0

Hi everyone, new here. This avgnsx.exe pops up occasionally when I use mozilla firefox, and now it's at the point where I can barely navigate websites. It took 3 minutes just to open my webmail account, you can imagine how long it finally took for me to register for daniweb!

Any help is much appreciated.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:48 AM, on 4/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
C:\Program Files\Samsung\Samsung SCX-4725 Series\SPanel\RCP\Scan2pc.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards
O4 - HKLM\..\Run: [Whitney2_S2P] C:\Program Files\Samsung\Samsung SCX-4725 Series\SPanel\RCP\Scan2pc.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [IE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SetPointII.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SyncThru Web Admin Service (SWAS_Core) - Unknown owner - C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe

--
End of file - 7820 bytes

2
Contributors
18
Replies
19
Views
9 Years
Discussion Span
Last Post by crunchie
0

Hi and welcome to the Daniweb forums :).

==========

Can you please do the following.

===============

Scan with HijackThis and then place a check next to all the following, if present:


O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

files...

C:\WINDOWS\system32\kavo.exe

Search for...

ALCMTR.EXE

...using "Start | Search...".

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.

Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

0

Hi!

Thanks for the super fast response.

Firstly, I found both of these and fixed them:

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe

Then

I did not find C:\WINDOWS\system32\kavo.exe

but I did find 3 variatos of ALCMTR.EXE, which I successfully deleted immediately


Here is the new hijack this log, thanks!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:09:46 AM, on 4/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Samsung\Samsung SCX-4725 Series\SPanel\RCP\Scan2pc.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards
O4 - HKLM\..\Run: [Whitney2_S2P] C:\Program Files\Samsung\Samsung SCX-4725 Series\SPanel\RCP\Scan2pc.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [IE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SetPointII.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SyncThru Web Admin Service (SWAS_Core) - Unknown owner - C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe

--
End of file - 7735 bytes

0

The symptoms I first experienced are still there, my computer is incredibly slow when browsing the web. Especially when I'm using ebay, everytime I open a new window, it lags for at least 15 seconds, which is very strange as this used to never happen.

Thanks!

0

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

0

Thanks again! I ran combofix, after i physically disconnected from the internet and turned of all spyware software (the only thing that I couldn't seen to turn off was the microsoft security center thing). Here is the log from combo fix:

ComboFix 08-04-04.1 - Administrator 2008-04-05 14:17:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1472 [GMT -7:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-05 to 2008-04-05 )))))))))))))))))))))))))))))))
.

2008-04-05 10:04 . 2008-04-05 10:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nero
2008-04-05 10:02 . 2008-04-05 10:02 <DIR> d-------- C:\Program Files\Nero
2008-04-05 10:02 . 2008-04-05 10:04 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-04-05 10:02 . 2008-04-05 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-05 05:20 . 2008-04-05 05:20 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-04-04 23:50 . 2008-04-04 23:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-20 23:56 . 2008-04-05 07:39 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-03-20 23:56 . 2008-03-20 23:56 <DIR> d-------- C:\Program Files\AVG
2008-03-20 23:56 . 2008-03-20 23:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-03-20 23:56 . 2008-03-20 23:56 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-03-20 23:56 . 2008-03-21 00:20 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-03-20 23:56 . 2008-03-20 23:56 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-03-20 23:56 . 2008-03-20 23:56 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-03-20 23:56 . 2008-03-21 00:20 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-03-20 00:21 . 2008-03-20 00:21 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-20 00:21 . 2008-03-20 00:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-20 00:20 . 2008-03-20 00:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-09 22:59 . 2008-03-09 22:59 <DIR> d-------- C:\Program Files\Auctiva

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 11:48 --------- d-----w C:\Program Files\Warcraft III
2008-04-05 06:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-04-03 07:12 --------- d-----w C:\Documents and Settings\Administrator\Application Data\dvdcss
2008-03-16 22:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-03-02 05:10 --------- d-----w C:\Program Files\Winamp
2008-03-01 12:48 --------- d-----w C:\Program Files\IrfanView
2008-02-28 06:17 --------- d-----w C:\Program Files\picture-shark
2008-02-22 04:05 --------- d-----w C:\Program Files\iTunes
2008-02-22 04:05 --------- d-----w C:\Program Files\iPod
2008-02-20 03:16 --------- d-----w C:\Program Files\Free Audio Pack
2008-02-19 10:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-17 09:41 --------- d-----w C:\Program Files\DirectVobSub
2008-02-14 04:28 --------- d-----w C:\Program Files\QuickTime
2008-02-14 04:28 --------- d-----w C:\Program Files\Bonjour
2008-02-14 04:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-14 04:27 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-14 04:27 --------- d-----w C:\Program Files\Apple Software Update
2008-02-14 04:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-07 08:03 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-01-05 10:05 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2007-10-24 21:30 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-10-24 21:30 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2007-10-24 21:30 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007102420071025\index.dat
2007-10-24 21:30 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 16:56 15360]
"AIM"="C:\Program Files\AIM\aim.exe" [2004-04-12 11:39 61440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 12:51 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"CitiVAN"="C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe" [2004-08-12 15:55 192512]
"Whitney2_S2P"="C:\Program Files\Samsung\Samsung SCX-4725 Series\SPanel\RCP\Scan2pc.exe" [2007-01-25 23:33 245760]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe" [2007-01-21 22:55 507904]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-07-17 18:39 55824 C:\WINDOWS\KHALMNPR.Exe]
"DeadAIM"="C:\PROGRA~1\AIM\\DeadAIM.ocm" [2004-02-28 14:12 144896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-03-28 08:12 1177368]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25 1828136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []
"IE7-11"="advpack.dll" [2007-12-06 19:01 124928 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-01-21 13:20:31 557568]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-11-29 12:09:20 968224]
SetPointII.lnk - C:\Program Files\Logitech\SetPoint II\SetpointII.exe [2007-08-30 19:13:06 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-03-20 23:56]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-03-21 00:19]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-03-21 00:19]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-03-21 00:19]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-03-21 00:20]
R2 SWAS_Core;SyncThru Web Admin Service;C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe [2007-07-18 00:24]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-03-20 23:56]
S0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys []
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-03-20 23:56]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-10-24 14:42]
S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63928d42-83aa-11dc-b65e-001a4d542ead}]
\Shell\AutoRun\command - G:\ntdelect.com
\Shell\explore\Command - G:\ntdelect.com
\Shell\open\Command - G:\ntdelect.com

*Newly Created Service* - NMINDEXINGSERVICE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 14:18:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PsSdk30]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv"
.
Completion time: 2008-04-05 14:18:10
ComboFix-quarantined-files.txt 2008-04-05 21:18:09
Pre-Run: 10,765,508,608 bytes free
Post-Run: 10,753,888,256 bytes free
.
2008-04-05 12:08:08 --- E O F ---


*************HERE IS THE HJT LOG*********************


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:58 PM, on 4/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Samsung\Samsung SCX-4725 Series\SPanel\RCP\Scan2pc.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards
O4 - HKLM\..\Run: [Whitney2_S2P] C:\Program Files\Samsung\Samsung SCX-4725 Series\SPanel\RCP\Scan2pc.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [IE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SetPointII.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SyncThru Web Admin Service (SWAS_Core) - Unknown owner - C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe

--
End of file - 8391 bytes

Again, I really appreciate this!

0

Nothing bad there that I can see. How long have you had the AVG firewall going? Has the problem been there since it's installation?

==

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program

0

Hi!

Did the ATF thing, but I'm still running into problems when using ebay.

For example, everytime i open a new window in a tab, it freezes for about 10 seconds.

This used to never happen, any idea what else it could be?

0

Woah, actually right after the ATF thing it improved a WHOLE lot because I was using ebay right before then right after.

I'll let you know if it starts to worsen :)

0

Hi,

Looks like after cleaning browsing the web returns to normal for a day or two. Now it's all slow again. For instance, when I open one firefox window, it lags every other window. usually I could do stuff concurrently without problem, but now it noticeably freezes whenever an action is performed on another page.

0

How much cache are you using on FF? I have mine set to 50Mb which seems to work ok for me (not that I use FF all that much. Opera all the way :D).

0

Hope I don't post twice =P

Ok, my cache is at default, I've never changed it. I doubt it's the cache because....

I use gmail for webmail, and on my computer I cannot log in anymore. It times out and forces me to use html mail grrrrrrrr

Now, I went to my dad's computer right next to mine on the same router -- logs in perfectly fine.

There is something on my computer really lagging everything web related.

0

Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.Once the files are downloaded click on Next
Click on Scan Settings and configure as follows: Scan using the following Anti-Virus database:Extended

Scan Options:Scan Archives
Scan Mail Bases


Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on:Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

Attachments Kas-SaveReport-1.gif 40.15 KB Kas-Savetxt.gif 2.56 KB
0

Again,

I appreciate all the help. Here is the result from the ksScan:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, April 09, 2008 11:12:32 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update:  9/04/2008
Kaspersky Anti-Virus database records: 692913
-------------------------------------------------------------------------------


Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true


Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\


Scan Statistics:
Total number of scanned objects: 78082
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:30:23


Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\Aim\srirachamild\cert8.db  Object is locked    skipped
C:\Documents and Settings\Administrator\Application Data\Aim\srirachamild\key3.db   Object is locked    skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jn9ycvwx.default\cert8.db Object is locked    skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jn9ycvwx.default\formhistory.dat  Object is locked    skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jn9ycvwx.default\history.dat  Object is locked    skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jn9ycvwx.default\key3.db  Object is locked    skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jn9ycvwx.default\parent.lock  Object is locked    skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jn9ycvwx.default\search.sqlite    Object is locked    skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jn9ycvwx.default\urlclassifier2.sqlite    Object is locked    skipped
C:\Documents and Settings\Administrator\Cookies\index.dat   Object is locked    skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead\Nero Home\bl.db   Object is locked    skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead\Nero Home\is2.db  Object is locked    skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  Object is locked    skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  Object is locked    skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\jn9ycvwx.default\Cache\_CACHE_001_ Object is locked    skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\jn9ycvwx.default\Cache\_CACHE_002_ Object is locked    skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\jn9ycvwx.default\Cache\_CACHE_003_ Object is locked    skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\jn9ycvwx.default\Cache\_CACHE_MAP_ Object is locked    skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008040920080410\index.dat   Object is locked    skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\EPSLog.txt  Object is locked    skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFBA5A.tmp Object is locked    skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat   Object is locked    skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked    skipped
C:\Documents and Settings\Administrator\NTUSER.DAT  Object is locked    skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG  Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\avg8\AvgAm\avgam.lck   Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\avg8\emc\Log\emc.log   Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgam.log Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log   Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log.1 Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log  Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\commonpriv.log    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\commonpub.log Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log  Object is locked    skipped
C:\Documents and Settings\All Users\eBay\Turbo Lister2\Data\App.tdb Object is locked    skipped
C:\Documents and Settings\All Users\eBay\Turbo Lister2\Data\puppykittenloverlisting.tdb Object is locked    skipped
C:\Documents and Settings\All Users\eBay\Turbo Lister2\Data\TLDbErr.log Object is locked    skipped
C:\Documents and Settings\All Users\eBay\Turbo Lister2\Data\user001.tdb Object is locked    skipped
C:\Documents and Settings\All Users\eBay\Turbo Lister2\Tl.log   Object is locked    skipped
C:\Documents and Settings\LocalService\Cookies\index.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\NTUSER.DAT   Object is locked    skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG   Object is locked    skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked    skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked    skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked    skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked    skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU2.txt  Object is locked    skipped
C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWASDB.db Object is locked    skipped
C:\System Volume Information\MountPointManagerRemoteDatabase    Object is locked    skipped
C:\System Volume Information\_restore{D0E394AB-0159-418B-BFEC-4CD2E0FFA55F}\RP200\change.log    Object is locked    skipped
C:\WINDOWS\CSC\00000001 Object is locked    skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked    skipped
C:\WINDOWS\SchedLgU.Txt Object is locked    skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked    skipped
C:\WINDOWS\Sti_Trace.log    Object is locked    skipped
C:\WINDOWS\system32\CatRoot2\edb.log    Object is locked    skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb    Object is locked    skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked    skipped
C:\WINDOWS\system32\config\default  Object is locked    skipped
C:\WINDOWS\system32\config\default.LOG  Object is locked    skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked    skipped
C:\WINDOWS\system32\config\SAM  Object is locked    skipped
C:\WINDOWS\system32\config\SAM.LOG  Object is locked    skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked    skipped
C:\WINDOWS\system32\config\SECURITY Object is locked    skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked    skipped
C:\WINDOWS\system32\config\software Object is locked    skipped
C:\WINDOWS\system32\config\software.LOG Object is locked    skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked    skipped
C:\WINDOWS\system32\config\system   Object is locked    skipped
C:\WINDOWS\system32\config\system.LOG   Object is locked    skipped
C:\WINDOWS\system32\h323log.txt Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER  Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP  Object is locked    skipped
C:\WINDOWS\wiadebug.log Object is locked    skipped
C:\WINDOWS\wiaservc.log Object is locked    skipped
C:\WINDOWS\WindowsUpdate.log    Object is locked    skipped
D:\System Volume Information\MountPointManagerRemoteDatabase    Object is locked    skipped
E:\System Volume Information\MountPointManagerRemoteDatabase    Object is locked    skipped


Scan process completed.

I'm going to look into opera now since everyone is raving about it!!

Edited by happygeek: fixed formatting

0

Thanks again,

That didn't seem to fix it, so I installed Opera and boy is it much better. I went back, uninstalled firefox, re-installed, same probelm. New tabs freeze my entire browser.

Now I have a question about Opera itself, i notice when I double click a particular word, it brings up this menu with things like "ctrl-c" to copy. When I actually hit ctrl-c it doesn't really copy, I have to mouse click the ctrl-c choice and then it copies.

Also, when I open new tabs it defaults to putting the context on the new tab, is there a way to change that?

Thanks again for all your help.

0

Now I have a question about Opera itself, i notice when I double click a particular word, it brings up this menu with things like "ctrl-c" to copy. When I actually hit ctrl-c it doesn't really copy, I have to mouse click the ctrl-c choice and then it copies.

When you double click on a word and the context menu comes up, left click on the copy and it should work ok.

Also, when I open new tabs it defaults to putting the context on the new tab, is there a way to change that?

Not sure exactly what you mean. Could you explain a little more please.

Thanks again for all your help.

No worries :).

0

Sorry about that, let me clarify:

when you open a new tab from a current window, it automatically switches the view to the new window, whereas mozilla would open the new tab, but you'd still stay on the original window. I played around with the tiling, cascading, and that is pretty neat, I really like that feature.

Also, back to the potential viruses. Any guesses as to why I still have a mozilla firefox problem even though it seems like there is nothing wrong from all the diagnostic reports?

I am considering doing a clean re-install (big headache), to just make sure everything is clear from this point forward. Even though opera works great for me, I just have that nagging feeling there's spyware on my system.

0

I don't think the Tab focus works that way with Opera, but I could be wrong.

There could still be remnants of a corrupted FF file/registry entry after uninstalling it.
Are there any other problems with the pc that lead you to believe there is still something wrong?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.