0285-957EFA484789} - (no file)
O2 - BHO: (no name) - {C2D83BCC-E8FB-1D08-4A94-DED9CA9321F5} - (no file)
O2 - BHO: (no name) - {C40122F1-A8B0-A3C3-6FB0-84B04256A6CB} - (no file)
O2 - BHO: (no name) - {C88E18E6-5C3C-F769-DC70-D84B6F21ECCE} - (no file)
O2 - BHO: (no name) - {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} - C:\WINDOWS\system32\efccbbx.dll
O2 - BHO: (no name) - {CAF26EC5-E0AD-49E5-5C3C-D6D5210B1C3D} - (no file)
O2 - BHO: (no name) - {CBAA4450-710E-86CC-89DB-00D04CC21EAE} - (no file)
O2 - BHO: (no name) - {CF550B9D-3735-B065-B10F-6FBED6C70DA4} - (no file)
O2 - BHO: (no name) - {D4B0AF48-35C4-E717-AE73-79D57465592B} - (no file)
O2 - BHO: (no name) - {D8F15E7B-9A97-CCE6-52A9-BC9615F22B63} - (no file)
O2 - BHO: (no name) - {D909FA9D-7AE6-6B2A-B820-22D8EBB261F2} - (no file)
O2 - BHO: (no name) - {DD3F3226-DC4D-6D02-9FF9-D05AE7EAF09A} - (no file)
O2 - BHO: (no name) - {E0C178B2-8454-511A-88BC-EADF5E5B5094} - (no file)
O2 - BHO: (no name) - {E0DD7A95-1DF5-210A-C8D1-D9AB86BD9109} - (no file)
O2 - BHO: (no name) - {E8D32FF6-E55B-43E7-180C-D9B8824CCF0E} - (no file)
O2 - BHO: (no name) - {EAEB9F05-39AB-4A50-B9D6-BA9972EE4D0F} - (no file)
O2 - BHO: (no name) - {EC39DD52-F8A2-5571-407F-A39AEDE13BB3} - (no file)
O2 - BHO: (no name) - {F18B8F19-2940-0876-54D4-FBE52283D28C} - (no file)
O2 - BHO: (no name) - {F491206F-874D-A508-8965-52DD77E58735} - (no file)
O2 - BHO: (no name) - {F741EAF7-6D33-0ABE-BCF4-5C3371DBD34A} - (no file)
O2 - BHO: (no name) - {FA368488-8008-3889-4E2F-86BBFD486BD2} - (no file)
O2 - BHO: (no name) - {FD350929-ABF9-B29E-4912-9CF55B4CB92A} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [sysdw.exe] C:\WINDOWS\system32\sysdw.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [winvi32.exe] C:\WINDOWS\system32\winvi32.exe
O4 - HKLM\..\Run: [syskh32.exe] C:\WINDOWS\syskh32.exe
O4 - HKLM\..\Run: [sysfc32.exe] C:\WINDOWS\system32\sysfc32.exe
O4 - HKLM\..\Run: [sdkwq32.exe] C:\WINDOWS\system32\sdkwq32.exe
O4 - HKLM\..\Run: [netts.exe] C:\WINDOWS\netts.exe
O4 - HKLM\..\Run: [msld32.exe] C:\WINDOWS\system32\msld32.exe
O4 - HKLM\..\Run: [msgb.exe] C:\WINDOWS\msgb.exe
O4 - HKLM\..\Run: [mfcml32.exe] C:\WINDOWS\mfcml32.exe
O4 - HKLM\..\Run: [mfcez.exe] C:\WINDOWS\mfcez.exe
O4 - HKLM\..\Run: [mfcbi32.exe] C:\WINDOWS\system32\mfcbi32.exe
O4 - HKLM\..\Run: [javagi.exe] C:\WINDOWS\system32\javagi.exe
O4 - HKLM\..\Run: [javabx32.exe] C:\WINDOWS\javabx32.exe
O4 - HKLM\..\Run: [ipsy.exe] C:\WINDOWS\ipsy.exe
O4 - HKLM\..\Run: [ipnz.exe] C:\WINDOWS\system32\ipnz.exe
O4 - HKLM\..\Run: [ipea32.exe] C:\WINDOWS\ipea32.exe
O4 - HKLM\..\Run: [ipcw32.exe] C:\WINDOWS\system32\ipcw32.exe
O4 - HKLM\..\Run: [ietr32.exe] C:\WINDOWS\system32\ietr32.exe
O4 - HKLM\..\Run: [d3tu.exe] C:\WINDOWS\system32\d3tu.exe
O4 - HKLM\..\Run: [d3io.exe] C:\WINDOWS\system32\d3io.exe
O4 - HKLM\..\Run: [d3fz.exe] C:\WINDOWS\system32\d3fz.exe
O4 - HKLM\..\Run: [craa32.exe] C:\WINDOWS\craa32.exe
O4 - HKLM\..\Run: [atlue.exe] C:\WINDOWS\atlue.exe
O4 - HKLM\..\Run: [addoe32.exe] C:\WINDOWS\addoe32.exe
O4 - HKLM\..\Run: [addmr.exe] C:\WINDOWS\system32\addmr.exe
O4 - HKLM\..\Run: [sysfc32 .exe] C:\WINDOWS\system32\sysfc32 .exe
O4 - HKLM\..\Run: [syskh32 .exe] C:\WINDOWS\syskh32 .exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?c5f405dbb6a1442db7a5bde94d8eb4db
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?c5f405dbb6a1442db7a5bde94d8eb4db
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177000541031
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\apirz.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


I am not sure what all that means as i train rescue dogs and not computers. My buddies said you can fix anything and my son cant do his homework so plz help him get smarter.


Thanks
 
Holy smokes you guyz are busy. I just looked at how many people come here for help in one hour. This is a great service you provide. If you ever loose your keys or a phone or you kids let me know i have dogs that can find a grain of salt in a pepper field.


Thanks again
 
Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.
===================================================================================

What a lot of trash you have there, is your Antivirus upto date ?

Download and Install CWShredder

Download and Install CWShredder© by Trend Micro Inc.
Open CWShredder and click I AGREE
Click Check For Update
Close CWShredder

Run CWShredder

Open CWShredder that you downloaded. Close all browser windows and click on the fix/next button.

Old version of HJT
You are running an older version of Hijack This.

Click here to download HJTinstall.exe
Save HJTinstall.exe to your desktop.
It is important that you uninstall any previous versions by using Add/Remove programs in your control panel
before installing a newer version.
  • Double click on the HJTinstall.exe icon on your desktop.
  • By default it will install to C:\\Program Files\\Trend Micro\\Hijack This.
  • Click I accept
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Download AVG Anti-Spyware
Please download AVG Anti-Spyware. to your Desktop or to your usual Download Folder.

  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.


Run AVG Anti-Spyware
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Do not automatically generate reports
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      scanavgjk2.jpg
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Please post the AVG log along with a fresh HJT log in your reply
 
Last edited:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:53 PM, on 1/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {091233C4-3803-DBCD-4580-0207D9AA1206} - (no file)
O2 - BHO: (no name) - {0C0D6C5B-A2B0-EE72-16BD-682109DA9713} - (no file)
O2 - BHO: (no name) - {0F99594E-3E64-11CB-0E07-AF9D53A31A55} - (no file)
O2 - BHO: (no name) - {11CA3B87-457E-0939-FDEA-0DA8F81A41BB} - (no file)
O2 - BHO: (no name) - {1446CAF7-D2B9-3F02-EFF6-939AF47CF05D} - (no file)
O2 - BHO: (no name) - {145E2E36-9557-E8ED-B3E6-8C523800B7CE} - (no file)
O2 - BHO: (no name) - {160292A8-8482-FF8D-4D84-FBB413F28A39} - (no file)
O2 - BHO: (no name) - {16D199C7-F235-942C-E7CD-484759928237} - (no file)
O2 - BHO: (no name) - {1A478816-E063-0971-D763-1BABBFD87872} - (no file)
O2 - BHO: (no name) - {1B86035E-F039-33BA-B60C-D015083C16FD} - (no file)
O2 - BHO: (no name) - {1CC8EB30-F759-1F87-50B7-491167381C87} - (no file)
O2 - BHO: (no name) - {2285B198-6B1E-F3E9-EDB0-C1211C68788F} - (no file)
O2 - BHO: (no name) - {22913B6F-2B1A-9876-9E3D-460FBCE942CE} - (no file)
O2 - BHO: (no name) - {28742345-13C2-102C-4537-3BD6EC5E7371} - (no file)
O2 - BHO: (no name) - {2E2DE423-5FF9-C089-BD91-26C677AA0E2A} - (no file)
O2 - BHO: (no name) - {30A9ADD5-7E61-D29C-8F16-BC8A3DD7C359} - (no file)
O2 - BHO: (no name) - {321EE590-67C6-6B11-CCA5-70323A77E2B6} - (no file)
O2 - BHO: (no name) - {3959283E-C72B-D2BA-8167-B27A8FA8F55B} - (no file)
O2 - BHO: (no name) - {41196237-BC88-9E50-C0A8-41D2474D43DF} - (no file)
O2 - BHO: (no name) - {43E8A121-AE71-CB7B-0B5A-F99FA66D6EDF} - (no file)
O2 - BHO: (no name) - {46306F43-25AC-5BDC-CDF9-597FEDDF51F2} - (no file)
O2 - BHO: (no name) - {48824338-44C0-7912-89AA-850C0E0875C0} - (no file)
O2 - BHO: (no name) - {4B32A432-7AED-32E2-A1C8-FB0690AC63E5} - (no file)
O2 - BHO: (no name) - {50CD8E84-A084-B58F-5E7E-738A3D10E2B3} - (no file)
O2 - BHO: (no name) - {51365430-633C-3E97-DEE5-CC369E4261D1} - (no file)
O2 - BHO: (no name) - {51A6B4D2-D0E3-4310-535C-BD6BA4535B56} - (no file)
O2 - BHO: (no name) - {538EC479-940F-6ECF-F256-A2FBF6BF035B} - (no file)
O2 - BHO: (no name) - {543E5DEC-9A89-6C8C-67AC-D0B02ABB10D6} - (no file)
O2 - BHO: (no name) - {59658A25-7B74-EDCF-F455-A75FF0E4C8BE} - (no file)
O2 - BHO: (no name) - {598A5F00-4A66-99FC-2B27-4167ACFF6680} - (no file)
O2 - BHO: (no name) - {5B791DC9-4315-DB99-ED8F-D81BA733A257} - (no file)
O2 - BHO: (no name) - {5CE2DA69-80D8-5FD1-46F9-7E4FCBBECD9B} - (no file)
O2 - BHO: (no name) - {6284824B-44A5-4E9F-EC3D-D516A453991C} - (no file)
O2 - BHO: (no name) - {629FEEBC-8D1F-BA64-26C3-686D45062880} - (no file)
O2 - BHO: (no name) - {631A4540-2042-D857-2571-DD87935DB588} - (no file)
O2 - BHO: (no name) - {64DA9837-FB36-C3F8-5C2D-B2B3204EB254} - (no file)
O2 - BHO: (no name) - {66BC6227-B851-2929-8008-EE055DC63DBF} - (no file)
O2 - BHO: (no name) - {67963FF8-29E8-0CE5-8A74-A47B4CB75963} - (no file)
O2 - BHO: (no name) - {67C20972-97E2-F33C-1230-394038D59AC3} - (no file)
O2 - BHO: (no name) - {67C3D253-86E0-3455-99E5-3DD535E435E7} - (no file)
O2 - BHO: (no name) - {6ECE769B-2D3C-88D4-F30D-E4D2878957F1} - (no file)
O2 - BHO: (no name) - {6F602FD6-D87A-FBB2-6E16-961DD4CD1331} - (no file)
O2 - BHO: (no name) - {72C86761-41FA-2CE6-013C-818A177372CF} - (no file)
O2 - BHO: (no name) - {7561BD5A-4319-21D1-6A49-CBCE972E06E8} - (no file)
O2 - BHO: (no name) - {765E05A1-70B8-85E1-675A-5C50FEC0938C} - (no file)
O2 - BHO: (no name) - {785049AB-40E2-B10B-F9E3-2408A16CBAA2} - (no file)
O2 - BHO: (no name) - {790661EE-2B1A-4CDD-90DD-8C75878BD256} - (no file)
O2 - BHO: (no name) - {825BF029-3C62-6A52-430D-BA42846F1741} - (no file)
O2 - BHO: (no name) - {8391BB4C-902C-341B-1536-94FBF69BF523} - (no file)
O2 - BHO: (no name) - {86C7E47D-8CC4-EC0F-E889-9B5424CA008C} - (no file)
O2 - BHO: (no name) - {86F9C2EC-C72F-6F42-D347-7847B66F4535} - (no file)
O2 - BHO: (no name) - {877CAAEB-2293-602B-7876-793995AAE631} - (no file)
O2 - BHO: (no name) - {883B6F6B-1236-FC72-D1A0-9569E99595C6} - (no file)
O2 - BHO: (no name) - {8BB4CD35-4317-18A3-AE58-1B39B48E91E8} - (no file)
O2 - BHO: (no name) - {8EAD04F4-5BB3-9C45-58C9-26C339B63513} - (no file)
O2 - BHO: (no name) - {908C94A7-18BA-B64A-8430-A47DE5203985} - (no file)
O2 - BHO: (no name) - {94277844-A490-FE2F-D4E1-AA6BD7A7D46F} - (no file)
O2 - BHO: (no name) - {987B8229-55C1-631B-7094-093741C88E5A} - (no file)
O2 - BHO: (no name) - {9A81ADE0-5E7F-0E4E-78B9-FD1D291D1B99} - (no file)
O2 - BHO: (no name) - {9B11A21A-3C68-C3A2-1680-1EEA00DE213C} - (no file)
O2 - BHO: (no name) - {9DB19568-2B3F-C178-5B77-2E3940654587} - (no file)
O2 - BHO: (no name) - {9FC679E2-2849-D6F8-4CAF-D99E5CE3512F} - (no file)
O2 - BHO: (no name) - {A010DBE2-CC3D-9634-88DD-0AC37058D49B} - (no file)
O2 - BHO: (no name) - {A1721474-060F-02FE-322F-375BB4E0598B} - (no file)
O2 - BHO: (no name) - {A4842560-CE4E-8858-6B28-E50CEB6F759E} - (no file)
O2 - BHO: (no name) - {A6A63A0E-EAB8-DFAA-6C65-1535AF6EE089} - (no file)
O2 - BHO: (no name) - {A6B28178-FDEC-9648-8BCA-0112C88FB2B4} - (no file)
O2 - BHO: (no name) - {A97F3FDF-D067-02D7-9B41-A262368C2E2C} - (no file)
O2 - BHO: (no name) - {AA1485D7-515B-7E22-9DA5-B4E151317124} - (no file)
O2 - BHO: (no name) - {B012290B-F6CB-AE54-0C3F-C8D408BBF992} - (no file)
O2 - BHO: (no name) - {B77E50A7-B32B-750C-907E-92AD1F76461E} - (no file)
O2 - BHO: (no name) - {BB89D6CC-E122-D820-6D84-036A8D4E2E6C} - (no file)
O2 - BHO: (no name) - {BBD4B1ED-009C-EF4B-86D3-0913CFEE88F4} - (no file)
O2 - BHO: (no name) - {BC234570-5592-DEEC-F787-4BF76F57427B} - (no file)
O2 - BHO: (no name) - {BC92A8D6-EC15-3C14-13BB-52BEF3DFBFA6} - (no file)
O2 - BHO: (no name) - {BFC37431-DFCB-61A3-0285-957EFA484789} - (no file)
O2 - BHO: (no name) - {C2D83BCC-E8FB-1D08-4A94-DED9CA9321F5} - (no file)
O2 - BHO: (no name) - {C40122F1-A8B0-A3C3-6FB0-84B04256A6CB} - (no file)
O2 - BHO: (no name) - {C88E18E6-5C3C-F769-DC70-D84B6F21ECCE} - (no file)
O2 - BHO: (no name) - {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} - C:\WINDOWS\system32\efccbbx.dll
O2 - BHO: (no name) - {CAF26EC5-E0AD-49E5-5C3C-D6D5210B1C3D} - (no file)
O2 - BHO: (no name) - {CBAA4450-710E-86CC-89DB-00D04CC21EAE} - (no file)
O2 - BHO: (no name) - {CF550B9D-3735-B065-B10F-6FBED6C70DA4} - (no file)
O2 - BHO: (no name) - {D4B0AF48-35C4-E717-AE73-79D57465592B} - (no file)
O2 - BHO: (no name) - {D8F15E7B-9A97-CCE6-52A9-BC9615F22B63} - (no file)
O2 - BHO: (no name) - {D909FA9D-7AE6-6B2A-B820-22D8EBB261F2} - (no file)
O2 - BHO: (no name) - {DD3F3226-DC4D-6D02-9FF9-D05AE7EAF09A} - (no file)
O2 - BHO: (no name) - {E0C178B2-8454-511A-88BC-EADF5E5B5094} - (no file)
O2 - BHO: (no name) - {E0DD7A95-1DF5-210A-C8D1-D9AB86BD9109} - (no file)
O2 - BHO: (no name) - {E8D32FF6-E55B-43E7-180C-D9B8824CCF0E} - (no file)
O2 - BHO: (no name) - {EAEB9F05-39AB-4A50-B9D6-BA9972EE4D0F} - (no file)
O2 - BHO: (no name) - {EC39DD52-F8A2-5571-407F-A39AEDE13BB3} - (no file)
O2 - BHO: (no name) - {F18B8F19-2940-0876-54D4-FBE52283D28C} - (no file)
O2 - BHO: (no name) - {F491206F-874D-A508-8965-52DD77E58735} - (no file)
O2 - BHO: (no name) - {F741EAF7-6D33-0ABE-BCF4-5C3371DBD34A} - (no file)
O2 - BHO: (no name) - {FA368488-8008-3889-4E2F-86BBFD486BD2} - (no file)
O2 - BHO: (no name) - {FD350929-ABF9-B29E-4912-9CF55B4CB92A} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [syskh32.exe] C:\WINDOWS\syskh32.exe
O4 - HKLM\..\Run: [sdkwq32.exe] C:\WINDOWS\system32\sdkwq32.exe
O4 - HKLM\..\Run: [msld32.exe] C:\WINDOWS\system32\msld32.exe
O4 - HKLM\..\Run: [mfcml32.exe] C:\WINDOWS\mfcml32.exe
O4 - HKLM\..\Run: [mfcbi32.exe] C:\WINDOWS\system32\mfcbi32.exe
O4 - HKLM\..\Run: [javabx32.exe] C:\WINDOWS\javabx32.exe
O4 - HKLM\..\Run: [ipnz.exe] C:\WINDOWS\system32\ipnz.exe
O4 - HKLM\..\Run: [ipcw32.exe] C:\WINDOWS\system32\ipcw32.exe
O4 - HKLM\..\Run: [d3tu.exe] C:\WINDOWS\system32\d3tu.exe
O4 - HKLM\..\Run: [d3fz.exe] C:\WINDOWS\system32\d3fz.exe
O4 - HKLM\..\Run: [atlue.exe] C:\WINDOWS\atlue.exe
O4 - HKLM\..\Run: [addmr.exe] C:\WINDOWS\system32\addmr.exe
O4 - HKLM\..\Run: [syskh32 .exe] C:\WINDOWS\syskh32 .exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?c5f405dbb6a1442db7a5bde94d8eb4db
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?c5f405dbb6a1442db7a5bde94d8eb4db
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177000541031
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
O20 - Winlogon Notify: efccbbx - C:\WINDOWS\SYSTEM32\efccbbx.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 13202 bytes
 
I am running the avg scan now. It takes forever because of the comp being so slow. Thanks for your time and i will post the results soon.
 
Hi,

The problem i have had is the computer takes hours and hours to scan. I let it run for about 7 hrs and then the comp froze. I am running another scan now i am about 3 hrs into it. Thanks for your patients.
 
The problem is, your machine is so badly infected that the scans are crashing.
please try the following.


Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {091233C4-3803-DBCD-4580-0207D9AA1206} - (no file)
O2 - BHO: (no name) - {0C0D6C5B-A2B0-EE72-16BD-682109DA9713} - (no file)
O2 - BHO: (no name) - {0F99594E-3E64-11CB-0E07-AF9D53A31A55} - (no file)
O2 - BHO: (no name) - {11CA3B87-457E-0939-FDEA-0DA8F81A41BB} - (no file)
O2 - BHO: (no name) - {1446CAF7-D2B9-3F02-EFF6-939AF47CF05D} - (no file)
O2 - BHO: (no name) - {145E2E36-9557-E8ED-B3E6-8C523800B7CE} - (no file)
O2 - BHO: (no name) - {160292A8-8482-FF8D-4D84-FBB413F28A39} - (no file)
O2 - BHO: (no name) - {16D199C7-F235-942C-E7CD-484759928237} - (no file)
O2 - BHO: (no name) - {1A478816-E063-0971-D763-1BABBFD87872} - (no file)
O2 - BHO: (no name) - {1B86035E-F039-33BA-B60C-D015083C16FD} - (no file)
O2 - BHO: (no name) - {1CC8EB30-F759-1F87-50B7-491167381C87} - (no file)
O2 - BHO: (no name) - {2285B198-6B1E-F3E9-EDB0-C1211C68788F} - (no file)
O2 - BHO: (no name) - {22913B6F-2B1A-9876-9E3D-460FBCE942CE} - (no file)
O2 - BHO: (no name) - {28742345-13C2-102C-4537-3BD6EC5E7371} - (no file)
O2 - BHO: (no name) - {2E2DE423-5FF9-C089-BD91-26C677AA0E2A} - (no file)
O2 - BHO: (no name) - {30A9ADD5-7E61-D29C-8F16-BC8A3DD7C359} - (no file)
O2 - BHO: (no name) - {321EE590-67C6-6B11-CCA5-70323A77E2B6} - (no file)
O2 - BHO: (no name) - {3959283E-C72B-D2BA-8167-B27A8FA8F55B} - (no file)
O2 - BHO: (no name) - {41196237-BC88-9E50-C0A8-41D2474D43DF} - (no file)
O2 - BHO: (no name) - {43E8A121-AE71-CB7B-0B5A-F99FA66D6EDF} - (no file)
O2 - BHO: (no name) - {46306F43-25AC-5BDC-CDF9-597FEDDF51F2} - (no file)
O2 - BHO: (no name) - {48824338-44C0-7912-89AA-850C0E0875C0} - (no file)
O2 - BHO: (no name) - {4B32A432-7AED-32E2-A1C8-FB0690AC63E5} - (no file)
O2 - BHO: (no name) - {50CD8E84-A084-B58F-5E7E-738A3D10E2B3} - (no file)
O2 - BHO: (no name) - {51365430-633C-3E97-DEE5-CC369E4261D1} - (no file)
O2 - BHO: (no name) - {51A6B4D2-D0E3-4310-535C-BD6BA4535B56} - (no file)
O2 - BHO: (no name) - {538EC479-940F-6ECF-F256-A2FBF6BF035B} - (no file)
O2 - BHO: (no name) - {543E5DEC-9A89-6C8C-67AC-D0B02ABB10D6} - (no file)
O2 - BHO: (no name) - {59658A25-7B74-EDCF-F455-A75FF0E4C8BE} - (no file)
O2 - BHO: (no name) - {598A5F00-4A66-99FC-2B27-4167ACFF6680} - (no file)
O2 - BHO: (no name) - {5B791DC9-4315-DB99-ED8F-D81BA733A257} - (no file)
O2 - BHO: (no name) - {5CE2DA69-80D8-5FD1-46F9-7E4FCBBECD9B} - (no file)
O2 - BHO: (no name) - {6284824B-44A5-4E9F-EC3D-D516A453991C} - (no file)
O2 - BHO: (no name) - {629FEEBC-8D1F-BA64-26C3-686D45062880} - (no file)
O2 - BHO: (no name) - {631A4540-2042-D857-2571-DD87935DB588} - (no file)
O2 - BHO: (no name) - {64DA9837-FB36-C3F8-5C2D-B2B3204EB254} - (no file)
O2 - BHO: (no name) - {66BC6227-B851-2929-8008-EE055DC63DBF} - (no file)
O2 - BHO: (no name) - {67963FF8-29E8-0CE5-8A74-A47B4CB75963} - (no file)
O2 - BHO: (no name) - {67C20972-97E2-F33C-1230-394038D59AC3} - (no file)
O2 - BHO: (no name) - {67C3D253-86E0-3455-99E5-3DD535E435E7} - (no file)
O2 - BHO: (no name) - {6ECE769B-2D3C-88D4-F30D-E4D2878957F1} - (no file)
O2 - BHO: (no name) - {6F602FD6-D87A-FBB2-6E16-961DD4CD1331} - (no file)
O2 - BHO: (no name) - {72C86761-41FA-2CE6-013C-818A177372CF} - (no file)
O2 - BHO: (no name) - {7561BD5A-4319-21D1-6A49-CBCE972E06E8} - (no file)
O2 - BHO: (no name) - {765E05A1-70B8-85E1-675A-5C50FEC0938C} - (no file)
O2 - BHO: (no name) - {785049AB-40E2-B10B-F9E3-2408A16CBAA2} - (no file)
O2 - BHO: (no name) - {790661EE-2B1A-4CDD-90DD-8C75878BD256} - (no file)
O2 - BHO: (no name) - {825BF029-3C62-6A52-430D-BA42846F1741} - (no file)
O2 - BHO: (no name) - {8391BB4C-902C-341B-1536-94FBF69BF523} - (no file)
O2 - BHO: (no name) - {86C7E47D-8CC4-EC0F-E889-9B5424CA008C} - (no file)
O2 - BHO: (no name) - {86F9C2EC-C72F-6F42-D347-7847B66F4535} - (no file)
O2 - BHO: (no name) - {877CAAEB-2293-602B-7876-793995AAE631} - (no file)
O2 - BHO: (no name) - {883B6F6B-1236-FC72-D1A0-9569E99595C6} - (no file)
O2 - BHO: (no name) - {8BB4CD35-4317-18A3-AE58-1B39B48E91E8} - (no file)
O2 - BHO: (no name) - {8EAD04F4-5BB3-9C45-58C9-26C339B63513} - (no file)
O2 - BHO: (no name) - {908C94A7-18BA-B64A-8430-A47DE5203985} - (no file)
O2 - BHO: (no name) - {94277844-A490-FE2F-D4E1-AA6BD7A7D46F} - (no file)
O2 - BHO: (no name) - {987B8229-55C1-631B-7094-093741C88E5A} - (no file)
O2 - BHO: (no name) - {9A81ADE0-5E7F-0E4E-78B9-FD1D291D1B99} - (no file)
O2 - BHO: (no name) - {9B11A21A-3C68-C3A2-1680-1EEA00DE213C} - (no file)
O2 - BHO: (no name) - {9DB19568-2B3F-C178-5B77-2E3940654587} - (no file)
O2 - BHO: (no name) - {9FC679E2-2849-D6F8-4CAF-D99E5CE3512F} - (no file)
O2 - BHO: (no name) - {A010DBE2-CC3D-9634-88DD-0AC37058D49B} - (no file)
O2 - BHO: (no name) - {A1721474-060F-02FE-322F-375BB4E0598B} - (no file)
O2 - BHO: (no name) - {A4842560-CE4E-8858-6B28-E50CEB6F759E} - (no file)
O2 - BHO: (no name) - {A6A63A0E-EAB8-DFAA-6C65-1535AF6EE089} - (no file)
O2 - BHO: (no name) - {A6B28178-FDEC-9648-8BCA-0112C88FB2B4} - (no file)
O2 - BHO: (no name) - {A97F3FDF-D067-02D7-9B41-A262368C2E2C} - (no file)
O2 - BHO: (no name) - {AA1485D7-515B-7E22-9DA5-B4E151317124} - (no file)
O2 - BHO: (no name) - {B012290B-F6CB-AE54-0C3F-C8D408BBF992} - (no file)
O2 - BHO: (no name) - {B77E50A7-B32B-750C-907E-92AD1F76461E} - (no file)
O2 - BHO: (no name) - {BB89D6CC-E122-D820-6D84-036A8D4E2E6C} - (no file)
O2 - BHO: (no name) - {BBD4B1ED-009C-EF4B-86D3-0913CFEE88F4} - (no file)
O2 - BHO: (no name) - {BC234570-5592-DEEC-F787-4BF76F57427B} - (no file)
O2 - BHO: (no name) - {BC92A8D6-EC15-3C14-13BB-52BEF3DFBFA6} - (no file)
O2 - BHO: (no name) - {BFC37431-DFCB-61A3-0285-957EFA484789} - (no file)
O2 - BHO: (no name) - {C2D83BCC-E8FB-1D08-4A94-DED9CA9321F5} - (no file)
O2 - BHO: (no name) - {C40122F1-A8B0-A3C3-6FB0-84B04256A6CB} - (no file)
O2 - BHO: (no name) - {C88E18E6-5C3C-F769-DC70-D84B6F21ECCE} - (no file)
O2 - BHO: (no name) - {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} - C:\WINDOWS\system32\efccbbx.dll
O2 - BHO: (no name) - {CAF26EC5-E0AD-49E5-5C3C-D6D5210B1C3D} - (no file)
O2 - BHO: (no name) - {CBAA4450-710E-86CC-89DB-00D04CC21EAE} - (no file)
O2 - BHO: (no name) - {CF550B9D-3735-B065-B10F-6FBED6C70DA4} - (no file)
O2 - BHO: (no name) - {D4B0AF48-35C4-E717-AE73-79D57465592B} - (no file)
O2 - BHO: (no name) - {D8F15E7B-9A97-CCE6-52A9-BC9615F22B63} - (no file)
O2 - BHO: (no name) - {D909FA9D-7AE6-6B2A-B820-22D8EBB261F2} - (no file)
O2 - BHO: (no name) - {DD3F3226-DC4D-6D02-9FF9-D05AE7EAF09A} - (no file)
O2 - BHO: (no name) - {E0C178B2-8454-511A-88BC-EADF5E5B5094} - (no file)
O2 - BHO: (no name) - {E0DD7A95-1DF5-210A-C8D1-D9AB86BD9109} - (no file)
O2 - BHO: (no name) - {E8D32FF6-E55B-43E7-180C-D9B8824CCF0E} - (no file)
O2 - BHO: (no name) - {EAEB9F05-39AB-4A50-B9D6-BA9972EE4D0F} - (no file)
O2 - BHO: (no name) - {EC39DD52-F8A2-5571-407F-A39AEDE13BB3} - (no file)
O2 - BHO: (no name) - {F18B8F19-2940-0876-54D4-FBE52283D28C} - (no file)
O2 - BHO: (no name) - {F491206F-874D-A508-8965-52DD77E58735} - (no file)
O2 - BHO: (no name) - {F741EAF7-6D33-0ABE-BCF4-5C3371DBD34A} - (no file)
O2 - BHO: (no name) - {FA368488-8008-3889-4E2F-86BBFD486BD2} - (no file)
O2 - BHO: (no name) - {FD350929-ABF9-B29E-4912-9CF55B4CB92A} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [syskh32.exe] C:\WINDOWS\syskh32.exe
O4 - HKLM\..\Run: [sdkwq32.exe] C:\WINDOWS\system32\sdkwq32.exe
O4 - HKLM\..\Run: [msld32.exe] C:\WINDOWS\system32\msld32.exe
O4 - HKLM\..\Run: [mfcml32.exe] C:\WINDOWS\mfcml32.exe
O4 - HKLM\..\Run: [mfcbi32.exe] C:\WINDOWS\system32\mfcbi32.exe
O4 - HKLM\..\Run: [javabx32.exe] C:\WINDOWS\javabx32.exe
O4 - HKLM\..\Run: [ipnz.exe] C:\WINDOWS\system32\ipnz.exe
O4 - HKLM\..\Run: [ipcw32.exe] C:\WINDOWS\system32\ipcw32.exe
O4 - HKLM\..\Run: [d3tu.exe] C:\WINDOWS\system32\d3tu.exe
O4 - HKLM\..\Run: [d3fz.exe] C:\WINDOWS\system32\d3fz.exe
O4 - HKLM\..\Run: [atlue.exe] C:\WINDOWS\atlue.exe
O4 - HKLM\..\Run: [addmr.exe] C:\WINDOWS\system32\addmr.exe
O4 - HKLM\..\Run: [syskh32 .exe] C:\WINDOWS\syskh32 .exe
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O20 - Winlogon Notify: efccbbx - C:\WINDOWS\SYSTEM32\efccbbx.dll
Click to expand...
- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis
OTMoveIt
Please download OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\efccbbx.dll
    C:\WINDOWS\syskh32.exe
    C:\WINDOWS\system32\sdkwq32.exe
    C:\WINDOWS\system32\msld32.exe
    C:\WINDOWS\mfcml32.exe
    C:\WINDOWS\system32\mfcbi32.exe
    C:\WINDOWS\javabx32.exe
    C:\WINDOWS\system32\ipnz.exe
    C:\WINDOWS\system32\ipcw32.exe
    C:\WINDOWS\system32\d3tu.exe
    C:\WINDOWS\system32\d3fz.exe
    C:\WINDOWS\atlue.exe
    C:\WINDOWS\system32\addmr.exe
    C:\WINDOWS\syskh32 .exe
  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
  • Copy and paste the contents of the results box as a reply to this topic
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\\_OTMoveIt\\MovedFiles\\********_******.log
(where "********_******" is the "date_time")

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
 
LoadLibrary failed for C:\WINDOWS\system32\efccbbx.dll
C:\WINDOWS\system32\efccbbx.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\efccbbx.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\syskh32.exe not found.
File/Folder C:\WINDOWS\system32\sdkwq32.exe not found.
File/Folder C:\WINDOWS\system32\msld32.exe not found.
C:\WINDOWS\mfcml32.exe moved successfully.
C:\WINDOWS\system32\mfcbi32.exe moved successfully.
File/Folder C:\WINDOWS\javabx32.exe not found.
File/Folder C:\WINDOWS\system32\ipnz.exe not found.
File/Folder C:\WINDOWS\system32\ipcw32.exe not found.
File/Folder C:\WINDOWS\system32\d3tu.exe not found.
File/Folder C:\WINDOWS\system32\d3fz.exe not found.
File/Folder C:\WINDOWS\atlue.exe not found.
File/Folder C:\WINDOWS\system32\addmr.exe not found.
C:\WINDOWS\syskh32 .exe moved successfully.

Created on 01/15/2008 19:18:01
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:05 AM, on 1/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\winwb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\crzq32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DWHWIZRD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\tbwfe.dll/sp.html#37049%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tbwfe.dll/sp.html#37049%resultposition.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\tbwfe.dll/sp.html#37049%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\tbwfe.dll/sp.html#37049%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tbwfe.dll/sp.html#37049%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tbwfe.dll/sp.html#37049%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tbwfe.dll/sp.html#37049%resultposition.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {04287934-A971-5C77-BE0B-64B36D512D6F} - (no file)
O2 - BHO: (no name) - {0442E405-0105-7F0E-EF25-907454BCBB4D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {07DCD1F0-3431-2061-572B-9CC2066EF30E} - C:\WINDOWS\system32\addiz.dll
O2 - BHO: (no name) - {091233C4-3803-DBCD-4580-0207D9AA1206} - (no file)
O2 - BHO: (no name) - {0C0D6C5B-A2B0-EE72-16BD-682109DA9713} - (no file)
O2 - BHO: Class - {0DCF4509-1BA4-77B1-B91E-92F03745591F} - C:\WINDOWS\system32\crib.dll
O2 - BHO: (no name) - {0F99594E-3E64-11CB-0E07-AF9D53A31A55} - (no file)
O2 - BHO: (no name) - {11CA3B87-457E-0939-FDEA-0DA8F81A41BB} - (no file)
O2 - BHO: (no name) - {1446CAF7-D2B9-3F02-EFF6-939AF47CF05D} - (no file)
O2 - BHO: (no name) - {145E2E36-9557-E8ED-B3E6-8C523800B7CE} - (no file)
O2 - BHO: (no name) - {160292A8-8482-FF8D-4D84-FBB413F28A39} - (no file)
O2 - BHO: (no name) - {16D199C7-F235-942C-E7CD-484759928237} - (no file)
O2 - BHO: (no name) - {1A478816-E063-0971-D763-1BABBFD87872} - (no file)
O2 - BHO: (no name) - {1A53E9E2-4A89-992E-61C3-DDF211A2FDE8} - (no file)
O2 - BHO: (no name) - {1B86035E-F039-33BA-B60C-D015083C16FD} - (no file)
O2 - BHO: (no name) - {1CC8EB30-F759-1F87-50B7-491167381C87} - (no file)
O2 - BHO: (no name) - {2285B198-6B1E-F3E9-EDB0-C1211C68788F} - (no file)
O2 - BHO: (no name) - {22913B6F-2B1A-9876-9E3D-460FBCE942CE} - (no file)
O2 - BHO: Class - {24A9B7CC-0A40-BEE6-67C3-A5771F0A62F7} - C:\WINDOWS\system32\atlba32.dll
O2 - BHO: (no name) - {28742345-13C2-102C-4537-3BD6EC5E7371} - (no file)
O2 - BHO: (no name) - {2E2DE423-5FF9-C089-BD91-26C677AA0E2A} - (no file)
O2 - BHO: (no name) - {30A9ADD5-7E61-D29C-8F16-BC8A3DD7C359} - (no file)
O2 - BHO: (no name) - {321EE590-67C6-6B11-CCA5-70323A77E2B6} - (no file)
O2 - BHO: (no name) - {337E0629-2148-2599-602E-569DE2D76764} - (no file)
O2 - BHO: (no name) - {3798A552-6CBC-1C98-D30E-30A4F43F481A} - (no file)
O2 - BHO: (no name) - {38D535E7-72D4-DD46-13C5-9089C149112E} - (no file)
O2 - BHO: (no name) - {3959283E-C72B-D2BA-8167-B27A8FA8F55B} - (no file)
O2 - BHO: (no name) - {41196237-BC88-9E50-C0A8-41D2474D43DF} - (no file)
O2 - BHO: (no name) - {43E8A121-AE71-CB7B-0B5A-F99FA66D6EDF} - (no file)
O2 - BHO: (no name) - {456A683C-2EFD-6989-F755-F01E8A079425} - (no file)
O2 - BHO: (no name) - {46306F43-25AC-5BDC-CDF9-597FEDDF51F2} - (no file)
O2 - BHO: (no name) - {47935C05-7BB4-F289-792A-378C625D2B94} - (no file)
O2 - BHO: (no name) - {48824338-44C0-7912-89AA-850C0E0875C0} - (no file)
O2 - BHO: (no name) - {4B32A432-7AED-32E2-A1C8-FB0690AC63E5} - (no file)
O2 - BHO: (no name) - {4E3A0B61-A1A3-6D56-30CE-CF0A5B8BF78A} - (no file)
O2 - BHO: (no name) - {50CD8E84-A084-B58F-5E7E-738A3D10E2B3} - (no file)
O2 - BHO: (no name) - {51365430-633C-3E97-DEE5-CC369E4261D1} - (no file)
O2 - BHO: (no name) - {51A6B4D2-D0E3-4310-535C-BD6BA4535B56} - (no file)
O2 - BHO: (no name) - {538EC479-940F-6ECF-F256-A2FBF6BF035B} - (no file)
O2 - BHO: (no name) - {543E5DEC-9A89-6C8C-67AC-D0B02ABB10D6} - (no file)
O2 - BHO: (no name) - {54595623-DD6E-DF6D-5647-D57D6B2CFEEB} - (no file)
O2 - BHO: (no name) - {55C0B313-E6AB-E4D4-4CB9-5DA79926F43C} - (no file)
O2 - BHO: (no name) - {58766EEB-28FF-2649-FB38-0338B821DD25} - (no file)
O2 - BHO: (no name) - {59658A25-7B74-EDCF-F455-A75FF0E4C8BE} - (no file)
O2 - BHO: (no name) - {597A992E-DA16-8D00-4005-2D68DF9AD305} - (no file)
O2 - BHO: (no name) - {598A5F00-4A66-99FC-2B27-4167ACFF6680} - (no file)
O2 - BHO: (no name) - {5B791DC9-4315-DB99-ED8F-D81BA733A257} - (no file)
O2 - BHO: (no name) - {5CE2DA69-80D8-5FD1-46F9-7E4FCBBECD9B} - (no file)
O2 - BHO: (no name) - {5FDE86BE-CDD8-F674-36B1-B4FB01197E45} - (no file)
O2 - BHO: (no name) - {6284824B-44A5-4E9F-EC3D-D516A453991C} - (no file)
O2 - BHO: (no name) - {629FEEBC-8D1F-BA64-26C3-686D45062880} - (no file)
O2 - BHO: (no name) - {631A4540-2042-D857-2571-DD87935DB588} - (no file)
O2 - BHO: (no name) - {6324094F-2875-EF02-7B79-E44ABD6291EB} - (no file)
O2 - BHO: (no name) - {64DA9837-FB36-C3F8-5C2D-B2B3204EB254} - (no file)
O2 - BHO: (no name) - {66BC6227-B851-2929-8008-EE055DC63DBF} - (no file)
O2 - BHO: (no name) - {67963FF8-29E8-0CE5-8A74-A47B4CB75963} - (no file)
O2 - BHO: (no name) - {67C20972-97E2-F33C-1230-394038D59AC3} - (no file)
O2 - BHO: (no name) - {67C3D253-86E0-3455-99E5-3DD535E435E7} - (no file)
O2 - BHO: (no name) - {6839647D-EE2D-EC37-AA49-65E2C173122E} - (no file)
O2 - BHO: (no name) - {6ECE769B-2D3C-88D4-F30D-E4D2878957F1} - (no file)
O2 - BHO: (no name) - {6F602FD6-D87A-FBB2-6E16-961DD4CD1331} - (no file)
O2 - BHO: (no name) - {70F4CAF4-4E04-377E-0533-479405EDF8DF} - (no file)
O2 - BHO: (no name) - {72C86761-41FA-2CE6-013C-818A177372CF} - (no file)
O2 - BHO: (no name) - {7561BD5A-4319-21D1-6A49-CBCE972E06E8} - (no file)
O2 - BHO: (no name) - {765E05A1-70B8-85E1-675A-5C50FEC0938C} - (no file)
O2 - BHO: (no name) - {785049AB-40E2-B10B-F9E3-2408A16CBAA2} - (no file)
O2 - BHO: (no name) - {790661EE-2B1A-4CDD-90DD-8C75878BD256} - (no file)
O2 - BHO: (no name) - {7938C125-86C7-3991-4ABC-FC6489F1D5A4} - (no file)
O2 - BHO: (no name) - {7B6574F7-6A9E-BCF5-6CA2-4CE75F164568} - (no file)
O2 - BHO: (no name) - {81987654-9403-AFD0-0AE8-55FE907D9846} - (no file)
O2 - BHO: (no name) - {825BF029-3C62-6A52-430D-BA42846F1741} - (no file)
O2 - BHO: (no name) - {8391BB4C-902C-341B-1536-94FBF69BF523} - (no file)
O2 - BHO: (no name) - {86C7E47D-8CC4-EC0F-E889-9B5424CA008C} - (no file)
O2 - BHO: (no name) - {86F9C2EC-C72F-6F42-D347-7847B66F4535} - (no file)
O2 - BHO: (no name) - {877CAAEB-2293-602B-7876-793995AAE631} - (no file)
O2 - BHO: (no name) - {883B6F6B-1236-FC72-D1A0-9569E99595C6} - (no file)
O2 - BHO: (no name) - {8A805C25-C0B7-1426-1D24-BC93152A99CA} - (no file)
O2 - BHO: (no name) - {8BB4CD35-4317-18A3-AE58-1B39B48E91E8} - (no file)
O2 - BHO: (no name) - {8EAD04F4-5BB3-9C45-58C9-26C339B63513} - (no file)
O2 - BHO: (no name) - {904C63F5-2041-CB09-DEEA-722D9B6F8DEF} - (no file)
O2 - BHO: (no name) - {908C94A7-18BA-B64A-8430-A47DE5203985} - (no file)
O2 - BHO: (no name) - {94277844-A490-FE2F-D4E1-AA6BD7A7D46F} - (no file)
O2 - BHO: (no name) - {987B8229-55C1-631B-7094-093741C88E5A} - (no file)
O2 - BHO: (no name) - {990B604D-7FC6-4E0B-4697-C2038F4CCF1A} - (no file)
O2 - BHO: (no name) - {9A81ADE0-5E7F-0E4E-78B9-FD1D291D1B99} - (no file)
O2 - BHO: (no name) - {9B11A21A-3C68-C3A2-1680-1EEA00DE213C} - (no file)
O2 - BHO: (no name) - {9CD671F4-EDF9-74CB-0600-1C50A9A949DB} - (no file)
O2 - BHO: (no name) - {9DB19568-2B3F-C178-5B77-2E3940654587} - (no file)
O2 - BHO: (no name) - {9E10B616-D6A4-32D5-95E7-6F227792C942} - (no file)
O2 - BHO: (no name) - {9FC679E2-2849-D6F8-4CAF-D99E5CE3512F} - (no file)
O2 - BHO: (no name) - {A010DBE2-CC3D-9634-88DD-0AC37058D49B} - (no file)
O2 - BHO: (no name) - {A0FBF6A7-DE21-3235-7B76-A7427D953750} - (no file)
O2 - BHO: (no name) - {A1721474-060F-02FE-322F-375BB4E0598B} - (no file)
O2 - BHO: (no name) - {A4842560-CE4E-8858-6B28-E50CEB6F759E} - (no file)
O2 - BHO: (no name) - {A6A63A0E-EAB8-DFAA-6C65-1535AF6EE089} - (no file)
O2 - BHO: (no name) - {A6B28178-FDEC-9648-8BCA-0112C88FB2B4} - (no file)
O2 - BHO: (no name) - {A97F3FDF-D067-02D7-9B41-A262368C2E2C} - (no file)
O2 - BHO: (no name) - {AA1485D7-515B-7E22-9DA5-B4E151317124} - (no file)
O2 - BHO: (no name) - {B012290B-F6CB-AE54-0C3F-C8D408BBF992} - (no file)
O2 - BHO: (no name) - {B2910F05-038C-486E-FBFF-413E6227ADD1} - (no file)
O2 - BHO: (no name) - {B77E50A7-B32B-750C-907E-92AD1F76461E} - (no file)
O2 - BHO: (no name) - {BAA0D3EB-6EAA-378D-EABD-428A8C6CBCDC} - (no file)
O2 - BHO: (no name) - {BB89D6CC-E122-D820-6D84-036A8D4E2E6C} - (no file)
O2 - BHO: (no name) - {BBD4B1ED-009C-EF4B-86D3-0913CFEE88F4} - (no file)
O2 - BHO: (no name) - {BC234570-5592-DEEC-F787-4BF76F57427B} - (no file)
O2 - BHO: (no name) - {BC92A8D6-EC15-3C14-13BB-52BEF3DFBFA6} - (no file)
O2 - BHO: (no name) - {BFC37431-DFCB-61A3-0285-957EFA484789} - (no file)
O2 - BHO: (no name) - {C16A3BC1-3735-D21D-1A52-FEFF22B1C68D} - (no file)
O2 - BHO: (no name) - {C2D83BCC-E8FB-1D08-4A94-DED9CA9321F5} - (no file)
O2 - BHO: (no name) - {C40122F1-A8B0-A3C3-6FB0-84B04256A6CB} - (no file)
O2 - BHO: (no name) - {C52D30F2-904E-81B9-D7AC-17963F2377E2} - (no file)
O2 - BHO: (no name) - {C88E18E6-5C3C-F769-DC70-D84B6F21ECCE} - (no file)
O2 - BHO: (no name) - {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} - C:\WINDOWS\system32\efccbbx.dll
O2 - BHO: (no name) - {CAF26EC5-E0AD-49E5-5C3C-D6D5210B1C3D} - (no file)
O2 - BHO: (no name) - {CBAA4450-710E-86CC-89DB-00D04CC21EAE} - (no file)
O2 - BHO: (no name) - {CF550B9D-3735-B065-B10F-6FBED6C70DA4} - (no file)
O2 - BHO: (no name) - {D01EB853-7FC4-C7B4-95AA-53BAD27A97DA} - (no file)
O2 - BHO: (no name) - {D4B0AF48-35C4-E717-AE73-79D57465592B} - (no file)
O2 - BHO: (no name) - {D8F15E7B-9A97-CCE6-52A9-BC9615F22B63} - (no file)
O2 - BHO: (no name) - {D909FA9D-7AE6-6B2A-B820-22D8EBB261F2} - (no file)
O2 - BHO: (no name) - {DD1CD344-53BC-538C-29F8-735DE0877DBC} - (no file)
O2 - BHO: (no name) - {DD3F3226-DC4D-6D02-9FF9-D05AE7EAF09A} - (no file)
O2 - BHO: (no name) - {DF81C44D-3E60-F698-D3FF-CB7B4BFB1DFB} - (no file)
O2 - BHO: (no name) - {E0C178B2-8454-511A-88BC-EADF5E5B5094} - (no file)
O2 - BHO: (no name) - {E0DD7A95-1DF5-210A-C8D1-D9AB86BD9109} - (no file)
O2 - BHO: (no name) - {E8D32FF6-E55B-43E7-180C-D9B8824CCF0E} - (no file)
O2 - BHO: (no name) - {EAEB9F05-39AB-4A50-B9D6-BA9972EE4D0F} - (no file)
O2 - BHO: (no name) - {EB59BAC7-F27F-4FA7-991F-75DC4F9CDA22} - (no file)
O2 - BHO: (no name) - {EC39DD52-F8A2-5571-407F-A39AEDE13BB3} - (no file)
O2 - BHO: (no name) - {EDB1B83C-64AB-D985-F976-8699D7564855} - (no file)
O2 - BHO: (no name) - {F18B8F19-2940-0876-54D4-FBE52283D28C} - (no file)
O2 - BHO: (no name) - {F491206F-874D-A508-8965-52DD77E58735} - (no file)
O2 - BHO: (no name) - {F4A66BE4-1A9C-2818-9E39-14600AA3DE7A} - (no file)
O2 - BHO: (no name) - {F4CE5648-E5DD-D1F9-9277-3B9D22AB9F2A} - (no file)
O2 - BHO: (no name) - {F741EAF7-6D33-0ABE-BCF4-5C3371DBD34A} - (no file)
O2 - BHO: (no name) - {FA368488-8008-3889-4E2F-86BBFD486BD2} - (no file)
O2 - BHO: (no name) - {FD350929-ABF9-B29E-4912-9CF55B4CB92A} - (no file)
O2 - BHO: (no name) - {FEB483F5-8A5D-3258-6771-68C68254E839} - (no file)
O2 - BHO: (no name) - {FF52343D-FFCF-6EB3-A181-B08A3DCB6B9A} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [mfcml32.exe] C:\WINDOWS\mfcml32.exe
O4 - HKLM\..\Run: [ipcw32.exe] C:\WINDOWS\system32\ipcw32.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [winwb.exe] C:\WINDOWS\winwb.exe
O4 - HKLM\..\RunOnce: [crzq32.exe] C:\WINDOWS\crzq32.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?c5f405dbb6a1442db7a5bde94d8eb4db
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?c5f405dbb6a1442db7a5bde94d8eb4db
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177000541031
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
O20 - Winlogon Notify: efccbbx - C:\WINDOWS\SYSTEM32\efccbbx.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apifn.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 16674 bytes


Here is the new HJT log. I am sorry it takes so long to get you the info you need but this computer is like a turtle now. Thanks again for your time.
 
The only step left i have to do is the combo fix. I will be doing that after i get the kids to school. I checked and fixed everything you asked. Thanks for taking the time to figure that out.
 
If you haven't run ComboFix yet, please do the following

Click Start >> Run
either copy/paste, or carefully type the following

"%userprofile%\desktop\combofix.exe" /killall (include the quotation " marks)

If you have already run it, no problem just post the log
 
When i try and run that command it says please wait. i left it for a few hours and came back to the same thing. I am rebooting and will try again.
 
You must log in or register to reply here.
Back
Top