0

Ok, it started about a week ago I was looking at a site that generates flash codes when my symantec alerted me of a virus that I picked up. Then I started getting a pop-up page with every new page I browsed. So I knew I probably had a spyware infection with the virus symantec caught. I ran ad-aware to hopefully clean my system and symantec to re-check for any infection. Both programs came up empty on the scans. So I got spybot and it found a couple of items and cleaned up the pop-up problems. But then I noticed that my system started to slow down especially my browsing speeds. I went to re-scan with symanted but I could not get it to load. I uninstalled it and deleted the files in the quarinteen. I went to Kaspersky's online scan and it found 2 viruses and some spyware that I could not find. (I did not know about the system folders being hidden at the time). So I re-installed symantec and scanned again and got frustated. I browsed this forum and a few others for some tips. After researching these are the steps I took:

-Cleaned all my temp folders and prefetch

-Disabled System Restore

-Bought the power suite from uni-blue (regboost,speedmyps,and spyeraser)

-Rebooted in safe mode ran spyeraser (cleaned some files)

-Rebooted in safe mode ran regbooster (cleaned up the registery)

-Rebooted in safe mode ran speedmypc (optimized my system)

-Rebooted in safe mode ran Ccleaner

-Rebooted in safe mode ran ATF Cleaner

-Rebooted in safe mode ran Ad-Aware (nothing found)

-Rebooted in safe mode ran Counterspy (cleaned some files)

-Rebooted in safe mode ran AVG (nothing found)

-Rebooted in safe mode ran Pandasoft's AntiRootKit (nothing found)

-Rebooted in safe mode ran Trendmicro's Housecall (nothing found)

-Rebooted in safe mode ran Trojan Hunter (nothing found)

-Rebooted in safe mode ran Trojan Remover (nothing found)

-Rebooted in safe mode ran McAfee's Stinger (nothing found)

-Rebooted in safe mode ran Symantec (nothing found)

-Rebooted in safe mode w/networking ran Kapersky's online scan (cleaned virtumond file)

-Rebooted in safe mode w/networking ran VundoFix (nothing found)

-Rebooted in safe mode w/networking ran BitDefender's online scan (nothing found)

-Rebooted in safe mode w/networking ran TrendMicro's online scan (nothing found)

-Rebooted in safe mode w/networking ran McAfee's online scan (noting found)

-Rebooted in normal ran spyware blaster (found 11 files and 1 registery error..virtumonde and cleaned them)

My pc is slow and crawls when browsing (with both IE and FireFox) and when typing browser will hang.

Notes of intrest*

1. When trying to scan in normal spyeraser,avg,and counterspy kept hanging up on alot of .htm or .hmtl files I had. (like the help files for Adobe Photoshop)

2.My browsing speed is normal when I am booted in safemode w/networking

3.The online scan from Panda shuts down instantly and closes the browser window part-way thru the scan (usually when it hits C://ntldr)

4.The other online scans would not finish in normal mode they kept hanging on a file in my C://WINDOWS/$NtServicePackUninstall$/msobshel.html has to scan in safe w/networking

5.My CPU Usage is all over the place now 70%-100%, where as before it was 20%-30%

Here is my HijackThis Report:

Logfile of HijackThis v1.99.1

Scan saved at 12:27:56 PM, on 08/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\MXOALDR.EXE

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Documents and Settings\Jonathan\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {CC788838-69D1-4F49-BEF9-9B9431244D88} - (no file)

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE

O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O15 - Trusted Zone: http://www.cafepress.com

O15 - Trusted Zone: http://www.msi.com.tw

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160458304640

O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.amwareaps.com/tsweb/msrdp.cab

O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5095/mcfscan.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15029/CTPID.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: pmkjj - C:\WINDOWS\

O20 - Winlogon Notify: qomjghe - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

3
Contributors
13
Replies
14
Views
10 Years
Discussion Span
Last Post by crunchie
0

Thanks for the advice cereal I ran the process program and I dont see anything out of the ordinary. I also ran the tcp program and I dont see anything strange...but I'm not an experienced user so I'm not sure. Below are the reports of the 2 programs.

I also input my hijackthis scan into hijackthis.de and saw something that might be of significance. There are 2 files that are in the log that I have deleted due to them being scanned as malware.

O20 - Winlogon Notify: pmkjj - C:\WINDOWS\
O20 - Winlogon Notify: qomjghe - C:\WINDOWS\

I deleted both pmkjj.dll and qomjghe.dll and they are showing up in my hijack this scan.


Here is the Process Report
Process PID CPU Description Company Name Path
System Idle Process 0 96.92
Interrupts n/a 2.31 Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 796 Windows NT Session Manager Microsoft Corporation C:\WINDOWS\system32\smss.exe
csrss.exe 864 Client Server Runtime Process Microsoft Corporation C:\WINDOWS\system32\csrss.exe
winlogon.exe 900 Windows NT Logon Application Microsoft Corporation C:\WINDOWS\system32\winlogon.exe
services.exe 944 0.77 Services and Controller app Microsoft Corporation C:\WINDOWS\system32\services.exe
ati2evxx.exe 1128 ATI External Event Utility EXE Module ATI Technologies Inc. C:\WINDOWS\system32\ati2evxx.exe
svchost.exe 1148 Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe
svchost.exe 1216 Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe
svchost.exe 1348 Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe
incdsrv.exe 1384 incdsrv Nero AG C:\Program Files\Ahead\InCD\incdsrv.exe
svchost.exe 1528 Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe
svchost.exe 1720 Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe
spoolsv.exe 1836 Spooler SubSystem App Microsoft Corporation C:\WINDOWS\system32\spoolsv.exe
AppleMobileDeviceService.exe 1972 Apple Mobile Device Service Apple, Inc. C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
guard.exe 2004 AVG Anti-Spyware guard GRISOFT s.r.o. C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
CTSVCCDA.EXE 2036 Creative Service for CDROM Access Creative Technology Ltd C:\WINDOWS\system32\CTSVCCDA.EXE
DefWatch.exe 236 Virus Definition Daemon Symantec Corporation C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
Rtvscan.exe 316 Symantec AntiVirus Symantec Corporation C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
HPZipm12.exe 412 PML Driver HP C:\WINDOWS\system32\HPZipm12.exe
SBCSSvc.exe 440 Scan Service Sunbelt Software C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
svchost.exe 564 Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe
MsPMSPSv.exe 684 WMDM PMSP Service Microsoft Corporation C:\WINDOWS\system32\MsPMSPSv.exe
alg.exe 1544 Application Layer Gateway Service Microsoft Corporation C:\WINDOWS\system32\alg.exe
svchost.exe 2384 Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe
lsass.exe 956 LSA Shell (Export Version) Microsoft Corporation C:\WINDOWS\system32\lsass.exe
ati2evxx.exe 1496 ATI External Event Utility EXE Module ATI Technologies Inc. C:\WINDOWS\system32\ati2evxx.exe
explorer.exe 3700 Windows Explorer Microsoft Corporation C:\WINDOWS\explorer.exe
realsched.exe 3696 RealNetworks Scheduler RealNetworks, Inc. C:\Program Files\Common Files\Real\Update_OB\realsched.exe
jusched.exe 3896 Java(TM) Platform SE binary Sun Microsystems, Inc. C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
MXOALDR.EXE 3188 Cypress USB Mass Storage Driver Background Application Cypress Semiconductor C:\WINDOWS\MXOALDR.EXE
point32.exe 3924 Point32.exe Microsoft Corporation C:\Program Files\Microsoft IntelliPoint\point32.exe
InCD.exe 3936 InCD Nero AG C:\Program Files\Ahead\InCD\InCD.exe
CTHELPER.EXE 3856 CtHelper Application Creative Technology Ltd C:\WINDOWS\CTHELPER.EXE
hpwuSchd2.exe 3740 Hewlett-Packard Product Assistant Hewlett-Packard Development Company, L.P. C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
CTDVDDET.exe 3992 CTDVDDET Creative Technology Ltd C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
VPTray.exe 3984 Symantec AntiVirus Symantec Corporation C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
CTDetect.exe 208 Creative MediaSource Detector Creative Technology Ltd C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
hpqtra08.exe 2188 HP Digital Imaging Monitor Hewlett-Packard Development Company, L.P. C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
hpqste08.exe 2568 HP CUE Status Hewlett-Packard Development Company, L.P. C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
procexp.exe 3436 Sysinternals Process Explorer Sysinternals C:\Documents and Settings\Jonathan\Desktop\Process Explorer\procexp.exe
CLI.exe 4064 CLI Application (Command Line Interface) ATI Technologies Inc. C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
CLI.exe 2908 CLI Application (Command Line Interface) ATI Technologies Inc. C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
CLI.exe 2836 CLI Application (Command Line Interface) ATI Technologies Inc. C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


And here is my TCP Report
alg.exe:1544 TCP Dees:1025 Dees:0 LISTENING
AppleMobileDeviceService.exe:1972 TCP Dees:27015 Dees:0 LISTENING
CLI.exe:2836 TCP Dees:1043 Dees:0 LISTENING
CLI.exe:2908 TCP Dees:1041 Dees:0 LISTENING
CLI.exe:4064 TCP Dees:1038 Dees:0 LISTENING
lsass.exe:956 UDP Dees:500 *:*
lsass.exe:956 UDP Dees:4500 *:*
svchost.exe:1216 TCP Dees:135 Dees:0 LISTENING
svchost.exe:1348 UDP dees:123 *:*
svchost.exe:1348 UDP Dees:123 *:*
svchost.exe:1528 UDP Dees:1049 *:*
svchost.exe:1528 UDP Dees:1069 *:*
svchost.exe:1720 TCP Dees:2869 Dees:0 LISTENING
svchost.exe:1720 UDP dees:1900 *:*
svchost.exe:1720 UDP Dees:1900 *:*
System:4 TCP Dees:445 Dees:0 LISTENING
System:4 TCP dees:139 Dees:0 LISTENING
System:4 UDP dees:137 *:*
System:4 UDP Dees:445 *:*
System:4 UDP dees:138 *:*

0

Please download VundoFix.exe
to your desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HijackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

==

Make sure the formatting of the hijackthis log is correct, as the first one has spaces in between every line.

0

I d/l VundoFix to my desktop and ran the scan. It reported that there were no files infected.
I apoligize for the formatting of my first hijackthis log.

I input my hijackthis scan into hijackthis.de and saw something that might be of significance. There are 2 files that are in the log that I have deleted due to them being scanned as malware.

O20 - Winlogon Notify: pmkjj - C:\WINDOWS\
O20 - Winlogon Notify: qomjghe - C:\WINDOWS\

I deleted both pmkjj.dll and qomjghe.dll and they are showing up in my hijack this scan.

0

You definitely have a Vundo infection. Those files you point out are Vundo related.
Please follow all my requests as well as doing the following;

1. Download this file from one of the following links :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply, along with a new hijackthis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

0

Thank you so much for your time and help.

Here is the report from combofix:
ComboFix 07-08-09.3 - "Jonathan" 2007-08-12  1:10:09.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.642 [GMT -4:00]



(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))



C:\Program Files\Common Files\asembl~1
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll



(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))



-------\NPF



(((((((((((((((((((((((((   Files Created from 2007-07-12 to 2007-08-12  )))))))))))))))))))))))))))))))



2007-08-12 00:54    51,200  --a------   C:\WINDOWS\nircmd.exe
2007-08-11 23:06    <DIR>    d--------   C:\WINDOWS\SxsCaPendDel
2007-08-11 22:57    99,865  --a--c---   C:\WINDOWS\system32\dllcache\xlog.exe
2007-08-11 22:57    8,192   --a--c---   C:\WINDOWS\system32\dllcache\wshirda.dll
2007-08-11 22:57    4,608   --a--c---   C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-08-11 22:57    27,648  --a--c---   C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-08-11 22:57    23,040  --a--c---   C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-08-11 22:57    19,455  --a--c---   C:\WINDOWS\system32\dllcache\wvchntxx.sys
2007-08-11 22:57    17,408  --a--c---   C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-08-11 22:57    16,970  --a--c---   C:\WINDOWS\system32\dllcache\xem336n5.sys
2007-08-11 22:57    12,063  --a--c---   C:\WINDOWS\system32\dllcache\wsiintxx.sys
2007-08-11 22:57    116,224 --a--c---   C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-08-11 22:56    87,040  --a--c---   C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2007-08-11 22:56    8,832   --a--c---   C:\WINDOWS\system32\dllcache\wmiacpi.sys
2007-08-11 22:56    794,654 --a--c---   C:\WINDOWS\system32\dllcache\usr1801.sys
2007-08-11 22:56    794,399 --a--c---   C:\WINDOWS\system32\dllcache\usr1806v.sys
2007-08-11 22:56    793,598 --a--c---   C:\WINDOWS\system32\dllcache\usr1806.sys
2007-08-11 22:56    771,581 --a--c---   C:\WINDOWS\system32\dllcache\winacisa.sys
2007-08-11 22:56    765,884 --a--c---   C:\WINDOWS\system32\dllcache\usrti.sys
2007-08-11 22:56    701,386 --a--c---   C:\WINDOWS\system32\dllcache\wdhaalba.sys
2007-08-11 22:56    7,556   --a--c---   C:\WINDOWS\system32\dllcache\usroslba.sys
2007-08-11 22:56    687,999 --a--c---   C:\WINDOWS\system32\dllcache\usrwdxjs.sys
2007-08-11 22:56    64,605  --a--c---   C:\WINDOWS\system32\dllcache\vvoice.sys
2007-08-11 22:56    604,253 --a--c---   C:\WINDOWS\system32\dllcache\vmodem.sys
2007-08-11 22:56    53,760  --a--c---   C:\WINDOWS\system32\dllcache\wiamsmud.dll
2007-08-11 22:56    5,376   --a--c---   C:\WINDOWS\system32\dllcache\viaide.sys
2007-08-11 22:56    397,502 --a--c---   C:\WINDOWS\system32\dllcache\vpctcom.sys
2007-08-11 22:56    35,871  --a--c---   C:\WINDOWS\system32\dllcache\wbfirdma.sys
2007-08-11 22:56    34,890  --a--c---   C:\WINDOWS\system32\dllcache\wlandrv2.sys
2007-08-11 22:56    33,599  --a--c---   C:\WINDOWS\system32\dllcache\watv04nt.sys
2007-08-11 22:56    31,744  --a--c---   C:\WINDOWS\system32\dllcache\wceusbsh.sys
2007-08-11 22:56    29,311  --a--c---   C:\WINDOWS\system32\dllcache\watv01nt.sys
2007-08-11 22:56    25,600  --a--c---   C:\WINDOWS\system32\dllcache\usbser.sys
2007-08-11 22:56    249,402 --a--c---   C:\WINDOWS\system32\dllcache\vinwm.sys
2007-08-11 22:56    24,576  --a--c---   C:\WINDOWS\system32\dllcache\viairda.sys
2007-08-11 22:56    23,615  --a--c---   C:\WINDOWS\system32\dllcache\wch7xxnt.sys
2007-08-11 22:56    224,802 --a--c---   C:\WINDOWS\system32\dllcache\usr1807a.sys
2007-08-11 22:56    19,551  --a--c---   C:\WINDOWS\system32\dllcache\watv02nt.sys
2007-08-11 22:56    19,528  --a--c---   C:\WINDOWS\system32\dllcache\w840nd.sys
2007-08-11 22:56    19,016  --a--c---   C:\WINDOWS\system32\dllcache\w926nd.sys
2007-08-11 22:56    16,925  --a--c---   C:\WINDOWS\system32\dllcache\w940nd.sys
2007-08-11 22:56    154,624 --a--c---   C:\WINDOWS\system32\dllcache\wlluc48.sys
2007-08-11 22:56    12,415  --a--c---   C:\WINDOWS\system32\dllcache\wadv01nt.sys
2007-08-11 22:56    12,127  --a--c---   C:\WINDOWS\system32\dllcache\wadv02nt.sys
2007-08-11 22:56    113,762 --a--c---   C:\WINDOWS\system32\dllcache\usrpda.sys
2007-08-11 22:56    11,775  --a--c---   C:\WINDOWS\system32\dllcache\wadv05nt.sys
2007-08-11 22:55    99,328  --a--c---   C:\WINDOWS\system32\dllcache\srusd.dll
2007-08-11 22:55    94,720  --a--c---   C:\WINDOWS\system32\dllcache\umaxud32.dll
2007-08-11 22:55    94,293  --a--c---   C:\WINDOWS\system32\dllcache\sxports.dll
2007-08-11 22:55    9,600   --a--c---   C:\WINDOWS\system32\dllcache\sonymc.sys
2007-08-11 22:55    82,432  --a--c---   C:\WINDOWS\system32\dllcache\tp4mon.exe
2007-08-11 22:55    81,408  --a--c---   C:\WINDOWS\system32\dllcache\tgiul50.dll
2007-08-11 22:55    7,552   --a--c---   C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-08-11 22:55    7,552   --a--c---   C:\WINDOWS\system32\dllcache\sonyait.sys
2007-08-11 22:55    7,040   --a--c---   C:\WINDOWS\system32\dllcache\tandqic.sys
2007-08-11 22:55    7,040   --a--c---   C:\WINDOWS\system32\dllcache\snyaitmc.sys
2007-08-11 22:55    69,632  --a--c---   C:\WINDOWS\system32\dllcache\umaxu12.dll
2007-08-11 22:55    61,824  --a--c---   C:\WINDOWS\system32\dllcache\speed.sys
2007-08-11 22:55    59,264  --a--c---   C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-08-11 22:55    53,760  --a--c---   C:\WINDOWS\system32\dllcache\sw_wheel.dll
2007-08-11 22:55    53,248  --a--c---   C:\WINDOWS\system32\dllcache\stlncoin.dll
2007-08-11 22:55    525,568 --a--c---   C:\WINDOWS\system32\dllcache\tridxp.dll
2007-08-11 22:55    50,688  --a--c---   C:\WINDOWS\system32\dllcache\umaxscan.dll
2007-08-11 22:55    50,176  --a--c---   C:\WINDOWS\system32\dllcache\umaxp60.dll
2007-08-11 22:55    48,736  --a--c---   C:\WINDOWS\system32\dllcache\srwlnd5.sys
2007-08-11 22:55    47,616  --a--c---   C:\WINDOWS\system32\dllcache\umaxcam.dll
2007-08-11 22:55    440,576 --a--c---   C:\WINDOWS\system32\dllcache\tridkb.dll
2007-08-11 22:55    42,496  --a--c---   C:\WINDOWS\system32\dllcache\tp4res.dll
2007-08-11 22:55    41,472  --a--c---   C:\WINDOWS\system32\dllcache\sw_effct.dll
2007-08-11 22:55    4,992   --a--c---   C:\WINDOWS\system32\dllcache\toside.sys
2007-08-11 22:55    37,961  --a--c---   C:\WINDOWS\system32\dllcache\tdk100b.sys
2007-08-11 22:55    37,040  --a--c---   C:\WINDOWS\system32\dllcache\sonypi.sys
2007-08-11 22:55    36,736  --a--c---   C:\WINDOWS\system32\dllcache\ultra.sys
2007-08-11 22:55    36,640  --a--c---   C:\WINDOWS\system32\dllcache\t2r4mini.sys
2007-08-11 22:55    34,375  --a--c---   C:\WINDOWS\system32\dllcache\tpro4.sys
2007-08-11 22:55    32,640  --a--c---   C:\WINDOWS\system32\dllcache\symc8xx.sys
2007-08-11 22:55    32,384  --a--c---   C:\WINDOWS\system32\dllcache\usb101et.sys
2007-08-11 22:55    315,520 --a--c---   C:\WINDOWS\system32\dllcache\trid3d.dll
2007-08-11 22:55    31,744  --a--c---   C:\WINDOWS\system32\dllcache\tp4.dll
2007-08-11 22:55    30,688  --a--c---   C:\WINDOWS\system32\dllcache\sym_u3.sys
2007-08-11 22:55    30,464  --a--c---   C:\WINDOWS\system32\dllcache\tbatm155.sys
2007-08-11 22:55    3,968   --a--c---   C:\WINDOWS\system32\dllcache\swusbflt.sys
2007-08-11 22:55    285,760 --a--c---   C:\WINDOWS\system32\dllcache\stlnata.sys
2007-08-11 22:55    28,384  --a--c---   C:\WINDOWS\system32\dllcache\sym_hi.sys
2007-08-11 22:55    28,232  --a--c---   C:\WINDOWS\system32\dllcache\tos4mo.sys
2007-08-11 22:55    28,160  --a--c---   C:\WINDOWS\system32\dllcache\umaxu40.dll
2007-08-11 22:55    26,624  --a--c---   C:\WINDOWS\system32\dllcache\umaxu22.dll
2007-08-11 22:55    241,664 --a--c---   C:\WINDOWS\system32\dllcache\tosdvd02.sys
2007-08-11 22:55    24,660  --a--c---   C:\WINDOWS\system32\dllcache\spxupchk.dll
2007-08-11 22:55    230,912 --a--c---   C:\WINDOWS\system32\dllcache\tosdvd03.sys
2007-08-11 22:55    222,336 --a--c---   C:\WINDOWS\system32\dllcache\trid3dm.sys
2007-08-11 22:55    22,912  --a--c---   C:\WINDOWS\system32\dllcache\umaxpcls.sys
2007-08-11 22:55    216,064 --a--c---   C:\WINDOWS\system32\dllcache\um34scan.dll
2007-08-11 22:55    211,968 --a--c---   C:\WINDOWS\system32\dllcache\um54scan.dll
2007-08-11 22:55    20,752  --a--c---   C:\WINDOWS\system32\dllcache\sonync.sys
2007-08-11 22:55    19,072  --a--c---   C:\WINDOWS\system32\dllcache\sparrow.sys
2007-08-11 22:55    172,768 --a--c---   C:\WINDOWS\system32\dllcache\t2r4disp.dll
2007-08-11 22:55    17,129  --a--c---   C:\WINDOWS\system32\dllcache\tdkcd31.sys
2007-08-11 22:55    17,024  --a--c---   C:\WINDOWS\system32\dllcache\usbohci.sys
2007-08-11 22:55    166,784 --a--c---   C:\WINDOWS\system32\dllcache\tridxpm.sys



((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-08-11 13:03    ---------   d--------   C:\Program Files\FlashFXP
2007-08-11 12:47    ---------   d--------   C:\Program Files\Microsoft IntelliPoint
2007-08-08 18:39    ---------   d--------   C:\Program Files\Serv-U
2007-08-04 02:34    ---------   d--------   C:\Program Files\Symantec
2007-08-02 17:38    37848   --a------   C:\DOCUME~1\Jonathan\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-08-01 19:38    ---------   d--------   C:\DOCUME~1\Jonathan\APPLIC~1\RipIt4Me
2007-07-22 20:41    ---------   d--------   C:\DOCUME~1\Jonathan\APPLIC~1\Azureus
2007-07-21 23:27    ---------   d--------   C:\Program Files\XBC
2007-07-11 04:25    3386    --a------   C:\WINDOWS\system32\tmp.reg
2007-07-11 04:06    ---------   d--------   C:\DOCUME~1\Jonathan\APPLIC~1\GetRightToGo
2007-07-05 12:59    ---------   d--------   C:\Program Files\Digital Locker Assistant
2007-07-04 20:00    ---------   d--------   C:\DOCUME~1\Jonathan\APPLIC~1\acccore
2007-07-04 19:57    ---------   d--------   C:\Program Files\Viewpoint
2007-07-04 19:57    ---------   d--------   C:\Program Files\AIM6
2007-07-04 19:56    335 --a------   C:\WINDOWS\nsreg.dat
2007-07-04 19:56    ---------   d--------   C:\Program Files\Common Files\AOL
2007-07-04 14:57    ---------   d--------   C:\Program Files\City of Heroes
2007-07-02 00:50    ---------   d--------   C:\DOCUME~1\Jonathan\APPLIC~1\Apple Computer
2007-07-02 00:40    ---------   d--------   C:\Program Files\Apple Software Update
2007-06-18 18:15    ---------   d--------   C:\Program Files\Windows Live
2007-06-18 18:15    ---------   d--------   C:\Program Files\MSN Messenger
2007-06-18 18:15    ---------   d--------   C:\Program Files\Messenger Plus! Live
2007-06-15 14:37    27376   --a------   C:\WINDOWS\system32\SBBD.exe
2007-06-14 18:46    ---------   d--------   C:\DOCUME~1\Jonathan\APPLIC~1\7Wonders
2007-06-14 18:26    ---------   d--------   C:\Program Files\MostFun
2007-05-31 02:45    524288  --a------   C:\WINDOWS\system32\DivXsm.exe
2007-05-31 02:44    823296  --a------   C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 02:44    823296  --a------   C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 02:44    802816  --a------   C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 02:44    740442  --a------   C:\WINDOWS\system32\DivX.dll
2007-05-16 11:12    86528   --a--c---   C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 11:12    85504   --a--c---   C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 11:12    683520  --a--c---   C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 11:12    683520  --a------   C:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:12    510976  --a--c---   C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 11:12    1314816 --a--c---   C:\WINDOWS\system32\dllcache\msoe.dll



(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))



*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC788838-69D1-4F49-BEF9-9B9431244D88}]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 19:06]
"MXOBG"="C:\WINDOWS\MXOALDR.EXE" [2005-12-07 18:58]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 04:50]
"CTHelper"="CTHELPER.EXE" [2006-08-11 15:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 15:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 10:35]


[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"=MIDIDEF.EXE


C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkjj]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomjghe]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TV Remote Control.lnk]
backup=C:\WINDOWS\pss\TV Remote Control.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jonathan^Start Menu^Programs^Startup^MostFun.lnk]
backup=C:\WINDOWS\pss\MostFun.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
"C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
C:\Program Files\dvd43\dvd43_tray.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
"C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"rpcapd"=3 (0x3)


R0 imagedrv;imagedrv;C:\WINDOWS\system32\Drivers\imagedrv.sys
R0 imagesrv;imagesrv;C:\WINDOWS\system32\DRIVERS\imagesrv.sys
R1 aslm75;aslm75;\??\C:\WINDOWS\system32\drivers\aslm75.sys
R1 MagicTune;MagicTune;C:\WINDOWS\system32\drivers\MTictwl.sys
R1 SASDIFSV;SASDIFSV;\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
R1 SASKUTIL;SASKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;\??\C:\Program Files\ASTRA32\ASTRA32.sys
R2 NAVAPEL;NAVAPEL;\??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
R2 PfDetNT;PfDetNT;\??\C:\WINDOWS\system32\drivers\PfModNT.sys
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
R3 dvd43llh;dvd43llh;C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
R3 NAVAP;NAVAP;\??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys
R3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys
R3 Pcatip;Pcatip;C:\WINDOWS\system32\DRIVERS\Pcatip.sys
R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys
S3 Bridge;MAC Bridge;C:\WINDOWS\system32\DRIVERS\bridge.sys
S3 BridgeMP;MAC Bridge Miniport;C:\WINDOWS\system32\DRIVERS\bridge.sys
S3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys
S3 hap17v2k;Creative P17V HAL Driver;C:\WINDOWS\system32\drivers\hap17v2k.sys
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\LNE100V5.sys
S3 MPE;BDA MPE Filter;C:\WINDOWS\system32\DRIVERS\MPE.sys
S3 MXOFX;USB Storage Adapter FX (MXO);C:\WINDOWS\system32\DRIVERS\MXOFX.SYS
S3 MXOPSWD;Maxtor OneTouch Security Driver;C:\WINDOWS\system32\DRIVERS\mxopswd.sys
S3 nm;Network Monitor Driver;C:\WINDOWS\system32\DRIVERS\NMnt.sys
S3 SASENUM;SASENUM;\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
S3 SkVlanProtocol;SysKonnect Virtual LAN (VLAN) Support;C:\WINDOWS\system32\DRIVERS\skvlan.sys



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01f2da76-ac24-11da-bad0-0011d8c40847}]
AutoRun\command- L:\JDLightning\Windows\JDLightning.exe



Contents of the 'Scheduled Tasks' folder
2007-08-02 12:55:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-05 01:52:47 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
2007-08-05 01:52:46 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
2007-08-05 02:19:42 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
2007-08-05 02:59:56 C:\WINDOWS\Tasks\Uniblue SpyEraser.job - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe


**************************************************************************


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-12 02:06:08
Windows 5.1.2600 Service Pack 2 NTFS


scanning hidden processes ...


scanning hidden registry entries ...


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\xd8P\23]
"DisplayName"="\x3f18\23\x4150\23"
"DeviceDesc"="\x3f18\23\x4150\23"
"ProviderName"=""
"MFG"="\x435c\x616c\x7373\"
"ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\x50d8\23\DriverFiles\.INF"
"DeviceInstanceIds"=str(7):"09236.inf"


scanning hidden files ...


scan completed successfully
hidden files: 0


**************************************************************************


Completion time: 2007-08-12  2:24:46 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-12 02:23


--- E O F ---


And here is my new Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 2:29:11 AM, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Jonathan\Desktop\Tools\hijackthis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {CC788838-69D1-4F49-BEF9-9B9431244D88} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O15 - Trusted Zone: http://www.cafepress.com
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160458304640
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.amwareaps.com/tsweb/msrdp.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5095/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15029/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\
O20 - Winlogon Notify: qomjghe - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

Edited by happygeek: fixed formatting

0

Can you please do the following.


===============

Download the newest version of HiJackThis; version 2.0.2. Place it in a permanent folder before scanning. Repost your log after following the steps below. This version has features that might be more helpful in 'cleaning' up your system.

===============

Scan with HijackThis and then place a check next to all the following, if present:


O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {CC788838-69D1-4F49-BEF9-9B9431244D88} - (no file)

O20 - Winlogon Notify: pmkjj - C:\WINDOWS\
O20 - Winlogon Notify: qomjghe - C:\WINDOWS\


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

After rebooting, rename hijackthis.exe to analysethis, rescan and post back a new log. Please let me know how your pc is now.

0

My pc is still running slow and my browser is still crawling. What I mean by my browser crawling is that it takes a while for a page to load. It will load part then freeze then after a min load some more then freeze then after another min load the rest. If I do a search on google, it will fly to the result page like normal. But if I choose a site that has stuff to show is when it acts up.

My CPU Usage will jump to 100% when a page is trying to open for about 20-30 seconds. Once the page is loaded it will drop back down to 0%-4% and act normal.

Here is my new log (analysethis) after fixing the 4 items you asked me to.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:49 PM, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Hijackthis\Analysethis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O15 - Trusted Zone: http://www.cafepress.com
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160458304640
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.amwareaps.com/tsweb/msrdp.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5095/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15029/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

--
End of file - 7133 bytes

0

Download and run Winsockfix from here http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml

==

Go here and download then run Silent Runners.vbs. Right click on the download link and select Save Target As. Save it to the desktop or to a folder in a permanent directory. It generates a log which will be created in the same folder you are running it from. Please post the information back in this thread.
If you have a script blocking program, please allow the file to run. It is not malicious.

0

Here is the log generated by silent runners. And thanks again

"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:
---------------------------------


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"MXOBG" = "C:\WINDOWS\MXOALDR.EXE" ["Cypress Semiconductor"]
"IntelliPoint" = ""C:\Program Files\Microsoft IntelliPoint\point32.exe"" [MS]
"vptray" = "C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" ["Symantec Corporation"]
"InCD" = "C:\Program Files\Ahead\InCD\InCD.exe" ["Nero AG"]


HKLM\Software\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath   = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]
{E5A1691B-D188-4419-AD02-90002030B8EE}\(Default) = (no title provided)
-> {HKLM...CLSID} = "FlashFXP Helper for Internet Explorer"
\InProcServer32\(Default) = "C:\PROGRA~1\FlashFXP\IEFlash.dll" ["IniCom Networks, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions"
-> {HKLM...CLSID} = "VpshellEx Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
-> {HKLM...CLSID} = "Shell Extension for CDRW"
\InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Nero AG"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page"
-> {HKLM...CLSID} = "Wireless Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"" [MS]
"{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page"
-> {HKLM...CLSID} = "Wheel Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"" [MS]
"{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page"
-> {HKLM...CLSID} = "Activities Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplact.dll"" [MS]
"{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page"
-> {HKLM...CLSID} = "Buttons Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"" [MS]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "My Sharing Folders"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]
"{52B87208-9CCF-42C9-B88E-069281105805}" = "Trojan Remover Shell Extension"
-> {HKLM...CLSID} = "Trojan Remover Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}" = "TrojanHunter Menu Shell Extension"
-> {HKLM...CLSID} = "TrojanHunter Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.7\contmenu.dll" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["GRISOFT s.r.o."]
<<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)
-> {HKLM...CLSID} = "SABShellExecuteHook Class"
\InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"]


HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> !SASWinLogon\DLLName = "C:\Program Files\SUPERAntiSpyware\SASWINLO.dll" ["SUPERAntiSpyware.com"]
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> NavLogon\DLLName = "C:\WINDOWS\system32\NavLogon.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
-> {HKLM...CLSID} = "VpshellEx Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
-> {HKLM...CLSID} = "Trojan Remover Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {HKLM...CLSID} = "TrojanHunter Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.7\contmenu.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {HKLM...CLSID} = "TrojanHunter Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.7\contmenu.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
-> {HKLM...CLSID} = "VpshellEx Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
-> {HKLM...CLSID} = "Trojan Remover Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {HKLM...CLSID} = "TrojanHunter Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.7\contmenu.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------


Note: detected settings may not have any effect.


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\


"NoRecentDocsMenu" = (REG_DWORD) hex:0x00000001
{unrecognized setting}


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:
-----------------------------


Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"



Enabled Scheduled Tasks:
------------------------


"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Inc."]
"Uniblue SpeedUpMyPC Nag" -> launches: "C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s" ["Uniblue Software"]
"Uniblue SpeedUpMyPC" -> launches: "C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s" ["Uniblue Software"]
"Uniblue SpyEraser Nag" -> launches: "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe -ynag" ["Uniblue Software"]
"Uniblue SpyEraser" -> launches: "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe -s" ["Uniblue Software"]



Winsock2 Service Provider DLLs:
-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:
------------------------------------


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_02"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_02"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll" ["Sun Microsystems, Inc."]


{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]



Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------


Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["GRISOFT s.r.o."]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.exe" ["Creative Technology Ltd"]
DefWatch, DefWatch, ""C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe"" ["Symantec Corporation"]
InCD Helper, InCDsrv, "C:\Program Files\Ahead\InCD\InCDsrv.exe" ["Nero AG"]
Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\system32\HPZipm12.exe" ["HP"]
Symantec AntiVirus Client, Norton AntiVirus Server, ""C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe"" ["Symantec Corporation"]
WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\system32\MsPMSPSv.exe" [MS]



Print Monitors:
---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\
HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"]
LIDIL hpzll054\Driver = "hpzll054.dll" ["Hewlett-Packard Company"]



---------- (launch time: 2007-08-13 21:00:57)
<<!>>: Suspicious data at a malware launch point.


+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 66 seconds.
---------- (total run time: 129 seconds)

Edited by happygeek: fixed formatting

0

I am not seeing anything there at all. I think you may need to post in the IE forum so that someone who knows more about connection problems can assist you :). I know very little on that subject.

0

I figured it out. I disabled everything that was not a ms services in my services and turned everything off on my startup tab in msconfig and and everything was great so I started turning things on one by one and it was my Symantec Anti-Virus that was hanging my system. I purged it and re-installed. Everything is great now.

Thanks for your help!!

0

I love it when things work out :). Well done on finding the problem. I suggest dumping Norton and going for something that uses less resources and works better :D.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.