Viruses, Spyware and other Nasties RSS Viruses, Spyware and other Nasties RSS

many errors, extremely slow computer

Reply
1 2

Join Date: Mar 2008
Posts: 9
Reputation: samjennings is an unknown quantity at this point 
Solved Threads: 0
samjennings samjennings is offline Offline
Newbie Poster

many errors, extremely slow computer

 
0
  #1
Mar 1st, 2008
Hi, my computer has been running extremely slowly in the past couple of days. I have all the proper programs, but the errors they are deleting do not seem to be fixing the computer. Instead of a hardrive as my C drive, I have a red X. Many spybot errors and BHO errors have shown up, and when I start the computer the error appears: "During a scan at system start up potential errors in the system registry were found." Here is my hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:19 PM, on 3/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\AOL\1180058179\ee\AOLSoftware.exe
C:\DOCUME~1\Sam\LOCALS~1\Temp\clclean.0001
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\SHARP\OZ_ZQ-590A\sync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCGUIDE.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Sam\Desktop\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180058179\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [683068e4] rundll32.exe "C:\WINDOWS\system32\yecehmfy.dll",b
O4 - HKLM\..\Run: [BM6b035b78] Rundll32.exe "C:\WINDOWS\system32\vvitukvd.dll",s
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [C:\Documents and Settings\Sam\Desktop\BlackBerry_JDE_4.3.0.exe] C:\Documents and Settings\Sam\Desktop\BlackBerry_JDE_4.3.0.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: OZ_ZQ-590A Synchronization Software.lnk = C:\Program Files\SHARP\OZ_ZQ-590A\sync.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O22 - SharedTaskScheduler: ablator - {fce1c203-ff2b-4ec1-9983-e2900d29bbd8} - C:\WINDOWS\system32\axdpfl.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13718 bytes
Reply With Quote Quick reply to this message  
Join Date: Feb 2007
Posts: 51
Reputation: humbll is an unknown quantity at this point 
Solved Threads: 0
humbll humbll is offline Offline
Junior Poster in Training

Re: many errors, extremely slow computer

 
0
  #2
Mar 6th, 2008
You have probably been infected with adware and/or spyware. In these cases I like to start fresh by deleting the partition and reinstalling the OS and drivers. Before doing that you should backup any data you want to keep (pictures, word files, etc. NO PROGRAMS!!)) onto a cd-rom.

After you have done the reinstall, get all updates from microsoft, then buy a copy of Mcafee Anti-Virus 6-in-1 from their website (Currently $39.95 which is cheap). This comes with Site Adviser which will help you by alerting you when you attempt to go to a site which will install malware such as that with which you are now infected.
Last edited by humbll; Mar 6th, 2008 at 3:52 pm.
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 10,009
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 757
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is online now Online
Spyware Killer

Re: many errors, extremely slow computer

 
0
  #3
Mar 6th, 2008
Or you can download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebyt...are_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Post new HJT log.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Join Date: Mar 2008
Posts: 9
Reputation: samjennings is an unknown quantity at this point 
Solved Threads: 0
samjennings samjennings is offline Offline
Newbie Poster

Re: many errors, extremely slow computer

 
0
  #4
Mar 7th, 2008
Thanks for the reply, my Malwarebytes log and HJT log are below:

Malwarebytes' Anti-Malware 1.07
Database version: 461

Scan type: Full Scan (A:\|C:\|)
Objects scanned: 189963
Time elapsed: 58 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 20
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 11
Files Infected: 31

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e180f496-8a4b-44e2-9fe0-0364e345db7f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a95b2816-1d7e-4561-a202-68c0de02353a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\the weather channel desktop (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{55603582-9876-4d6d-a532-18b6a79f1206} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55603582-9876-4d6d-a532-18b6a79f1206} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinTouch (Adware.WinPop) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\capcom (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drvr2 (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\E404 Helper (AdWare.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Mz08r (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather (Adware.Hotbar) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelNE.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelQC.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelqx.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelSlnchr.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelUpdate.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\WiseInstallUtility.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\eula.html (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\INSTALL.LOG (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\uninstall.bat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\UNWISE.EXE (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\UNWISE.INI (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\INSTALL.LOG (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\uninstall.bat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\UNWISE.EXE (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\UNWISE.INI (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxfw.cpl (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\E404 Helper\e404.v2.dll (AdWare.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather\Help.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather\Settings.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather\The Weather Channel Desktop.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather\Uninstall.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\page.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnno.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stepahanie\Desktop\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Desktop\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Desktop\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Desktop\The Weather Channel Desktop.lnk (Rogue.Link) -> Quarantined and deleted successfully.



HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:28:43 AM, on 3/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\AOL\1180058179\ee\AOLSoftware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\DOCUME~1\Sam\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\SHARP\OZ_ZQ-590A\sync.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCGUIDE.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Documents and Settings\Sam\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2B8F17EA-7927-4A38-B468-8A006ED17920} - (no file)
O2 - BHO: (no name) - {2F6D819E-4FCA-4DF8-B57D-4387A2E89E03} - (no file)
O2 - BHO: (no name) - {380A2F8B-9DB8-4E43-A6E3-887D7F4FA734} - (no file)
O2 - BHO: (no name) - {3A354B53-1F54-44B0-8384-41ACBF9886D6} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {4AF4F78E-4365-435C-B7A6-A23D4537B9B6} - (no file)
O2 - BHO: (no name) - {8A101D69-7F8A-4205-BD83-84F49D1A14BB} - C:\WINDOWS\system32\vtutq.dll (file missing)
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: (no name) - {B1A3E517-7D4A-428B-92A3-06ADAE73ECFD} - (no file)
O2 - BHO: (no name) - {B32EBE38-029E-4611-8E55-B451F4948B64} - (no file)
O2 - BHO: (no name) - {BF9D2AFF-5C32-4322-BBAB-500F9F04C548} - (no file)
O2 - BHO: (no name) - {C0229C79-166D-4D67-9210-41CE838B508A} - (no file)
O2 - BHO: (no name) - {DF475BCA-25FD-4AE2-9BEB-903F9433405B} - (no file)
O2 - BHO: (no name) - {EC5D1784-6F0C-4795-AF42-25F5ACFCE324} - (no file)
O2 - BHO: (no name) - {F35A41F6-05F7-49AB-9F05-5BA70129FE77} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180058179\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [BM6b035b78] Rundll32.exe "C:\WINDOWS\system32\pvrnufqx.dll",s
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [C:\Documents and Settings\Sam\Desktop\BlackBerry_JDE_4.3.0.exe] C:\Documents and Settings\Sam\Desktop\BlackBerry_JDE_4.3.0.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: OZ_ZQ-590A Synchronization Software.lnk = C:\Program Files\SHARP\OZ_ZQ-590A\sync.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1B3E9F2-3516-44E0-8DF4-8550C97781D3}: NameServer = 205.188.146.145
O20 - Winlogon Notify: akforwvu - C:\WINDOWS\
O20 - Winlogon Notify: tuvtrqn - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 14418 bytes
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 10,009
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 757
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is online now Online
Spyware Killer

Re: many errors, extremely slow computer

 
0
  #5
Mar 7th, 2008
Can you please do the following.

===============

You will have to disable Spybot's Teatimer before we begin, as it will interfere with the fix. To do this can you start Spybot and go to the Mode button and select Advanced. Go to Tools > Resident and uncheck the box next to Tea-Timer. Make sure that the icon in the system tray is no longer there. If it is, just right click on it and select "Exit".
Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.
Do not forget to re-enable teatimer when we are done .
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

===============

Scan with HijackThis and then place a check next to all the following, if present:


R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: (no name) - {2B8F17EA-7927-4A38-B468-8A006ED17920} - (no file)
O2 - BHO: (no name) - {2F6D819E-4FCA-4DF8-B57D-4387A2E89E03} - (no file)
O2 - BHO: (no name) - {380A2F8B-9DB8-4E43-A6E3-887D7F4FA734} - (no file)
O2 - BHO: (no name) - {3A354B53-1F54-44B0-8384-41ACBF9886D6} - (no file)
O2 - BHO: (no name) - {4AF4F78E-4365-435C-B7A6-A23D4537B9B6} - (no file)
O2 - BHO: (no name) - {8A101D69-7F8A-4205-BD83-84F49D1A14BB} - C:\WINDOWS\system32\vtutq.dll (file missing)
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: (no name) - {B1A3E517-7D4A-428B-92A3-06ADAE73ECFD} - (no file)
O2 - BHO: (no name) - {B32EBE38-029E-4611-8E55-B451F4948B64} - (no file)
O2 - BHO: (no name) - {BF9D2AFF-5C32-4322-BBAB-500F9F04C548} - (no file)
O2 - BHO: (no name) - {C0229C79-166D-4D67-9210-41CE838B508A} - (no file)
O2 - BHO: (no name) - {DF475BCA-25FD-4AE2-9BEB-903F9433405B} - (no file)
O2 - BHO: (no name) - {EC5D1784-6F0C-4795-AF42-25F5ACFCE324} - (no file)
O2 - BHO: (no name) - {F35A41F6-05F7-49AB-9F05-5BA70129FE77} - (no file)

O4 - HKLM\..\Run: [BM6b035b78] Rundll32.exe "C:\WINDOWS\system32\pvrnufqx.dll",s

O20 - Winlogon Notify: akforwvu - C:\WINDOWS\
O20 - Winlogon Notify: tuvtrqn - C:\WINDOWS\


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

C:\Program Files\AskTBar

files...

C:\WINDOWS\system32\pvrnufqx.dll

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.
Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Join Date: Mar 2008
Posts: 9
Reputation: samjennings is an unknown quantity at this point 
Solved Threads: 0
samjennings samjennings is offline Offline
Newbie Poster

Re: many errors, extremely slow computer

 
0
  #6
Mar 8th, 2008
The computer performance is a little bit better, but it is still slow and there is still a red X on the C drive.

HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:26:15 PM, on 3/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\AOL\1180058179\ee\AOLSoftware.exe
C:\DOCUME~1\Sam\LOCALS~1\Temp\clclean.0001
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCGUIDE.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sam\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3E67C593-5875-28FE-5466-5800C9C789EA} - C:\WINDOWS\system32\fpka.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {55603582-9876-4D6D-A532-18B6A79F1206} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: (no name) - {D643628F-37F0-4F6C-A646-8D93CFB01AC3} - C:\Program Files\Common Files\pezogy89104.dll
O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180058179\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [BM6b035b78] Rundll32.exe "C:\WINDOWS\system32\pvrnufqx.dll",s
O4 - HKLM\..\Run: [{06-68-84-4B-DW}] C:\WINDOWS\system32\lan34\sysdr659.exe DWram
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [C:\Documents and Settings\Sam\Desktop\BlackBerry_JDE_4.3.0.exe] C:\Documents and Settings\Sam\Desktop\BlackBerry_JDE_4.3.0.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1488046231-4255717838-2118716322-1009\..\Run: [SetDefaultMIDI] MIDIDef.exe (User 'Michael')
O4 - HKUS\S-1-5-21-1488046231-4255717838-2118716322-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Michael')
O4 - HKUS\S-1-5-21-1488046231-4255717838-2118716322-1009\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Michael')
O4 - HKUS\S-1-5-21-1488046231-4255717838-2118716322-1009\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe (User 'Michael')
O4 - HKUS\S-1-5-21-1488046231-4255717838-2118716322-1009\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe (User 'Michael')
O4 - HKUS\S-1-5-21-1488046231-4255717838-2118716322-1009\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" (User 'Michael')
O4 - HKUS\S-1-5-21-1488046231-4255717838-2118716322-1009\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (User 'Michael')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - S-1-5-21-1488046231-4255717838-2118716322-1009 Startup: DW_Start.lnk = C:\WINDOWS\system32\lan34\sysdr659.exe (User 'Michael')
O4 - S-1-5-21-1488046231-4255717838-2118716322-1009 User Startup: DW_Start.lnk = C:\WINDOWS\system32\lan34\sysdr659.exe (User 'Michael')
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: OZ_ZQ-590A Synchronization Software.lnk = C:\Program Files\SHARP\OZ_ZQ-590A\sync.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 14674 bytes
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 10,009
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 757
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is online now Online
Spyware Killer

Re: many errors, extremely slow computer

 
0
  #7
Mar 8th, 2008
Please download ComboFix by sUBs from HERE or HERE
  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Join Date: Mar 2008
Posts: 9
Reputation: samjennings is an unknown quantity at this point 
Solved Threads: 0
samjennings samjennings is offline Offline
Newbie Poster

Re: many errors, extremely slow computer

 
0
  #8
Mar 9th, 2008
Combofix:

ComboFix 08-03-09.1 - Sam 2008-03-09 11:54:00.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1424 [GMT -4:00]
Running from: C:\Documents and Settings\Sam\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Stepahanie\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Stepahanie\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Stepahanie\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\pezogy89104.dll
C:\Program Files\Common Files\ymbols~1
C:\Program Files\Common Files\ymbols~1\?ymbols\
C:\Program Files\Common Files\ymbols~1\msconfig.exe
C:\Program Files\Drmupgds
C:\Program Files\inetget2
C:\Program Files\JavaCore
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\NoDNS
C:\Program Files\NoDNS\NoDNS.exe
C:\Program Files\NoDNS\UnInstall.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Temporary
C:\Program Files\Temporary\InsiDERInst.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\temp\tn3
C:\WINDOWS\BM6b035b78.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\abc2
C:\WINDOWS\system32\bqdupodw.dll
C:\WINDOWS\system32\drivers\mouclasss.sys
C:\WINDOWS\system32\ex1
C:\WINDOWS\system32\fpka.dll
C:\WINDOWS\system32\ggeukivf.dll
C:\WINDOWS\system32\icroso~1
C:\WINDOWS\system32\icroso~1\s?chost.exe
C:\WINDOWS\system32\iDlo01
C:\WINDOWS\system32\iDlo01\iDlo011065.exe
C:\WINDOWS\system32\ineWc01
C:\WINDOWS\system32\ipd1
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msdtexch.dll
C:\WINDOWS\system32\msftedswc.dll
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\nvdeatsv.dll
C:\WINDOWS\system32\oc9
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\shel9
C:\WINDOWS\system32\ybqegycd.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_MOUCLASSS
-------\mouclasss


((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))
.

2008-03-09 12:05 . 2008-03-09 12:05 49,155 --a------ C:\WINDOWS\system32\rwwnw64d.exe
2008-03-09 12:05 . 2008-03-09 12:06 32 --a------ C:\WINDOWS\system32\msnav32.ax
2008-03-07 23:36 . 2008-03-07 23:36 37,376 --a------ C:\WINDOWS\17PHolmes572.exe
2008-03-07 23:29 . 2008-03-07 23:29 <DIR> d-------- C:\Program Files\nvcoi
2008-03-07 23:26 . 2008-03-07 23:26 <DIR> d-------- C:\WINDOWS\system32\typ2
2008-03-07 23:26 . 2008-03-07 23:26 <DIR> d-------- C:\WINDOWS\system32\lows8
2008-03-07 23:26 . 2008-03-07 23:26 <DIR> d-------- C:\WINDOWS\system32\lan34
2008-03-07 23:26 . 2008-03-08 10:24 <DIR> d-------- C:\WINDOWS\system32\ech5
2008-03-07 23:26 . 2008-03-07 23:26 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-03-07 23:26 . 2008-03-07 23:35 41,723 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2008-03-07 23:26 . 2008-03-07 23:26 37,376 --a------ C:\WINDOWS\mrofinu572.exe.tmp
2008-03-07 23:26 . 2008-03-07 23:30 37,376 --a------ C:\WINDOWS\mrofinu572.exe
2008-03-07 23:26 . 2008-03-07 23:26 37,376 --a------ C:\WINDOWS\mrofinu1000106.exe
2008-03-06 20:26 . 2008-03-06 20:26 <DIR> d-------- C:\Documents and Settings\Sam\Application Data\Malwarebytes
2008-03-06 20:25 . 2008-03-06 20:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-06 20:25 . 2008-03-06 20:25 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-03-06 20:25 . 2008-03-06 20:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-04 17:32 . 2008-03-04 15:32 105,984 --a------ C:\WINDOWS\b152.exe
2008-03-02 15:34 . 2008-03-02 15:34 <DIR> d-------- C:\Program Files\RADVideo
2008-03-02 12:26 . 2008-03-02 10:26 73,728 --a------ C:\WINDOWS\b153.exe
2008-03-02 02:23 . 2008-03-02 02:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-03-01 19:58 . 2008-03-01 20:28 4,309,071 ---hs---- C:\WINDOWS\system32\yfmhecey.ini
2008-02-29 20:54 . 2008-03-01 19:46 3,312,256 ---hs---- C:\WINDOWS\system32\rljucdhl.ini
2008-02-29 20:26 . 2008-02-29 20:52 1,307,402 ---hs---- C:\WINDOWS\system32\avjlakdi.ini
2008-02-29 14:19 . 2008-02-29 20:07 1,307,282 ---hs---- C:\WINDOWS\system32\jafsncqh.ini
2008-02-27 16:20 . 2008-02-27 16:20 <DIR> d-------- C:\Documents and Settings\Stepahanie\Application Data\acccore
2008-02-25 11:00 . 2008-02-25 09:00 81,920 --a------ C:\WINDOWS\b154.exe
2008-02-22 20:40 . 2008-02-22 20:40 <DIR> d-------- C:\Program Files\GabbaSoft
2008-02-20 21:20 . 2008-02-20 21:20 <DIR> d----c--- C:\Documents and Settings\Adam\Application Data\Move Networks
2008-02-19 21:54 . 2008-02-19 21:54 268 --ah-c--- C:\sqmdata19.sqm
2008-02-19 21:54 . 2008-03-08 23:40 244 --ah-c--- C:\sqmnoopt19.sqm
2008-02-19 17:05 . 2008-02-19 17:41 <DIR> d-------- C:\Documents and Settings\Stepahanie\Application Data\Move Networks
2008-02-19 15:38 . 2008-02-19 15:38 <DIR> d----c--- C:\Documents and Settings\Adam\Application Data\InstallShield
2008-02-19 02:58 . 2008-03-08 21:56 268 --ah-c--- C:\sqmdata18.sqm
2008-02-19 02:58 . 2008-03-08 21:56 244 --ah-c--- C:\sqmnoopt18.sqm
2008-02-18 20:27 . 2008-02-18 20:27 <DIR> d-------- C:\Documents and Settings\Stepahanie\Application Data\InstallShield
2008-02-17 10:32 . 2008-02-17 10:32 <DIR> d-------- C:\Documents and Settings\Sam\Application Data\Research In Motion
2008-02-17 10:31 . 2008-03-09 12:06 256 --a------ C:\WINDOWS\system32\pool.bin
2008-02-17 08:23 . 2008-02-17 08:23 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\InstallShield
2008-02-16 16:32 . 2008-02-17 08:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-02-16 16:26 . 2008-02-16 16:26 <DIR> d-------- C:\Documents and Settings\Sam\Application Data\Blackberry Desktop
2008-02-16 16:26 . 2007-01-18 11:24 26,496 -ra------ C:\WINDOWS\system32\drivers\RimSerial.sys
2008-02-16 16:25 . 2008-02-16 16:25 <DIR> d-------- C:\Program Files\Research In Motion
2008-02-16 16:25 . 2008-02-16 16:26 <DIR> d-------- C:\Program Files\Common Files\Research In Motion
2008-02-16 16:20 . 2008-02-16 16:20 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-02-15 21:08 . 2008-02-15 21:08 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\WildTangent
2008-02-15 21:07 . 2008-02-15 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2008-02-15 17:27 . 2008-03-08 11:57 268 --ah-c--- C:\sqmdata17.sqm
2008-02-15 17:27 . 2008-03-08 11:57 244 --ah-c--- C:\sqmnoopt17.sqm
2008-02-15 13:45 . 2008-03-07 18:25 268 --ah-c--- C:\sqmdata16.sqm
2008-02-15 13:45 . 2008-03-07 18:25 244 --ah-c--- C:\sqmnoopt16.sqm
2008-02-15 12:02 . 2008-03-04 17:35 268 --ah-c--- C:\sqmdata15.sqm
2008-02-15 12:02 . 2008-03-04 17:35 244 --ah-c--- C:\sqmnoopt15.sqm
2008-02-15 11:31 . 2008-02-15 11:31 <DIR> d-------- C:\Documents and Settings\Sam\Contacts
2008-02-15 10:21 . 2008-03-03 21:17 244 --ah-c--- C:\sqmnoopt14.sqm
2008-02-15 10:21 . 2008-03-03 21:17 232 --ah-c--- C:\sqmdata14.sqm
2008-02-14 19:50 . 2008-03-03 17:57 244 --ah-c--- C:\sqmnoopt13.sqm
2008-02-14 19:50 . 2008-03-03 17:57 232 --ah-c--- C:\sqmdata13.sqm
2008-02-14 17:57 . 2008-02-14 17:57 21,504 --a------ C:\WINDOWS\jestertb.dll
2008-02-13 23:23 . 2008-03-03 16:13 268 --ah-c--- C:\sqmdata12.sqm
2008-02-13 23:23 . 2008-03-03 16:13 244 --ah-c--- C:\sqmnoopt12.sqm
2008-02-13 21:13 . 2008-03-03 10:33 268 --ah-c--- C:\sqmdata11.sqm
2008-02-13 21:13 . 2008-03-03 10:33 244 --ah-c--- C:\sqmnoopt11.sqm
2008-02-13 20:46 . 2008-02-23 20:13 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Move Networks
2008-02-13 10:17 . 2008-03-02 23:31 244 --ah-c--- C:\sqmnoopt10.sqm
2008-02-13 10:17 . 2008-03-02 23:31 232 --ah-c--- C:\sqmdata10.sqm
2008-02-13 10:08 . 2008-03-02 20:55 244 --ah-c--- C:\sqmnoopt09.sqm
2008-02-13 10:08 . 2008-03-02 20:55 232 --ah-c--- C:\sqmdata09.sqm
2008-02-13 00:06 . 2008-02-13 00:09 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-12 17:31 . 2008-02-19 19:16 <DIR> d-------- C:\Documents and Settings\Sam\Application Data\Move Networks
2008-02-12 16:34 . 2008-03-02 11:54 268 --ah-c--- C:\sqmdata08.sqm
2008-02-12 16:34 . 2008-03-02 11:54 244 --ah-c--- C:\sqmnoopt08.sqm
2008-02-11 20:02 . 2008-03-01 09:33 268 --ah-c--- C:\sqmdata07.sqm
2008-02-11 20:02 . 2008-03-01 09:33 244 --ah-c--- C:\sqmnoopt07.sqm
2008-02-10 14:55 . 2008-02-12 16:41 <DIR> d-------- C:\Program Files\Orb Networks
2008-02-10 13:01 . 2008-03-01 00:36 268 --ah-c--- C:\sqmdata06.sqm
2008-02-10 13:01 . 2008-03-01 00:36 244 --ah-c--- C:\sqmnoopt06.sqm
2008-02-09 19:15 . 2008-02-25 20:36 268 --ah-c--- C:\sqmdata05.sqm
2008-02-09 19:15 . 2008-02-25 20:36 244 --ah-c--- C:\sqmnoopt05.sqm
2008-02-09 18:28 . 2008-02-09 18:28 <DIR> d-------- C:\Program Files\SHARP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 15:53 --------- d-----w C:\Documents and Settings\Sam\Application Data\uTorrent
2008-03-09 12:00 --------- d-----w C:\Documents and Settings\Sam\Application Data\AVG7
2008-03-09 12:00 --------- d-----w C:\Documents and Settings\Michael\Application Data\AVG7
2008-03-09 01:57 --------- dc----w C:\Documents and Settings\Adam\Application Data\AVG7
2008-03-08 14:23 --------- d-----w C:\Documents and Settings\Stepahanie\Application Data\AVG7
2008-03-02 00:22 --------- d-----w C:\Program Files\AIM6
2008-03-01 23:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-17 14:29 --------- d-----w C:\Documents and Settings\Sam\Application Data\InstallShield
2008-02-16 20:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-02-16 20:37 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-02-16 20:33 --------- d-----w C:\Program Files\Roxio
2008-02-16 20:33 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-02-12 21:27 --------- d-----w C:\Program Files\Common Files\Nero
2008-02-12 21:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-12 20:39 --------- d-----w C:\Program Files\Frets on Fire
2008-02-09 22:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-05 23:36 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-02-05 23:34 --------- d-----w C:\Program Files\Windows Live Favorites
2008-02-05 23:31 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-05 23:31 --------- d-----w C:\Program Files\Windows Live
2008-02-05 23:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-04 01:53 --------- d-----w C:\Program Files\Disney
2008-02-03 21:18 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-02-03 21:12 --------- d-----w C:\Program Files\OLYMPUS
2008-01-25 20:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-01-22 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-22 22:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-21 20:23 --------- d-----w C:\Program Files\Google
2008-01-15 21:52 140,800 --sh--w C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-11-13 21:12 0 ----a-w C:\Documents and Settings\Sam\.exe
2007-10-03 03:06 10 ----a-w C:\Program Files\.autoreg
2007-06-18 03:05 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
Files Infected - Win32.Agent.zb
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 17:40 24576 C:\WINDOWS\MIDIDEF.EXE]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 19:39 176201]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 11:20 50528]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]
"LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 15:41 145496]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 17:46 135168]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 15:52 95536]
"C:\Documents and Settings\Sam\Desktop\BlackBerry_JDE_4.3.0.exe"="C:\Documents and Settings\Sam\Desktop\BlackBerry_JDE_4.3.0.exe" [2008-02-16 16:19 122965176]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 05:40 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-14 09:43 6731312]
"SigmatelSysTrayApp"="stsystra.exe" []
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 03:12 94208]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 09:47 57344]
"MBMon"="CTMBHA.DLL" [2005-05-19 08:54 1345520 C:\WINDOWS\system32\CTMBHA.DLL]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 05:40 218032]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 16:47 823362]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [ ]
"HostManager"="C:\Program Files\Common Files\AOL\1180058179\ee\AOLSoftware.exe" [2006-09-25 20:52 50736]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [ ]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-14 21:02 1838592]
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 07:42 1159168]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 00:17 579072]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-15 00:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 15:52 54576]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 12:43 228088]
"BM6b035b78"="C:\WINDOWS\system32\pvrnufqx.dll" [ ]
"{06-68-84-4B-DW}"="c:\windows\system32\rwwnw64d.exe" [2008-03-09 12:05 49155]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 09:02 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-10 17:04 219136]

C:\Documents and Settings\Adam\Start Menu\Programs\Startup\
DW_Start.lnk - C:\WINDOWS\system32\lan34\sysdr659.exe [2008-02-14 11:42:16 49152]

C:\Documents and Settings\Michael\Start Menu\Programs\Startup\
DW_Start.lnk - C:\WINDOWS\system32\lan34\sysdr659.exe [2008-02-14 11:42:16 49152]

C:\Documents and Settings\Stepahanie\Start Menu\Programs\Startup\
DW_Start.lnk - C:\WINDOWS\system32\lan34\sysdr659.exe [2008-02-14 11:42:16 49152]

C:\Documents and Settings\Sam\Start Menu\Programs\Startup\
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-10-02 14:16:42 1283608]
DW_Start.lnk - C:\WINDOWS\system32\rwwnw64d.exe [2008-03-09 12:05:47 49155]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 20:05:35 360448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
OZ_ZQ-590A Synchronization Software.lnk - C:\Program Files\SHARP\OZ_ZQ-590A\sync.exe [2008-02-09 18:28:52 655360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 14:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

S3 GameConsoleService;GameConsoleService;"C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe" [2008-01-08 02:25]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-07-10 15:49]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9832f06e-a914-11dc-965b-00038a000015}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-03-04 16:01:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-09 15:37:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-09 16:04:24 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-06 08:00:00 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 12:05:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\Documents and Settings\\Sam\\Desktop\\BlackBerry_JDE_4.3.0.exe"="C:\\Documents and Settings\\Sam\\Desktop\\BlackBerry_JDE_4.3.0.exe"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\Rundll32.exe
C:\DOCUME~1\Sam\LOCALS~1\Temp\clclean.0001
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\pcclient.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\temp\aubin\patch.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCGUIDE.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
.
**************************************************************************
.
Completion time: 2008-03-09 12:14:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-09 16:14:06
ComboFix2.txt 2007-11-14 23:06:22
.
2008-02-13 04:11:01 --- E O F ---




HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:08 PM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\AOL\1180058179\ee\AOLSoftware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\DOCUME~1\Sam\LOCALS~1\Temp\clclean.0001
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\SpywareGuard\sgmain.exe
c:\windows\system32\rwwnw64d.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCGUIDE.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\pcntomwb.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Sam\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180058179\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [BM6b035b78] Rundll32.exe "C:\WINDOWS\system32\pvrnufqx.dll",s
O4 - HKLM\..\Run: [{06-68-84-4B-DW}] c:\windows\system32\rwwnw64d.exe DWram
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\pcntomwb.exe DWram
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [C:\Documents and Settings\Sam\Desktop\BlackBerry_JDE_4.3.0.exe] C:\Documents and Settings\Sam\Desktop\BlackBerry_JDE_4.3.0.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\pcntomwb.exe
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: OZ_ZQ-590A Synchronization Software.lnk = C:\Program Files\SHARP\OZ_ZQ-590A\sync.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13087 bytes
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 10,009
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 757
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is online now Online
Spyware Killer

Re: many errors, extremely slow computer

 
0
  #9
Mar 9th, 2008
Any particular reason why you ran it 7 times?

==

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
KillAll::

File::
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\b153.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Documents and Settings\Sam\.exe
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Name: CFScript.gif Views: 26 Size: 27.1 KB


7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:
  • Combofix.txt
  • A new HijackThis log.
Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Last edited by crunchie; Mar 9th, 2008 at 5:09 pm.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Join Date: Mar 2008
Posts: 9
Reputation: samjennings is an unknown quantity at this point 
Solved Threads: 0
samjennings samjennings is offline Offline
Newbie Poster

Re: many errors, extremely slow computer

 
0
  #10
Mar 9th, 2008
Combofix ran 7 times? I have no idea why, I thought I ran it once.

new combofix:

ComboFix 08-03-09.1 - Sam 2008-03-09 20:47:36.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1500 [GMT -4:00]
Running from: C:\Documents and Settings\Sam\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sam\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Sam\.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\b153.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Adam\Start Menu\Programs\Startup\DW_Start.lnk
C:\Documents and Settings\Michael\Start Menu\Programs\Startup\Deewoo.lnk
C:\Documents and Settings\Michael\Start Menu\Programs\Startup\DW_Start.lnk
C:\Documents and Settings\Sam\.exe
C:\Documents and Settings\Sam\Start Menu\Programs\Startup\Deewoo.lnk
C:\Documents and Settings\Sam\Start Menu\Programs\Startup\DW_Start.lnk
C:\Documents and Settings\Stepahanie\Start Menu\Programs\Startup\DW_Start.lnk
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\WINDOWS\b104.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\b153.exe
C:\WINDOWS\b154.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\pcntomwb.exe
C:\WINDOWS\system32\pcntomwd.exe
C:\WINDOWS\system32\winpfz37.sys
C:\WINDOWS\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((( Files Created from 2008-02-10 to 2008-03-10 )))))))))))))))))))))))))))))))
.

2008-03-09 12:05 . 2008-03-09 12:05 49,155 --a------ C:\WINDOWS\system32\rwwnw64d.exe
2008-03-07 23:36 . 2008-03-07 23:36 37,376 --a------ C:\WINDOWS\17PHolmes572.exe
2008-03-07 23:29 . 2008-03-07 23:29 <DIR> d-------- C:\Program Files\nvcoi
2008-03-07 23:26 . 2008-03-07 23:26 <DIR> d-------- C:\WINDOWS\system32\typ2
2008-03-07 23:26 . 2008-03-07 23:26 <DIR> d-------- C:\WINDOWS\system32\lows8
2008-03-07 23:26 . 2008-03-07 23:26 <DIR> d-------- C:\WINDOWS\system32\lan34
2008-03-07 23:26 . 2008-03-08 10:24 <DIR> d-------- C:\WINDOWS\system32\ech5
2008-03-07 23:26 . 2008-03-07 23:26 37,376 --a------ C:\WINDOWS\mrofinu572.exe.tmp
2008-03-06 20:26 . 2008-03-06 20:26 <DIR> d-------- C:\Documents and Settings\Sam\Application Data\Malwarebytes
2008-03-06 20:25 . 2008-03-06 20:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-06 20:25 . 2008-03-06 20:25 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-03-06 20:25 . 2008-03-06 20:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-02 15:34 . 2008-03-02 15:34 <DIR> d-------- C:\Program Files\RADVideo
2008-03-02 02:23 . 2008-03-02 02:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-03-01 19:58 . 2008-03-01 20:28 4,309,071 ---hs---- C:\WINDOWS\system32\yfmhecey.ini
2008-02-29 20:54 . 2008-03-01 19:46 3,312,256 ---hs---- C:\WINDOWS\system32\rljucdhl.ini
2008-02-29 20:26 . 2008-02-29 20:52 1,307,402 ---hs---- C:\WINDOWS\system32\avjlakdi.ini
2008-02-29 14:19 . 2008-02-29 20:07 1,307,282 ---hs---- C:\WINDOWS\system32\jafsncqh.ini
2008-02-27 16:20 . 2008-02-27 16:20 <DIR> d-------- C:\Documents and Settings\Stepahanie\Application Data\acccore
2008-02-22 20:40 . 2008-02-22 20:40 <DIR> d-------- C:\Program Files\GabbaSoft
2008-02-20 21:20 . 2008-02-20 21:20 <DIR> d----c--- C:\Documents and Settings\Adam\Application Data\Move Networks
2008-02-19 21:54 . 2008-02-19 21:54 268 --ah-c--- C:\sqmdata19.sqm
2008-02-19 21:54 . 2008-03-08 23:40 244 --ah-c--- C:\sqmnoopt19.sqm
2008-02-19 17:05 . 2008-02-19 17:41 <DIR> d-------- C:\Documents and Settings\Stepahanie\Application Data\Move Networks
2008-02-19 15:38 . 2008-02-19 15:38 <DIR> d----c--- C:\Documents and Settings\Adam\Application Data\InstallShield
2008-02-19 02:58 . 2008-03-08 21:56 268 --ah-c--- C:\sqmdata18.sqm
2008-02-19 02:58 . 2008-03-08 21:56 244 --ah-c--- C:\sqmnoopt18.sqm
2008-02-18 20:27 . 2008-02-18 20:27 <DIR> d-------- C:\Documents and Settings\Stepahanie\Application Data\InstallShield
2008-02-17 10:32 . 2008-02-17 10:32 <DIR> d-------- C:\Documents and Settings\Sam\Application Data\Research In Motion
2008-02-17 10:31 . 2008-03-09 12:15 256 --a------ C:\WINDOWS\system32\pool.bin
2008-02-17 08:23 . 2008-02-17 08:23 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\InstallShield
2008-02-16 16:32 . 2008-02-17 08:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-02-16 16:26 . 2008-02-16 16:26 <DIR> d-------- C:\Documents and Settings\Sam\Application Data\Blackberry Desktop
2008-02-16 16:26 . 2007-01-18 11:24 26,496 -ra------ C:\WINDOWS\system32\drivers\RimSerial.sys
2008-02-16 16:25 . 2008-02-16 16:25 <DIR> d-------- C:\Program Files\Research In Motion
2008-02-16 16:25 . 2008-02-16 16:26 <DIR> d-------- C:\Program Files\Common Files\Research In Motion
2008-02-16 16:20 . 2008-02-16 16:20 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-02-15 21:08 . 2008-02-15 21:08 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\WildTangent
2008-02-15 21:07 . 2008-02-15 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2008-02-15 17:27 . 2008-03-08 11:57 268 --ah-c--- C:\sqmdata17.sqm
2008-02-15 17:27 . 2008-03-08 11:57 244 --ah-c--- C:\sqmnoopt17.sqm
2008-02-15 13:45 . 2008-03-07 18:25 268 --ah-c--- C:\sqmdata16.sqm
2008-02-15 13:45 . 2008-03-07 18:25 244 --ah-c--- C:\sqmnoopt16.sqm
2008-02-15 12:02 . 2008-03-04 17:35 268 --ah-c--- C:\sqmdata15.sqm
2008-02-15 12:02 . 2008-03-04 17:35 244 --ah-c--- C:\sqmnoopt15.sqm
2008-02-15 11:31 . 2008-02-15 11:31 <DIR> d-------- C:\Documents and Settings\Sam\Contacts
2008-02-15 10:21 . 2008-03-03 21:17 244 --ah-c--- C:\sqmnoopt14.sqm
2008-02-15 10:21 . 2008-03-03 21:17 232 --ah-c--- C:\sqmdata14.sqm
2008-02-14 19:50 . 2008-03-03 17:57 244 --ah-c--- C:\sqmnoopt13.sqm
2008-02-14 19:50 . 2008-03-03 17:57 232 --ah-c--- C:\sqmdata13.sqm
2008-02-14 17:57 . 2008-02-14 17:57 21,504 --a------ C:\WINDOWS\jestertb.dll
2008-02-13 23:23 . 2008-03-03 16:13 268 --ah-c--- C:\sqmdata12.sqm
2008-02-13 23:23 . 2008-03-03 16:13 244 --ah-c--- C:\sqmnoopt12.sqm
2008-02-13 21:13 . 2008-03-03 10:33 268 --ah-c--- C:\sqmdata11.sqm
2008-02-13 21:13 . 2008-03-03 10:33 244 --ah-c--- C:\sqmnoopt11.sqm
2008-02-13 20:46 . 2008-02-23 20:13 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Move Networks
2008-02-13 10:17 . 2008-03-02 23:31 244 --ah-c--- C:\sqmnoopt10.sqm
2008-02-13 10:17 . 2008-03-02 23:31 232 --ah-c--- C:\sqmdata10.sqm
2008-02-13 10:08 . 2008-03-02 20:55 244 --ah-c--- C:\sqmnoopt09.sqm
2008-02-13 10:08 . 2008-03-02 20:55 232 --ah-c--- C:\sqmdata09.sqm
2008-02-13 00:06 . 2008-02-13 00:09 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-12 17:31 . 2008-02-19 19:16 <DIR> d-------- C:\Documents and Settings\Sam\Application Data\Move Networks
2008-02-12 16:34 . 2008-03-02 11:54 268 --ah-c--- C:\sqmdata08.sqm
2008-02-12 16:34 . 2008-03-02 11:54 244 --ah-c--- C:\sqmnoopt08.sqm
2008-02-11 20:02 . 2008-03-01 09:33 268 --ah-c--- C:\sqmdata07.sqm
2008-02-11 20:02 . 2008-03-01 09:33 244 --ah-c--- C:\sqmnoopt07.sqm
2008-02-10 14:55 . 2008-02-12 16:41 <DIR> d-------- C:\Program Files\Orb Networks
2008-02-10 13:01 . 2008-03-01 00:36 268 --ah-c--- C:\sqmdata06.sqm
2008-02-10 13:01 . 2008-03-01 00:36 244 --ah-c--- C:\sqmnoopt06.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-10 00:44 --------- d-----w C:\Documents and Settings\Sam\Application Data\uTorrent
2008-03-09 12:00 --------- d-----w C:\Documents and Settings\Sam\Application Data\AVG7
2008-03-09 12:00 --------- d-----w C:\Documents and Settings\Michael\Application Data\AVG7
2008-03-09 01:57 --------- dc----w C:\Documents and Settings\Adam\Application Data\AVG7
2008-03-08 14:23 --------- d-----w C:\Documents and Settings\Stepahanie\Application Data\AVG7
2008-03-02 00:22 --------- d-----w C:\Program Files\AIM6
2008-03-01 23:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-17 14:29 --------- d-----w C:\Documents and Settings\Sam\Application Data\InstallShield
2008-02-16 20:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-02-16 20:37 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-02-16 20:33 --------- d-----w C:\Program Files\Roxio
2008-02-16 20:33 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-02-12 21:27 --------- d-----w C:\Program Files\Common Files\Nero
2008-02-12 21:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-12 20:39 --------- d-----w C:\Program Files\Frets on Fire
2008-02-09 22:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-09 22:28 --------- d-----w C:\Program Files\SHARP
2008-02-05 23:36 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-02-05 23:34 --------- d-----w C:\Program Files\Windows Live Favorites
2008-02-05 23:31 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-05 23:31 --------- d-----w C:\Program Files\Windows Live
2008-02-05 23:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-04 01:53 --------- d-----w C:\Program Files\Disney
2008-02-03 21:18 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-02-03 21:12 --------- d-----w C:\Program Files\OLYMPUS
2008-01-25 20:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-01-22 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-22 22:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-21 20:23 --------- d-----w C:\Program Files\Google
2007-10-03 03:06 10 ----a-w C:\Program Files\.autoreg
2007-06-18 03:05 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-03-09_12.13.54.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-09 16:05:54 62,032 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-09 16:07:41 62,032 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-09 16:05:54 402,426 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-09 16:07:41 402,426 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-10 00:53:23 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_720.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 17:40 24576 C:\WINDOWS\MIDIDEF.EXE]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 19:39 176201]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 11:20 50528]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]
"LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 15:41 145496]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 17:46 135168]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 15:52 95536]
"C:\Documents and Settings\Sam\Desktop\BlackBerry_JDE_4.3.0.exe"="C:\Documents and Settings\Sam\Desktop\BlackBerry_JDE_4.3.0.exe" [2008-02-16 16:19 122965176]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 05:40 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-14 09:43 6731312]
"SigmatelSysTrayApp"="stsystra.exe" []
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 03:12 94208]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 09:47 57344]
"MBMon"="CTMBHA.DLL" [2005-05-19 08:54 1345520 C:\WINDOWS\system32\CTMBHA.DLL]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 05:40 218032]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 16:47 823362]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [ ]
"HostManager"="C:\Program Files\Common Files\AOL\1180058179\ee\AOLSoftware.exe" [2006-09-25 20:52 50736]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [ ]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-14 21:02 1838592]
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 07:42 1159168]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 00:17 579072]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-15 00:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 15:52 54576]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 12:43 228088]
"BM6b035b78"="C:\WINDOWS\system32\pvrnufqx.dll" [ ]
"{06-68-84-4B-DW}"="C:\WINDOWS\system32\lan34\sysdr659.exe" [2008-02-14 11:42 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 09:02 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-10 17:04 219136]

C:\Documents and Settings\Sam\Start Menu\Programs\Startup\
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-10-02 14:16:42 1283608]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 20:05:35 360448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
OZ_ZQ-590A Synchronization Software.lnk - C:\Program Files\SHARP\OZ_ZQ-590A\sync.exe [2008-02-09 18:28:52 655360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 14:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

S3 GameConsoleService;GameConsoleService;"C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe" [2008-01-08 02:25]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-07-10 15:49]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9832f06e-a914-11dc-965b-00038a000015}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-03-04 16:01:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-10 00:37:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-10 00:53:10 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-06 08:00:00 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 20:53:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"C:\\Documents and Settings\\Sam\\Desktop\\BlackBerry_JDE_4.3.0.exe"="C:\\Documents and Settings\\Sam\\Desktop\\BlackBerry_JDE_4.3.0.exe"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\pcclient.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\temp\aubin\patch.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCGUIDE.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE
.
**************************************************************************
.
Completion time: 2008-03-09 21:00:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-10 01:00:37
ComboFix2.txt 2008-03-09 16:14:10
ComboFix3.txt 2007-11-14 23:06:22
.
2008-02-13 04:11:01 --- E O F ---




HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:10 PM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCGUIDE.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Sam\Desktop\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180058179\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [BM6b035b78] Rundll32.exe "C:\WINDOWS\system32\pvrnufqx.dll",s
O4 - HKLM\..\Run: [{06-68-84-4B-DW}] C:\WINDOWS\system32\lan34\sysdr659.exe DWram
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [C:\Documents and Settings\Sam\Desktop\BlackBerry_JDE_4.3.0.exe] C:\Documents and Settings\Sam\Desktop\BlackBerry_JDE_4.3.0.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: OZ_ZQ-590A Synchronization Software.lnk = C:\Program Files\SHARP\OZ_ZQ-590A\sync.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11764 bytes
Reply With Quote Quick reply to this message  
Reply
1 2

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec trojan unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC