0

hi i have big problems with internet explorer not responding and very slow startup can someone help please? hijackthis log is

Logfile of HijackThis v1.99.1
Scan saved at 22:09:18, on 05/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\VMSnap23.exe
C:\WINDOWS\Domino.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 DataModem HSDPA.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\user\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
F1 - win.ini: run=fntldr.exe
O1 - Hosts: 205.177.124.66 auto.search.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe
O4 - HKLM\..\Run: [BigDogPath323Domino] C:\WINDOWS\Domino.exe
O4 - HKCU\..\Run: [XTTUXLNQFJRQLVQ] C:\WINDOWS\OONKPRRAVURPQR.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.eircom.net
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{50841D2D-F6E1-4084-A31F-89D2866AF95B}: NameServer = 172.31.140.69 172.30.140.69
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O19 - User stylesheet: (file missing)
O20 - AppInit_DLLs: msconfd.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe" "C:\Program Files\NewDotNet\nncore.dll" ServiceStart (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

2
Contributors
3
Replies
4
Views
10 Years
Discussion Span
Last Post by crunchie
0

Hi and welcome to Daniweb forums :).

Can you please do the following.

===============

You will have to disable Spybot's Teatimer before we begin, as it will interfere with the fix. To do this can you start Spybot and go to the Mode button and select Advanced. Go to Tools > Resident and uncheck the box next to Tea-Timer. Make sure that the icon in the system tray is no longer there. If it is, just right click on it and select "Exit".
Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.
Do not forget to re-enable teatimer when we are done :).
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

===============

Download the newest version of HiJackThis; version 2.0.2. Place it in a permanent folder before scanning. Repost your log after following the steps below. This version has features that might be more helpful in 'cleaning' up your system.

===============

Scan with HijackThis and then place a check next to all the following, if present:


R1 - HKCU\Software\Microsoft\Internet Explorer,Search = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

F1 - win.ini: run=fntldr.exe

O1 - Hosts: 205.177.124.66 auto.search.msn.com

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O11 - Options group: [INTERNATIONAL] International*

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O19 - User stylesheet: (file missing)

O20 - AppInit_DLLs: msconfd.dll


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

Search for...

run=fntldr.exe
msconfd.dll

...using "Start | Search...".

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.

Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

To help protect your system from hostile ActiveX content, or special 'downloadable' files:

Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:

1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.

-

Note: Remember to regularly check for updates.

===============

Download this file from one of the following links :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/combofix.exe

1. Make sure that Combofix is downloaded to and run from, your desktop.

2. Double click combofix.exe & follow the prompts.
3. When finished, ComboFix generates a pop up log which can also be found at C:\ComboFix.txt. Post that log in your next reply, along with a new hijackthis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

0

hi Crunchie thanks a million for your help sorry about the delay in replying (busy man), i've done what you said and the logs are as follows

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:16:51, on 09/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\VMSnap23.exe
C:\WINDOWS\Domino.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 DataModem HSDPA.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.ie/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe
O4 - HKLM\..\Run: [BigDogPath323Domino] C:\WINDOWS\Domino.exe
O4 - HKCU\..\Run: [XTTUXLNQFJRQLVQ] C:\WINDOWS\OONKPRRAVURPQR.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.eircom.net
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - [url]http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{50841D2D-F6E1-4084-A31F-89D2866AF95B}: NameServer = 172.31.140.69 172.30.140.69
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O24 - Desktop Component 0: (no name) - [url]http://us.a1.yimg.com/us.yimg.com/i/ww/m5v8.gif[/url]

--
End of file - 6973 bytes


ComboFix 07-12-09.1 - user 2007-12-09 15:31:01.1 - NTFSx86
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\NDNuninstall4_80.exe
C:\WINDOWS\NDNuninstall4_94.exe
C:\WINDOWS\NDNuninstall5_48.exe
C:\WINDOWS\NDNuninstall5_64.exe
C:\WINDOWS\NDNuninstall6_10.exe
C:\WINDOWS\NDNuninstall6_22.exe
C:\WINDOWS\rundll32.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system\svchost32.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NNSERV
-------\NNServ


(((((((((((((((((((((((((   Files Created from 2007-11-09 to 2007-12-09  )))))))))))))))))))))))))))))))
.

2007-12-09 12:45 . 2007-12-09 12:50 <DIR>    d--------   C:\Program Files\SpywareBlaster
2007-12-06 22:03 . 2007-12-09 12:25 54,156  --ah-----   C:\WINDOWS\QTFont.qfn
2007-12-06 22:03 . 2007-12-06 22:03 1,409   --a------   C:\WINDOWS\QTFont.for
2007-12-06 20:12 . 2007-12-06 20:12 <DIR>    d--------   C:\Program Files\Trend Micro
2007-11-30 22:50 . 2007-11-30 22:50 <DIR>    d--------   C:\WINDOWS\CatRoot
2007-11-30 22:50 . 2006-06-08 11:25 73,728  --a------   C:\WINDOWS\VMInstNT.exe
2007-11-30 22:50 . 2006-08-21 21:13 40,960  --a------   C:\WINDOWS\VM303UninstNT.exe
2007-11-30 22:50 . 2002-02-26 18:47 15,086  --a------   C:\WINDOWS\uninstall.ico
2007-11-30 22:43 . 2004-08-04 07:56 20,992  --a------   C:\WINDOWS\system32\dshowext.ax
2007-11-30 22:43 . 2004-08-04 07:56 20,992  --a------   C:\WINDOWS\system32\dllcache\dshowext.ax
2007-11-30 22:12 . 2007-03-01 09:17 88,960  --a------   C:\WINDOWS\system32\drivers\ewusbmdm.sys
2007-11-30 22:12 . 2007-03-01 09:17 24,448  --a------   C:\WINDOWS\system32\drivers\ewdcsc.sys
2007-11-27 21:02 . 2007-10-31 14:09 30,464  --a------   C:\WINDOWS\system32\drivers\usbaapl.sys
2007-11-27 21:01 . 2007-11-27 21:01 <DIR>    d--------   C:\Program Files\Common Files\Apple
2007-11-27 21:01 . 2007-11-27 21:01 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Apple
2007-11-26 17:43 . 2007-11-26 18:53 <DIR>    d--------   C:\Documents and Settings\user\Application Data\SoundSpectrum
2007-11-26 17:38 . 2007-11-26 17:38 <DIR>    d--------   C:\Program Files\SoundSpectrum
2007-11-26 15:37 . 2006-10-04 14:06 1,197,294   ---------   C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-11-26 15:37 . 2006-10-04 14:06 764,868 ---------   C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-11-26 15:37 . 2006-10-04 14:06 217,118 ---------   C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-11-26 15:33 . 2007-11-26 15:33 <DIR>    d--------   C:\Program Files\Windows Media Connect 2
2007-11-26 15:27 . 2007-11-26 15:27 <DIR>    d--------   C:\WINDOWS\system32\LogFiles
2007-11-26 15:27 . 2007-11-26 15:30 <DIR>    d--------   C:\WINDOWS\system32\drivers\UMDF
2007-11-26 14:06 . 2007-11-26 14:06 <DIR>    d--------   C:\Program Files\Xvid
2007-11-26 14:06 . 2007-06-28 18:52 765,952 --a------   C:\WINDOWS\system32\xvidcore.dll
2007-11-26 14:06 . 2007-06-28 18:54 180,224 --a------   C:\WINDOWS\system32\xvidvfw.dll
2007-11-26 14:06 . 2007-06-28 18:55 77,824  --a------   C:\WINDOWS\system32\xvid.ax
2007-11-25 18:12 . 2007-11-25 18:12 0   --a------   C:\WINDOWS\nsreg.dat
2007-11-25 15:25 . 2007-11-25 15:25 <DIR>    d--------   C:\Program Files\uTorrent
2007-11-25 15:25 . 2007-12-01 12:30 <DIR>    d--------   C:\Documents and Settings\user\Application Data\uTorrent
2007-11-25 11:10 . 2007-11-25 11:10 <DIR>    d--------   C:\Program Files\Lavasoft
2007-11-25 11:10 . 2007-11-25 11:10 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-25 10:57 . 2007-11-25 10:57 <DIR>    d--------   C:\Program Files\Common Files\Wise Installation Wizard
2007-11-23 20:56 . 2007-11-23 20:56 499,712 --a------   C:\WINDOWS\system32\msvcp71.dll
2007-11-23 20:56 . 2007-11-23 20:56 348,160 --a------   C:\WINDOWS\system32\msvcr71.dll
2007-11-23 18:38 . 2004-08-04 06:08 25,600  --a------   C:\WINDOWS\system32\drivers\usbser.sys
2007-11-23 18:38 . 2004-08-04 06:08 25,600  --a------   C:\WINDOWS\system32\dllcache\usbser.sys
2007-11-23 18:28 . 2007-07-09 13:09 584,192 ---------   C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-11-23 12:53 . 2006-08-21 09:14 128,896 ---------   C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-11-23 12:53 . 2006-08-21 09:14 23,040  ---------   C:\WINDOWS\system32\dllcache\fltmc.exe
2007-11-23 12:53 . 2006-08-21 12:21 16,896  ---------   C:\WINDOWS\system32\dllcache\fltlib.dll
2007-11-23 11:37 . 2007-12-01 09:29 <DIR>    d--h-----   C:\WINDOWS\$hf_mig$
2007-11-22 20:49 . 2007-12-09 12:30 <DIR>    d--------   C:\Documents and Settings\user\Application Data\skypePM
2007-11-22 20:49 . 2007-11-22 20:49 32  --a------   C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-22 20:36 . 2007-12-09 14:26 <DIR>    d--------   C:\Documents and Settings\user\Application Data\Skype
2007-11-22 20:35 . 2007-11-22 20:35 <DIR>    d--------   C:\Program Files\Skype
2007-11-22 20:35 . 2007-11-22 20:35 <DIR>    d--------   C:\Program Files\Common Files\Skype
2007-11-22 20:34 . 2007-11-22 20:35 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Skype
2007-11-22 19:26 . 2007-11-22 19:26 <DIR>    d--------   C:\WINDOWS\provisioning
2007-11-22 19:26 . 2007-11-22 19:26 <DIR>    d--------   C:\WINDOWS\peernet
2007-11-22 19:20 . 2007-11-22 19:20 <DIR>    d--------   C:\WINDOWS\ServicePackFiles
2007-11-22 19:08 . 2006-09-25 17:58 23,856  --a------   C:\WINDOWS\system32\spupdsvc.exe
2007-11-22 19:00 . 2007-11-22 19:00 <DIR>    d--------   C:\WINDOWS\EHome
2007-11-22 18:16 . 2004-08-04 00:56 11,776  ---------   C:\WINDOWS\system32\spnpinst.exe
2007-11-22 18:16 . 2004-08-02 14:20 7,208   ---------   C:\WINDOWS\system32\secupd.sig
2007-11-22 18:16 . 2004-08-02 14:20 4,569   ---------   C:\WINDOWS\system32\secupd.dat
2007-11-19 21:36 . 2007-11-19 21:49 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-19 19:25 . 2007-12-09 12:27 <DIR>    d--------   C:\Documents and Settings\user\Application Data\AVG7
2007-11-19 19:19 . 2007-11-19 19:19 <DIR>    d--------   C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-19 19:18 . 2007-11-19 19:18 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-19 19:18 . 2007-11-23 20:49 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\avg7
2007-11-19 15:49 . 2004-08-04 07:56 614,912 --a------   C:\WINDOWS\system32\h323msp.dll
2007-11-19 15:49 . 2004-08-04 07:56 331,264 --a------   C:\WINDOWS\system32\ipnathlp.dll
2007-11-19 15:49 . 2004-08-04 07:56 265,728 --a------   C:\WINDOWS\system32\h323.tsp
2007-11-19 15:49 . 2004-08-04 07:56 77,312  --a------   C:\WINDOWS\system32\browser.dll
2007-11-19 15:49 . 2007-03-08 15:36 40,960  --a------   C:\WINDOWS\system32\mf3216.dll
2007-11-19 15:49 . 2004-03-30 01:25 40,960  ---------   C:\WINDOWS\system32\dllcache\evtgprov.dll
2007-11-19 15:36 . 2007-11-19 15:36 122 --a------   C:\WINDOWS\system32\MRT.INI
2007-11-19 15:26 . 2004-08-04 07:56 239,104 --a------   C:\WINDOWS\system32\srrstr.dll
2007-11-19 15:20 . 2007-11-19 15:49 <DIR>    d--h-c---   C:\WINDOWS\$xpsp1hfm$
2007-11-19 15:20 . 2007-11-19 15:20 <DIR>    d--------   C:\Program Files\MSXML 4.0
2007-11-19 15:20 . 2004-01-10 05:11 26,112  --a------   C:\WINDOWS\system32\xpsp1hfm.exe
2007-11-19 15:16 . 2007-07-30 19:18 34,136  --a------   C:\WINDOWS\system32\wucltui.dll.mui
2007-11-19 15:16 . 2007-07-30 19:19 25,944  --a------   C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-11-19 15:16 . 2007-07-30 19:19 25,944  --a------   C:\WINDOWS\system32\wuapi.dll.mui
2007-11-19 15:16 . 2007-07-30 19:18 20,312  --a------   C:\WINDOWS\system32\wuaueng.dll.mui
2007-11-17 16:53 . 2007-11-17 16:53 <DIR>    d--------   C:\Program Files\Huawei technologies
2007-11-14 23:43 . 2007-11-14 23:43 65,536  --a------   C:\WINDOWS\system32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152  --a------   C:\WINDOWS\system32\QuickTime.qts

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 22:50    ---------   d--h--w C:\Program Files\InstallShield Installation Information
2007-11-27 21:20    ---------   d-----w C:\Program Files\iTunes
2007-11-27 21:19    ---------   d-----w C:\Program Files\iPod
2007-11-27 21:13    ---------   d-----w C:\Program Files\QuickTime
2007-11-27 21:03    ---------   d-----w C:\Program Files\Apple Software Update
2007-11-23 19:01    ---------   d-----w C:\Program Files\Common Files\Teleca Shared
2007-11-23 18:51    ---------   d-----w C:\Program Files\Propellerhead
2007-11-23 18:47    ---------   d-----w C:\Program Files\ahead
2007-11-23 18:40    ---------   d-----w C:\Program Files\Morpheus
2007-11-23 18:40    ---------   d-----w C:\Program Files\Monopoly Star Wars
2007-11-23 18:29    ---------   d-----w C:\Program Files\GameShadow
2007-11-23 18:28    ---------   d-----w C:\Program Files\EA SPORTS
2007-11-23 18:26    ---------   d-----w C:\Program Files\Belkin
2007-11-22 20:14    ---------   d-----w C:\Program Files\Google
2007-11-20 15:26    ---------   d-----w C:\Program Files\UbiSoft
2007-11-19 21:29    ---------   d-----w C:\Program Files\Microsoft Works
2007-11-19 20:33    ---------   d-----w C:\Program Files\Championship Manager 5
2007-11-19 20:30    ---------   d-----w C:\Program Files\Brother
2007-11-19 20:22    ---------   d-----w C:\Program Files\KaZaA
2003-12-29 11:42    0   -csh--r C:\WINDOWS\editpad.exe
2003-12-29 11:42    0   -csh--r C:\WINDOWS\fntldr.exe
2003-12-29 11:42    0   -csh--r C:\WINDOWS\qttasks.exe
2003-12-29 11:42    0   -csh--r C:\WINDOWS\quicken.exe
2003-12-29 11:42    0   -csh--r C:\WINDOWS\svcinit.exe
2004-01-19 12:43    32  -csha-w C:\WINDOWS\{1C1FE15C-AB12-418C-B29A-C40FA3040412}.dat
2004-01-19 12:46    32  -csha-w C:\WINDOWS\{3958B55F-DE25-41CF-BB23-D1CCEC15AFA2}.dat
2004-01-19 12:39    32  -csha-w C:\WINDOWS\{3DB1885A-EDCF-4AD1-9681-1A00BE3A3C26}.dat
2004-01-19 12:39    32  -csha-w C:\WINDOWS\{90A218D0-19AB-492D-973F-03A597852E84}.dat
2004-01-19 12:39    32  -csha-w C:\WINDOWS\{BB6B311D-3262-4DDE-82CE-A30C043F428E}.dat
2003-12-29 11:42    0   -csh--r C:\WINDOWS\system\svcinit.exe
2004-01-19 12:39    32  -csha-w C:\WINDOWS\system32\{1A1753AA-E587-4F37-A5EA-57CF8D957AAA}.dat
2004-01-19 12:39    32  -csha-w C:\WINDOWS\system32\{231AF41A-C8F5-4E3F-88F7-9E82A4A8F046}.dat
2004-01-19 12:39    32  -csha-w C:\WINDOWS\system32\{3167AF38-C2B4-4DFF-AA76-F61105247DE5}.dat
2004-01-19 12:46    32  -csha-w C:\WINDOWS\system32\{5942915F-A1C6-4105-93E4-C6AFCE904539}.dat
2004-01-19 12:43    32  -csha-w C:\WINDOWS\system32\{BEEDD788-190B-4E54-B79F-370FE32D4CB5}.dat
.

(((((((((((((((((((((((((((((((((((((((((((((   AWF   ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XTTUXLNQFJRQLVQ"="C:\WINDOWS\OONKPRRAVURPQR.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-30 14:20]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 15:48]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-19 19:19]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 21:48]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"BigDogPath323VMSnap"="C:\WINDOWS\VMSnap23.exe" [2006-07-20 04:37]
"BigDogPath323Domino"="C:\WINDOWS\Domino.exe" [2006-06-28 02:54]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 07:56]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-19 19:19]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2001-11-13 08:22:21]
QuickBooks 2002 Delivery Agent.lnk - C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe [2002-01-26 08:06:21]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31f4e220-9f91-11dc-a4b5-ffc90b1b3404}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9fade84-952e-11dc-a49a-ffa533373606}]
\Shell\AutoRun\command - F:\AutoRun.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-01 20:11:40 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-07 17:30:00 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
"2007-12-09 15:46:04 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
--------------------- DLLs Loaded Under Running Processes --------------------- 

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\user\LOCALS~1\Temp\hjhnlojg.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-12-09 15:43:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2007-12-09 15:51:23 - machine was rebooted
.
    --- E O F ---

THANKS AGAIN

Edited by mike_2000_17: Fixed formatting

0

Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

C:\WINDOWS\editpad.exe
C:\WINDOWS\fntldr.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\{1C1FE15C-AB12-418C-B29A-C40FA3040412}.dat
C:\WINDOWS\{3958B55F-DE25-41CF-BB23-D1CCEC15AFA2}.dat
C:\WINDOWS\{3DB1885A-EDCF-4AD1-9681-1A00BE3A3C26}.dat
C:\WINDOWS\{90A218D0-19AB-492D-973F-03A597852E84}.dat
C:\WINDOWS\{BB6B311D-3262-4DDE-82CE-A30C043F428E}.dat
C:\WINDOWS\system\svcinit.exe
C:\WINDOWS\system32\{1A1753AA-E587-4F37-A5EA-57CF8D957AAA}.dat
C:\WINDOWS\system32\{231AF41A-C8F5-4E3F-88F7-9E82A4A8F046}.dat
C:\WINDOWS\system32\{3167AF38-C2B4-4DFF-AA76-F61105247DE5}.dat
C:\WINDOWS\system32\{5942915F-A1C6-4105-93E4-C6AFCE904539}.dat
C:\WINDOWS\system32\{BEEDD788-190B-4E54-B79F-370FE32D4CB5}.dat

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.