 |  |  |  |  |  |  |  |
help clean up this PC
 |
This is a friends PC and he said it has been running slow lately so the topic says it all, please help and thnak you in advance. Here is his HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:49 PM, on 1/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:..WINNT..System32..smss.exe
C:..WINNT..system32..winlogon.exe
C:..WINNT..system32..services.exe
C:..WINNT..system32..lsass.exe
C:..WINNT..system32..svchost.exe
C:..WINNT..System32..svchost.exe
C:..WINNT..system32..spoolsv.exe
C:..Program Files..Citrix..ICA Client..ssonsvr.exe
C:..WINNT..system32..devldr32.exe
C:..WINNT..Explorer.EXE
C:..Program Files..Creative..ShareDLL..CtNotify.exe
C:..Program Files..Eset..nod32kui.exe
C:..Program Files..Java..jre1.6.0_02..bin..jusched.exe
C:..Program Files..QuickTime..qttask.exe
C:..WINNT..system32..ctfmon.exe
C:..Program Files..Messenger..msmsgs.exe
C:..Program Files..AIM6..aim6.exe
C:..Program Files..Creative..ShareDLL..MediaDet.Exe
C:..Program Files..Sony..Sony Picture Utility..VolumeWatcher..SPUVolumeWatcher.exe
C:..Program Files..AIM6..aolsoftware.exe
C:..WINNT..System32..PackethSvc.exe
C:..PROGRA~1..COMMON~1..AOL..ACS..acsd.exe
C:..Program Files..Common Files..Apple..Mobile Device Support..bin..AppleMobileDeviceService.exe
C:..WINNT..System32..CTsvcCDA.exe
C:..Program Files..Eset..nod32krn.exe
C:..WINNT..System32..nvsvc32.exe
C:..WINNT..System32..svchost.exe
C:..Program Files..Viewpoint..Common..ViewpointService.exe
C:..WINNT..wanmpsvc.exe
C:..Program Files..Viewpoint..Viewpoint Manager..ViewMgr.exe
C:..Program Files..QdrPack..QdrPack12.exe
C:..Program Files..Java..jre1.6.0_02..bin..jucheck.exe
C:..Program Files..Common Files..Real..Update_OB..realsched.exe
C:..WINNT..svchost.exe
C:..Program Files..Ventrilo..Ventrilo.exe
C:..Program Files..Steam..steam.exe
C:..Program Files..Internet Explorer..iexplore.exe
C:..Program Files..Hewlett-Packard..HP Share-to-Web..hpgs2wnf.exe
C:..Program Files..Internet Explorer..iexplore.exe
C:..Documents and Settings..Jim..My Documents..HiJackThis.exe
R0 - HKCU..Software..Microsoft..Internet Explorer..Main,Start Page = http://www.comcast.net/
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM..Software..Microsoft..Internet Explorer..Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM..Software..Microsoft..Internet Explorer..Search,SearchAssistant = http://as.starware.com/dp/search?x=w...h7AfA98Gm4Me69
ZMbubcDODB5xmjBn4fP/Dl3EZSINe2YdgjektiM1iBrUpgh7WcPwSF0NW9JUeXlHdjXjk7pg+laRfEF
cC9ycBhQvFkIN+3LSw4M/EeDJ2ghlgeW0+z23Zftzr/IbEpc9w+1z761N4ICspjzFA0jfgeMJ
VBHrSk3jRc5mkAE
R1 - HKCU..Software..Microsoft..Internet Explorer..SearchURL,(Default) = http://as.starware.com/dp/search?x=w...dWpSlz2q9Dzn13
Emww/Ywt/2xYhTlJWsBlSAONGafHSsg6hBNDdsOtwwJGapm6MwqXON+wFbvXgPGF
eENd/0h+bCY+feJ93Q=
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
F3 - REG:win.ini: load=C:..WINNT..svchost.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:..Program Files..Yahoo!..Companion..Installs..cpn..ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:..Program Files..Adobe..Acrobat 5.0..Reader..ActiveX..AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:..PROGRA~1..SPYBOT~1..SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:..Program Files..Java..jre1.6.0_02..bin..ssv.dll
O2 - BHO: BndBlock4 BHO Class - {8F9E2BE3-766D-4831-BB0E-766D5B819995} - C:..Program Files..QdrDrive..QdrDrive9.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:..Program Files..Viewpoint..Viewpoint Toolbar..3.8.0..ViewBarBHO.dll
O2 - BHO: (no name) - {E434D3C7-A673-4100-8140-79C020945017} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:..Program Files..Microsoft Money..System..mnyviewer.dll
O3 - Toolbar: (no name) - {53829F91-1B06-4DB9-B13E-812A986169F9} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:..Program Files..Yahoo!..Companion..Installs..cpn..ycomp5_5_7_0.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:..Program Files..Common Files..Viewpoint..Toolbar Runtime..3.8.0..IEViewBar.dll
O4 - HKLM......Run: [Disc Detector] C:..Program Files..Creative..ShareDLL..CtNotify.exe
O4 - HKLM......Run: [nod32kui] "C:..Program Files..Eset..nod32kui.exe" /WAITSERVICE
O4 - HKLM......Run: [SunJavaUpdateSched] "C:..Program Files..Java..jre1.6.0_02..bin..jusched.exe"
O4 - HKLM......Run: [QuickTime Task] "C:..Program Files..QuickTime..qttask.exe" -atboottime
O4 - HKLM......Run: [TkBellExe] "C:..Program Files..Common Files..Real..Update_OB..realsched.exe" -osboot
O4 - HKCU......Run: [ctfmon.exe] C:..WINNT..system32..ctfmon.exe
O4 - HKCU......Run: [MSMSGS] "C:..Program Files..Messenger..msmsgs.exe" /background
O4 - HKCU......Run: [Steam] "c:..program files..steam..steam.exe" -silent
O4 - HKCU......Run: [Aim6] "C:..Program Files..AIM6..aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU......Run: [QdrModule11] "C:..Program Files..QdrModule..QdrModule11.exe"
O4 - HKCU......Run: [QdrPack12] "C:..Program Files..QdrPack..QdrPack12.exe"
O4 - HKUS..S-1-5-21-3962937336-3133978997-4149289120-1003......Ru
n: [MSMSGS] "C:..Program Files..Messenger..msmsgs.exe" /background (User '?')
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:..Program Files..Sony..Sony Picture Utility..VolumeWatcher..SPUVolumeWatcher.exe
O4 - Global Startup: America Online 6.0 Tray Icon.lnk = C:..Program Files..America Online 6.0a..aoltray.exe
O6 - HKCU..Software..Policies..Microsoft..Internet Explorer..Restrictions present
O6 - HKCU..Software..Policies..Microsoft..Internet Explorer..Control Panel present
O8 - Extra context menu item: &Search - ?p=ZB
O8 - Extra context menu item: &Viewpoint Search - res://C:..Program Files..Viewpoint..Viewpoint Toolbar..ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Look Up in &Encyclopedia - C:..Program Files..Common Files..Microsoft Shared..Reference 2001..A..ERS_ENC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:..Program Files..Java..jre1.6.0_02..bin..ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:..Program Files..Java..jre1.6.0_02..bin..ssv.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:..Program Files..Common Files..Microsoft Shared..Reference 2001..A..ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:..Program Files..Common Files..Microsoft Shared..Reference 2001..A..ERS_ENC.HTM
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:..Program Files..Microsoft Money..System..mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:..Program Files..Messenger..msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:..Program Files..Messenger..msmsgs.exe
O10 - Unknown file in Winsock LSP: c:..winnt..system32..nwprovau.dll
O12 - Plugin for .spop: C:..Program Files..Internet Explorer..Plugins..NPDocBox.dll
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://66.48.68.135/save/makeover.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:..counter.cab
O16 - DPF: {3CC943C7-3C99-11D4-8135-0050041A5144} (RunExeActiveX.UserControl1) - file://C:..Program Files..Gateway..HelpSpot..RunExeActiveX.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...housecall.tren
dmicro.com/housecall/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - file://C:..Program Files..Gateway..HelpSpot..StartFirstControl.CAB
O16 - DPF: {CE37E095-ACFF-4380-A856-A560D389E5E1} (XPLControlProject.XPLControl) - file://C:..Program Files..Gateway..HelpSpot..XPLControl.CAB
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:..Program Files..RcvSystem..httpdchk.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:..PROGRA~1..COMMON~1..AOL..ACS..acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:..Program Files..Common Files..Apple..Mobile Device Support..bin..AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:..WINNT..System32..CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:..Program Files..Common Files..InstallShield..Driver..11..Intel 32..IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:..WINNT..System32..ImapiRox.exe
O23 - Service: iPod Service - Unknown owner - C:..Program Files..iPod..bin..iPodService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:..Program Files..Eset..nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:..WINNT..System32..nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:..WINNT..System32..PackethSvc.exe
O23 - Service: PictureTaker - Unknown owner - c:..fixit..pt..PCTKRNT.SYS (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:..WINNT..System32..HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:..Program Files..Viewpoint..Common..ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:..WINNT..wanmpsvc.exe
--
End of file - 9961 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:49 PM, on 1/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:..WINNT..System32..smss.exe
C:..WINNT..system32..winlogon.exe
C:..WINNT..system32..services.exe
C:..WINNT..system32..lsass.exe
C:..WINNT..system32..svchost.exe
C:..WINNT..System32..svchost.exe
C:..WINNT..system32..spoolsv.exe
C:..Program Files..Citrix..ICA Client..ssonsvr.exe
C:..WINNT..system32..devldr32.exe
C:..WINNT..Explorer.EXE
C:..Program Files..Creative..ShareDLL..CtNotify.exe
C:..Program Files..Eset..nod32kui.exe
C:..Program Files..Java..jre1.6.0_02..bin..jusched.exe
C:..Program Files..QuickTime..qttask.exe
C:..WINNT..system32..ctfmon.exe
C:..Program Files..Messenger..msmsgs.exe
C:..Program Files..AIM6..aim6.exe
C:..Program Files..Creative..ShareDLL..MediaDet.Exe
C:..Program Files..Sony..Sony Picture Utility..VolumeWatcher..SPUVolumeWatcher.exe
C:..Program Files..AIM6..aolsoftware.exe
C:..WINNT..System32..PackethSvc.exe
C:..PROGRA~1..COMMON~1..AOL..ACS..acsd.exe
C:..Program Files..Common Files..Apple..Mobile Device Support..bin..AppleMobileDeviceService.exe
C:..WINNT..System32..CTsvcCDA.exe
C:..Program Files..Eset..nod32krn.exe
C:..WINNT..System32..nvsvc32.exe
C:..WINNT..System32..svchost.exe
C:..Program Files..Viewpoint..Common..ViewpointService.exe
C:..WINNT..wanmpsvc.exe
C:..Program Files..Viewpoint..Viewpoint Manager..ViewMgr.exe
C:..Program Files..QdrPack..QdrPack12.exe
C:..Program Files..Java..jre1.6.0_02..bin..jucheck.exe
C:..Program Files..Common Files..Real..Update_OB..realsched.exe
C:..WINNT..svchost.exe
C:..Program Files..Ventrilo..Ventrilo.exe
C:..Program Files..Steam..steam.exe
C:..Program Files..Internet Explorer..iexplore.exe
C:..Program Files..Hewlett-Packard..HP Share-to-Web..hpgs2wnf.exe
C:..Program Files..Internet Explorer..iexplore.exe
C:..Documents and Settings..Jim..My Documents..HiJackThis.exe
R0 - HKCU..Software..Microsoft..Internet Explorer..Main,Start Page = http://www.comcast.net/
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM..Software..Microsoft..Internet Explorer..Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM..Software..Microsoft..Internet Explorer..Search,SearchAssistant = http://as.starware.com/dp/search?x=w...h7AfA98Gm4Me69
ZMbubcDODB5xmjBn4fP/Dl3EZSINe2YdgjektiM1iBrUpgh7WcPwSF0NW9JUeXlHdjXjk7pg+laRfEF
cC9ycBhQvFkIN+3LSw4M/EeDJ2ghlgeW0+z23Zftzr/IbEpc9w+1z761N4ICspjzFA0jfgeMJ
VBHrSk3jRc5mkAE
R1 - HKCU..Software..Microsoft..Internet Explorer..SearchURL,(Default) = http://as.starware.com/dp/search?x=w...dWpSlz2q9Dzn13
Emww/Ywt/2xYhTlJWsBlSAONGafHSsg6hBNDdsOtwwJGapm6MwqXON+wFbvXgPGF
eENd/0h+bCY+feJ93Q=
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
F3 - REG:win.ini: load=C:..WINNT..svchost.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:..Program Files..Yahoo!..Companion..Installs..cpn..ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:..Program Files..Adobe..Acrobat 5.0..Reader..ActiveX..AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:..PROGRA~1..SPYBOT~1..SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:..Program Files..Java..jre1.6.0_02..bin..ssv.dll
O2 - BHO: BndBlock4 BHO Class - {8F9E2BE3-766D-4831-BB0E-766D5B819995} - C:..Program Files..QdrDrive..QdrDrive9.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:..Program Files..Viewpoint..Viewpoint Toolbar..3.8.0..ViewBarBHO.dll
O2 - BHO: (no name) - {E434D3C7-A673-4100-8140-79C020945017} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:..Program Files..Microsoft Money..System..mnyviewer.dll
O3 - Toolbar: (no name) - {53829F91-1B06-4DB9-B13E-812A986169F9} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:..Program Files..Yahoo!..Companion..Installs..cpn..ycomp5_5_7_0.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:..Program Files..Common Files..Viewpoint..Toolbar Runtime..3.8.0..IEViewBar.dll
O4 - HKLM......Run: [Disc Detector] C:..Program Files..Creative..ShareDLL..CtNotify.exe
O4 - HKLM......Run: [nod32kui] "C:..Program Files..Eset..nod32kui.exe" /WAITSERVICE
O4 - HKLM......Run: [SunJavaUpdateSched] "C:..Program Files..Java..jre1.6.0_02..bin..jusched.exe"
O4 - HKLM......Run: [QuickTime Task] "C:..Program Files..QuickTime..qttask.exe" -atboottime
O4 - HKLM......Run: [TkBellExe] "C:..Program Files..Common Files..Real..Update_OB..realsched.exe" -osboot
O4 - HKCU......Run: [ctfmon.exe] C:..WINNT..system32..ctfmon.exe
O4 - HKCU......Run: [MSMSGS] "C:..Program Files..Messenger..msmsgs.exe" /background
O4 - HKCU......Run: [Steam] "c:..program files..steam..steam.exe" -silent
O4 - HKCU......Run: [Aim6] "C:..Program Files..AIM6..aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU......Run: [QdrModule11] "C:..Program Files..QdrModule..QdrModule11.exe"
O4 - HKCU......Run: [QdrPack12] "C:..Program Files..QdrPack..QdrPack12.exe"
O4 - HKUS..S-1-5-21-3962937336-3133978997-4149289120-1003......Ru
n: [MSMSGS] "C:..Program Files..Messenger..msmsgs.exe" /background (User '?')
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:..Program Files..Sony..Sony Picture Utility..VolumeWatcher..SPUVolumeWatcher.exe
O4 - Global Startup: America Online 6.0 Tray Icon.lnk = C:..Program Files..America Online 6.0a..aoltray.exe
O6 - HKCU..Software..Policies..Microsoft..Internet Explorer..Restrictions present
O6 - HKCU..Software..Policies..Microsoft..Internet Explorer..Control Panel present
O8 - Extra context menu item: &Search - ?p=ZB
O8 - Extra context menu item: &Viewpoint Search - res://C:..Program Files..Viewpoint..Viewpoint Toolbar..ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Look Up in &Encyclopedia - C:..Program Files..Common Files..Microsoft Shared..Reference 2001..A..ERS_ENC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:..Program Files..Java..jre1.6.0_02..bin..ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:..Program Files..Java..jre1.6.0_02..bin..ssv.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:..Program Files..Common Files..Microsoft Shared..Reference 2001..A..ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:..Program Files..Common Files..Microsoft Shared..Reference 2001..A..ERS_ENC.HTM
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:..Program Files..Microsoft Money..System..mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:..Program Files..Messenger..msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:..Program Files..Messenger..msmsgs.exe
O10 - Unknown file in Winsock LSP: c:..winnt..system32..nwprovau.dll
O12 - Plugin for .spop: C:..Program Files..Internet Explorer..Plugins..NPDocBox.dll
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://66.48.68.135/save/makeover.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:..counter.cab
O16 - DPF: {3CC943C7-3C99-11D4-8135-0050041A5144} (RunExeActiveX.UserControl1) - file://C:..Program Files..Gateway..HelpSpot..RunExeActiveX.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...housecall.tren
dmicro.com/housecall/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - file://C:..Program Files..Gateway..HelpSpot..StartFirstControl.CAB
O16 - DPF: {CE37E095-ACFF-4380-A856-A560D389E5E1} (XPLControlProject.XPLControl) - file://C:..Program Files..Gateway..HelpSpot..XPLControl.CAB
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:..Program Files..RcvSystem..httpdchk.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:..PROGRA~1..COMMON~1..AOL..ACS..acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:..Program Files..Common Files..Apple..Mobile Device Support..bin..AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:..WINNT..System32..CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:..Program Files..Common Files..InstallShield..Driver..11..Intel 32..IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:..WINNT..System32..ImapiRox.exe
O23 - Service: iPod Service - Unknown owner - C:..Program Files..iPod..bin..iPodService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:..Program Files..Eset..nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:..WINNT..System32..nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:..WINNT..System32..PackethSvc.exe
O23 - Service: PictureTaker - Unknown owner - c:..fixit..pt..PCTKRNT.SYS (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:..WINNT..System32..HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:..Program Files..Viewpoint..Common..ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:..WINNT..wanmpsvc.exe
--
End of file - 9961 bytes
Dont know about HJT logs, but you can cleanup unneeded temporary files etc... using "CCleaner" and "ATF cleaner" (used together = ver effective)
If i am helpful, please give me reputation points.
thank you for your help, i will do that and see how it goes, but can someone help me clean up the HJT log?? thank you
•
•
Join Date: Jul 2007
Posts: 271
Reputation: 
Solved Threads: 11
Posting Whiz in Training
check the following:
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {E434D3C7-A673-4100-8140-79C020945017} - (no file)
O3 - Toolbar: (no name) - {53829F91-1B06-4DB9-B13E-812A986169F9} - (no file)
O8 - Extra context menu item: &Search - ?p=ZB
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:..Program Files..Java..jre1.6.0_02..bin..ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
click fix selected and restart and let me know if its any better and repost a new log
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {E434D3C7-A673-4100-8140-79C020945017} - (no file)
O3 - Toolbar: (no name) - {53829F91-1B06-4DB9-B13E-812A986169F9} - (no file)
O8 - Extra context menu item: &Search - ?p=ZB
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:..Program Files..Java..jre1.6.0_02..bin..ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
click fix selected and restart and let me know if its any better and repost a new log
Last edited by crunchie; Jan 25th, 2008 at 10:34 am.
thanks, heres my new log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:17:25 PM, on 1/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:..WINNT..System32..smss.exe
C:..WINNT..system32..winlogon.exe
C:..WINNT..system32..services.exe
C:..WINNT..system32..lsass.exe
C:..WINNT..system32..svchost.exe
C:..WINNT..System32..svchost.exe
C:..WINNT..system32..spoolsv.exe
C:..Program Files..Citrix..ICA Client..ssonsvr.exe
C:..WINNT..system32..devldr32.exe
C:..WINNT..Explorer.EXE
C:..WINNT..svchost.exe
C:..Program Files..Creative..ShareDLL..CtNotify.exe
C:..Program Files..Eset..nod32kui.exe
C:..Program Files..Java..jre1.6.0_02..bin..jusched.exe
C:..Program Files..QuickTime..qttask.exe
C:..Program Files..Common Files..Real..Update_OB..realsched.exe
C:..WINNT..system32..ctfmon.exe
C:..Program Files..Messenger..msmsgs.exe
C:..program files..steam..steam.exe
C:..Program Files..AIM6..aim6.exe
C:..Program Files..Creative..ShareDLL..MediaDet.Exe
C:..Program Files..Sony..Sony Picture Utility..VolumeWatcher..SPUVolumeWatcher.exe
C:..Program Files..AIM6..aolsoftware.exe
C:..WINNT..System32..PackethSvc.exe
C:..PROGRA~1..COMMON~1..AOL..ACS..acsd.exe
C:..Program Files..Common Files..Apple..Mobile Device Support..bin..AppleMobileDeviceService.exe
C:..WINNT..System32..CTsvcCDA.exe
C:..Program Files..Eset..nod32krn.exe
C:..WINNT..System32..nvsvc32.exe
C:..WINNT..System32..svchost.exe
C:..Program Files..Viewpoint..Common..ViewpointService.exe
C:..WINNT..wanmpsvc.exe
C:..Program Files..Viewpoint..Viewpoint Manager..ViewMgr.exe
C:..Program Files..Ventrilo..Ventrilo.exe
C:..Program Files..Internet Explorer..iexplore.exe
C:..Program Files..Java..jre1.6.0_02..bin..jucheck.exe
C:..Program Files..Microsoft Money..System..urlmap.exe
C:..Documents and Settings..Jim..My Documents..HiJackThis.exe
R0 - HKCU..Software..Microsoft..Internet Explorer..Main,Start Page = http://www.comcast.net/
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM..Software..Microsoft..Internet Explorer..Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F3 - REG:win.ini: load=C:..WINNT..svchost.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:..Program Files..Yahoo!..Companion..Installs..cpn..ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:..Program Files..Adobe..Acrobat 5.0..Reader..ActiveX..AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:..PROGRA~1..SPYBOT~1..SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:..Program Files..Java..jre1.6.0_02..bin..ssv.dll
O2 - BHO: BndBlock4 BHO Class - {8F9E2BE3-766D-4831-BB0E-766D5B819995} - C:..Program Files..QdrDrive..QdrDrive9.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:..Program Files..Viewpoint..Viewpoint Toolbar..3.8.0..ViewBarBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:..Program Files..Microsoft Money..System..mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:..Program Files..Yahoo!..Companion..Installs..cpn..ycomp5_5_7_0.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:..Program Files..Common Files..Viewpoint..Toolbar Runtime..3.8.0..IEViewBar.dll
O4 - HKLM......Run: [Disc Detector] C:..Program Files..Creative..ShareDLL..CtNotify.exe
O4 - HKLM......Run: [nod32kui] "C:..Program Files..Eset..nod32kui.exe" /WAITSERVICE
O4 - HKLM......Run: [SunJavaUpdateSched] "C:..Program Files..Java..jre1.6.0_02..bin..jusched.exe"
O4 - HKLM......Run: [QuickTime Task] "C:..Program Files..QuickTime..qttask.exe" -atboottime
O4 - HKLM......Run: [TkBellExe] "C:..Program Files..Common Files..Real..Update_OB..realsched.exe" -osboot
O4 - HKCU......Run: [ctfmon.exe] C:..WINNT..system32..ctfmon.exe
O4 - HKCU......Run: [MSMSGS] "C:..Program Files..Messenger..msmsgs.exe" /background
O4 - HKCU......Run: [Steam] "c:..program files..steam..steam.exe" -silent
O4 - HKCU......Run: [Aim6] "C:..Program Files..AIM6..aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU......Run: [QdrModule11] "C:..Program Files..QdrModule..QdrModule11.exe"
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:..Program Files..Sony..Sony Picture Utility..VolumeWatcher..SPUVolumeWatcher.exe
O4 - Global Startup: America Online 6.0 Tray Icon.lnk = C:..Program Files..America Online 6.0a..aoltray.exe
O6 - HKCU..Software..Policies..Microsoft..Internet Explorer..Restrictions present
O6 - HKCU..Software..Policies..Microsoft..Internet Explorer..Control Panel present
O8 - Extra context menu item: &Viewpoint Search - res://C:..Program Files..Viewpoint..Viewpoint Toolbar..ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Look Up in &Encyclopedia - C:..Program Files..Common Files..Microsoft Shared..Reference 2001..A..ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:..Program Files..Common Files..Microsoft Shared..Reference 2001..A..ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:..Program Files..Common Files..Microsoft Shared..Reference 2001..A..ERS_ENC.HTM
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:..Program Files..Microsoft Money..System..mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:..Program Files..Messenger..msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:..Program Files..Messenger..msmsgs.exe
O10 - Unknown file in Winsock LSP: c:..winnt..system32..nwprovau.dll
O12 - Plugin for .spop: C:..Program Files..Internet Explorer..Plugins..NPDocBox.dll
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://66.48.68.135/save/makeover.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:..counter.cab
O16 - DPF: {3CC943C7-3C99-11D4-8135-0050041A5144} (RunExeActiveX.UserControl1) - file://C:..Program Files..Gateway..HelpSpot..RunExeActiveX.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...housecall.tren
dmicro.com/housecall/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - file://C:..Program Files..Gateway..HelpSpot..StartFirstControl.CAB
O16 - DPF: {CE37E095-ACFF-4380-A856-A560D389E5E1} (XPLControlProject.XPLControl) - file://C:..Program Files..Gateway..HelpSpot..XPLControl.CAB
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:..Program Files..RcvSystem..httpdchk.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:..PROGRA~1..COMMON~1..AOL..ACS..acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:..Program Files..Common Files..Apple..Mobile Device Support..bin..AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:..WINNT..System32..CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:..Program Files..Common Files..InstallShield..Driver..11..Intel 32..IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:..WINNT..System32..ImapiRox.exe
O23 - Service: iPod Service - Unknown owner - C:..Program Files..iPod..bin..iPodService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:..Program Files..Eset..nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:..WINNT..System32..nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:..WINNT..System32..PackethSvc.exe
O23 - Service: PictureTaker - Unknown owner - c:..fixit..pt..PCTKRNT.SYS (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:..WINNT..System32..HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:..Program Files..Viewpoint..Common..ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:..WINNT..wanmpsvc.exe
--
End of file - 8469 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:17:25 PM, on 1/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:..WINNT..System32..smss.exe
C:..WINNT..system32..winlogon.exe
C:..WINNT..system32..services.exe
C:..WINNT..system32..lsass.exe
C:..WINNT..system32..svchost.exe
C:..WINNT..System32..svchost.exe
C:..WINNT..system32..spoolsv.exe
C:..Program Files..Citrix..ICA Client..ssonsvr.exe
C:..WINNT..system32..devldr32.exe
C:..WINNT..Explorer.EXE
C:..WINNT..svchost.exe
C:..Program Files..Creative..ShareDLL..CtNotify.exe
C:..Program Files..Eset..nod32kui.exe
C:..Program Files..Java..jre1.6.0_02..bin..jusched.exe
C:..Program Files..QuickTime..qttask.exe
C:..Program Files..Common Files..Real..Update_OB..realsched.exe
C:..WINNT..system32..ctfmon.exe
C:..Program Files..Messenger..msmsgs.exe
C:..program files..steam..steam.exe
C:..Program Files..AIM6..aim6.exe
C:..Program Files..Creative..ShareDLL..MediaDet.Exe
C:..Program Files..Sony..Sony Picture Utility..VolumeWatcher..SPUVolumeWatcher.exe
C:..Program Files..AIM6..aolsoftware.exe
C:..WINNT..System32..PackethSvc.exe
C:..PROGRA~1..COMMON~1..AOL..ACS..acsd.exe
C:..Program Files..Common Files..Apple..Mobile Device Support..bin..AppleMobileDeviceService.exe
C:..WINNT..System32..CTsvcCDA.exe
C:..Program Files..Eset..nod32krn.exe
C:..WINNT..System32..nvsvc32.exe
C:..WINNT..System32..svchost.exe
C:..Program Files..Viewpoint..Common..ViewpointService.exe
C:..WINNT..wanmpsvc.exe
C:..Program Files..Viewpoint..Viewpoint Manager..ViewMgr.exe
C:..Program Files..Ventrilo..Ventrilo.exe
C:..Program Files..Internet Explorer..iexplore.exe
C:..Program Files..Java..jre1.6.0_02..bin..jucheck.exe
C:..Program Files..Microsoft Money..System..urlmap.exe
C:..Documents and Settings..Jim..My Documents..HiJackThis.exe
R0 - HKCU..Software..Microsoft..Internet Explorer..Main,Start Page = http://www.comcast.net/
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM..Software..Microsoft..Internet Explorer..Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F3 - REG:win.ini: load=C:..WINNT..svchost.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:..Program Files..Yahoo!..Companion..Installs..cpn..ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:..Program Files..Adobe..Acrobat 5.0..Reader..ActiveX..AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:..PROGRA~1..SPYBOT~1..SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:..Program Files..Java..jre1.6.0_02..bin..ssv.dll
O2 - BHO: BndBlock4 BHO Class - {8F9E2BE3-766D-4831-BB0E-766D5B819995} - C:..Program Files..QdrDrive..QdrDrive9.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:..Program Files..Viewpoint..Viewpoint Toolbar..3.8.0..ViewBarBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:..Program Files..Microsoft Money..System..mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:..Program Files..Yahoo!..Companion..Installs..cpn..ycomp5_5_7_0.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:..Program Files..Common Files..Viewpoint..Toolbar Runtime..3.8.0..IEViewBar.dll
O4 - HKLM......Run: [Disc Detector] C:..Program Files..Creative..ShareDLL..CtNotify.exe
O4 - HKLM......Run: [nod32kui] "C:..Program Files..Eset..nod32kui.exe" /WAITSERVICE
O4 - HKLM......Run: [SunJavaUpdateSched] "C:..Program Files..Java..jre1.6.0_02..bin..jusched.exe"
O4 - HKLM......Run: [QuickTime Task] "C:..Program Files..QuickTime..qttask.exe" -atboottime
O4 - HKLM......Run: [TkBellExe] "C:..Program Files..Common Files..Real..Update_OB..realsched.exe" -osboot
O4 - HKCU......Run: [ctfmon.exe] C:..WINNT..system32..ctfmon.exe
O4 - HKCU......Run: [MSMSGS] "C:..Program Files..Messenger..msmsgs.exe" /background
O4 - HKCU......Run: [Steam] "c:..program files..steam..steam.exe" -silent
O4 - HKCU......Run: [Aim6] "C:..Program Files..AIM6..aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU......Run: [QdrModule11] "C:..Program Files..QdrModule..QdrModule11.exe"
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:..Program Files..Sony..Sony Picture Utility..VolumeWatcher..SPUVolumeWatcher.exe
O4 - Global Startup: America Online 6.0 Tray Icon.lnk = C:..Program Files..America Online 6.0a..aoltray.exe
O6 - HKCU..Software..Policies..Microsoft..Internet Explorer..Restrictions present
O6 - HKCU..Software..Policies..Microsoft..Internet Explorer..Control Panel present
O8 - Extra context menu item: &Viewpoint Search - res://C:..Program Files..Viewpoint..Viewpoint Toolbar..ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Look Up in &Encyclopedia - C:..Program Files..Common Files..Microsoft Shared..Reference 2001..A..ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:..Program Files..Common Files..Microsoft Shared..Reference 2001..A..ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:..Program Files..Common Files..Microsoft Shared..Reference 2001..A..ERS_ENC.HTM
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:..Program Files..Microsoft Money..System..mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:..Program Files..Messenger..msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:..Program Files..Messenger..msmsgs.exe
O10 - Unknown file in Winsock LSP: c:..winnt..system32..nwprovau.dll
O12 - Plugin for .spop: C:..Program Files..Internet Explorer..Plugins..NPDocBox.dll
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://66.48.68.135/save/makeover.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:..counter.cab
O16 - DPF: {3CC943C7-3C99-11D4-8135-0050041A5144} (RunExeActiveX.UserControl1) - file://C:..Program Files..Gateway..HelpSpot..RunExeActiveX.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...housecall.tren
dmicro.com/housecall/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - file://C:..Program Files..Gateway..HelpSpot..StartFirstControl.CAB
O16 - DPF: {CE37E095-ACFF-4380-A856-A560D389E5E1} (XPLControlProject.XPLControl) - file://C:..Program Files..Gateway..HelpSpot..XPLControl.CAB
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:..Program Files..RcvSystem..httpdchk.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:..PROGRA~1..COMMON~1..AOL..ACS..acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:..Program Files..Common Files..Apple..Mobile Device Support..bin..AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:..WINNT..System32..CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:..Program Files..Common Files..InstallShield..Driver..11..Intel 32..IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:..WINNT..System32..ImapiRox.exe
O23 - Service: iPod Service - Unknown owner - C:..Program Files..iPod..bin..iPodService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:..Program Files..Eset..nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:..WINNT..System32..nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:..WINNT..System32..PackethSvc.exe
O23 - Service: PictureTaker - Unknown owner - c:..fixit..pt..PCTKRNT.SYS (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:..WINNT..System32..HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:..Program Files..Viewpoint..Common..ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:..WINNT..wanmpsvc.exe
--
End of file - 8469 bytes
Last edited by ownedswax; Jan 25th, 2008 at 6:20 pm.
•
•
Join Date: Jul 2007
Posts: 271
Reputation:
Solved Threads: 11
Posting Whiz in Training
you can get rid of the entries also
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
Last edited by crunchie; Jan 25th, 2008 at 8:43 pm.
•
•
Join Date: Feb 2004
Posts: 10,110
Reputation: 
Solved Threads: 768
You have a problem there, but if you want to get it clean, you must post an un-edited hijackthis log!
Last edited by crunchie; Jan 25th, 2008 at 8:46 pm.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
okay i will get his log and re-post it/edit this post and will make the changes you posted overwhelmed. thanks.
•
•
Join Date: Feb 2004
Posts: 10,110
Reputation:
Solved Threads: 768
Tell me something. Why would anyone go to all that trouble to edit the complete log like that?
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
|
Similar Threads
- Clean Previous Next Script for MySQL results (PHP)
- Clean Your Prefetch to Improve Performance (Windows tips 'n' tweaks)
- Clean off my computer (Windows 95 / 98 / Me)
- T22 dirty screen how do I clean? (Monitors, Displays and Video Cards)
- help with clean win2000 install (Windows NT / 2000 / XP)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Snapkey Removal.
- Next Thread: Desktop lockout & other nasties (Read on)
Views: 2008 | Replies: 11
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
Tag cloud for Viruses, Spyware and other Nasties
acrobat adobe adware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet china combofix commercials conficker connect control crosssitescripting cyber cyberwarfare ddos domains e-mafia email europe facebook fake gaming gtaiv gumblar halloween hijack internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn news norton obama onlinethreats paedophile panel parents pdf phishing police president privacy pro problem redirecting reliability report research risk rogueantivirus rootkit samhain sans scareware school search security sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen threat translate trojan unabletoaccessanti-virussites unwanted usa virus viruses vista volume vulnerability war warning windows worm zero-day zeroday
