Hijack This! logs

[muzzell]

spyware 2009 seems to have gone for sure now.

 

but im still getting these quick dos windows opening for a second. all i can read is local/temp and then ie93.tmp or ieb.tmp or ie45.tmp.

 

any ideas? thanks steve

[Steve]

Enable the viewing of hidden files and then look here: -

 

C:\Documents and Settings\Russell\Local Settings\Temp

 

You can delete whatever is in that folder. Those DOS windows popping up definitely sound dodgy, but the HijackThis log looks clean, so there is a possibility they're legit.

 

Another thing you need to do is to update Java. Uninstall your current version through Add or Remove Programs and then install the latest version: -

 

http://javadl.sun.com/webapps/download/AutoDL?BundleId=29219

 

Let me know if you have anymore problems.

[muzzell]

im having trouble deleting the files in C:\Documents and Settings\Russell\Local Settings\Temp

 

i have enabled hidden files but the local folder still shows as different color. so i right click and un tick read only. it says cannot delete being used by a program or another person. doh

[mattnice]

thats obviously caused by all that south american porn

[muzzell]

who's a clever boy then

[mattnice]

obviously not me,sorry Russell

[muzzell]

steve this is whats left

 

ie4e.tmp

ie6.tmp

ie19.tmp

ie56.tmp

in4.tmp

 

~df3e0d.tmp

~df594b.tmp

~dfae8e.tmp

~dfbof6.tmp

~dfdcb4.tmp

~dfe547.tmp

[Ryan]

This isn't my log

its my bro's PC. Its been running like shit for a little while now. I told him to do one of these and i'll see if someone here can get a look at it... Who am i kidding. I want steve to look at it

 

Although i think steve might have been abducted by aliens.. I haven't seen him in a while

 

--------------------------------------------------

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:28:00, on 13/06/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Washer\WasherSvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\SetPoint\LBTWiz.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Webroot\Washer\wwDisp.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe

C:\Program Files\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=0070105

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

O4 - Global Startup: SetPoint.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE4\Cache\SelectedContextSearch.htm

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{33C98C4C-6D07-4051-A89D-2035F354BE1A}: NameServer = 195.92.195.91 195.92.195.90

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

 

--

End of file - 13720 bytes

[Phology]

hey guys!

long time no speak...

 

can someone give a look at this please?

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:15:28, on 07/07/2009

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\System32\msiexec.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\HiJackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.ht...count_id=155478

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.ht...count_id=155478

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hsbc.co.uk/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.ht...count_id=155478

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.tiscali.co.uk/broadband/

O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll (file missing)

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [msn] ctfmoons.exe

O4 - HKLM\..\Run: [rn4d] C:\WINDOWS\kolder.exe C:\WINDOWS\dirote.exe

O4 - HKLM\..\Run: [Microsoft MsnST] msnst32.exe

O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\System32\juyie.exe

O4 - HKLM\..\Run: [Remote Procedure Call For Windows 32bit.] rpc.exe

O4 - HKLM\..\Run: [uSB Device] servicelog.exe

O4 - HKLM\..\Run: [Networks Configurator] NetConfs.exe

O4 - HKLM\..\Run: [start Upping] mediaplayer32.exe

O4 - HKLM\..\Run: [sygate Personal Port Blocker] volume.exe

O4 - HKLM\..\Run: [sys29] C:\windows\system32\winwlz32.exe

O4 - HKLM\..\Run: [Win32 USB2 Driver] usb2.exe

O4 - HKLM\..\Run: [Microsoft Config] msconf.exe

O4 - HKLM\..\Run: [QuicktimeMngr] QuicktimeMngr.exe

O4 - HKLM\..\Run: [iST Service] C:\Program Files\ISTsvc\

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe

O4 - HKLM\..\Run: [dsd] C:\WINDOWS\dsd.exe

O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe

O4 - HKLM\..\Run: [LbVckax] C:\WINDOWS\hvedknt.exe

O4 - HKLM\..\Run: [autoexe.exe] coding.exe

O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvkpl32.exe

O4 - HKLM\..\Run: [Windows Update 2] winupd.exe

O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v2.2d\Disk_Monitor.exe

O4 - HKLM\..\Run: [m4n70s Personal Firewall] m4n70s.exe

O4 - HKLM\..\Run: [MDN] MDNS.exe

O4 - HKLM\..\Run: [Microsoft Update] snlogsvc.exe

O4 - HKLM\..\Run: [PPPOEO] pingppac.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\RunServices: [msn] ctfmoons.exe

O4 - HKLM\..\RunServices: [Microsoft MsnST] msnst32.exe

O4 - HKLM\..\RunServices: [Remote Procedure Call For Windows 32bit.] rpc.exe

O4 - HKLM\..\RunServices: [uSB Device] servicelog.exe

O4 - HKLM\..\RunServices: [Networks Configurator] NetConfs.exe

O4 - HKLM\..\RunServices: [start Upping] mediaplayer32.exe

O4 - HKLM\..\RunServices: [sygate Personal Port Blocker] volume.exe

O4 - HKLM\..\RunServices: [Win32 USB2 Driver] usb2.exe

O4 - HKLM\..\RunServices: [Microsoft Config] msconf.exe

O4 - HKLM\..\RunServices: [QuicktimeMngr] QuicktimeMngr.exe

O4 - HKLM\..\RunServices: [autoexe.exe] coding.exe

O4 - HKLM\..\RunServices: [Windows Update 2] winupd.exe

O4 - HKLM\..\RunServices: [m4n70s Personal Firewall] m4n70s.exe

O4 - HKLM\..\RunServices: [MDN] MDNS.exe

O4 - HKLM\..\RunServices: [Microsoft Update] snlogsvc.exe

O4 - HKLM\..\RunServices: [PPPOEO] pingppac.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [uSB Device] servicelog.exe

O4 - HKCU\..\Run: [start Upping] mediaplayer32.exe

O4 - HKCU\..\Run: [sygate Personal Port Blocker] volume.exe

O4 - HKCU\..\Run: [Win32 USB2 Driver] usb2.exe

O4 - HKCU\..\Run: [QuicktimeMngr] QuicktimeMngr.exe

O4 - HKCU\..\Run: [Microsoft Config] msconf.exe

O4 - HKCU\..\Run: [Windows Update 2] winupd.exe

O4 - HKCU\..\Run: [m4n70s Personal Firewall] m4n70s.exe

O4 - HKCU\..\Run: [mqkw] C:\PROGRA~1\COMMON~1\mqkw\mqkwm.exe

O4 - HKCU\..\Run: [MDN] MDNS.exe

O4 - HKCU\..\Run: [Microsoft Update] snlogsvc.exe

O4 - HKCU\..\RunServices: [Microsoft Config] msconf.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [sygate Personal Port Blocker] volume.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Win32 USB2 Driver] usb2.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Microsoft Config] msconf.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [QuicktimeMngr] QuicktimeMngr.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Windows Update 2] winupd.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [MDN] MDNS.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update] snlogsvc.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [uSB Device] servicelog.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunServices: [Microsoft Config] msconf.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [uSB Device] servicelog.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunServices: [Microsoft Config] msconf.exe (User 'Default user')

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)

O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.156.31.79/100039/uk/ringtone/ringtone.exe

O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4...006_regular.cab

O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} - http://pictures02.aol.co.uk/ygp/aol/plugin...UK.9.1.6.18.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildAppNonUS.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)

O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)

 

--

End of file - 9437 bytes

[mattnice]

Hi Steve my laptop is running really fucking slow. Any chance of letting me know what i need to do

 

cheers

 

Logfile of HijackThis v1.99.1

Scan saved at 20:41:25, on 15/07/2009

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v7.00 (7.00.6001.18248)

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

C:\Program Files\Toshiba\SmoothView\SmoothView.exe

C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Toshiba TEMPRO\TemproTray.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Apoint2K\HidFind.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe

C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wuauclt.exe

C:\Users\matt\Desktop\hijackthis_sfx\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe

O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe

O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe

O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe

O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)

O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

[mattnice]

little bump to attract steves attention

 

cheers

[Steve]

Matt, your log looks fine, although you're using an old version of HijackThis. Did it suddenly slow down or has it been a gradual thing?

 

To any of you guys that posted before Matt - If you still need help post up a new log, because there's no point going through logs that old as things might have changed.

[muzzell]

hi steve could you have a look at this please. comp is running a bit slow. many thanks

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 10:43:40, on 13/08/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe

C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe

C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe

C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe

C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\Program Files\Dell Network Assistant\hnm_svc.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Kontiki\KService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe

C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\Program Files\Kontiki\KHost.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe

C:\Program Files\Dell Network Assistant\ezi_hnm2.exe

C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Russell\Desktop\HijackThis.exe

C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\SoftwareDistribution\Download\593fd94f4321dcf78fe043a350971314\update\update.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk

R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll

R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll

O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [PD6000StatusMonitor] C:\WINDOWS\system32\PD6000SM.EXE

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"

O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl

O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe

O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all

O4 - Startup: BBC iPlayer Desktop.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe

O4 - Global Startup: Dell Network Assistant.lnk = ?

O4 - Global Startup: LUMIX Simple Viewer.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll

O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll

O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156420347000

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

O23 - Service: Google Update Service (gupdate1c9b48250a64c56) (gupdate1c9b48250a64c56) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe

O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe

O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe

O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe

O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

[Steve]

I can't see anything bad in the log, but Windows Update was running at the time you posted it, which can cause the computer to slow down temporarily. Also, you need to grab the latest version of HijackThis (HERE) and don't run it direct from the desktop - create a folder and put it in there, because it creates backup files should you have to fix anything. If you're still having problems, have a look at Task Manager and see if a file called update.exe is running and using a high percentage of the CPU. If so, then it's to do with Windows Updates. It should complete on its own, but if there's a problem you may need to disable it temporarily and download any updates manually.

[muzzell]

thankyou thankyou thankyou

[staxman]

please help my comp is uploading through services.exe at full speed all the time

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:00:49, on 23/09/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\atwtusb.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\NetLimiter 2 Pro\NLClient.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Mediafour XPlay Explorer notifications - {4907C0AD-874D-44D9-B13E-7B0A4D8B9D3E} - C:\Program Files\Mediafour\XPlay 3\XPBHO.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: AVG Security Toolbar BHO - {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O8 - Extra context menu item: &Search - ?p=ZUfox000

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Download Flash with Flash &Grabber - res://C:\PROGRA~1\FLASHG~1\swfgrab.dll/iesave

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226693411937

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3C6C62D5-5662-4E64-8AD5-6CB5CE35FF5F}: NameServer = 212.74.112.66,212.74.112.67

O17 - HKLM\System\CCS\Services\Tcpip\..\{651B4093-7E4B-41FC-AF80-CC2CE9440E37}: NameServer = 191.168.0.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

 

--

End of file - 9894 bytes

[Steve]

I don't really know what to do there stax. Something isn't right here: -

 

O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

 

Both of those services should be running from C:\WINDOWS\System32.

 

Hit Start then Run and type "services.msc" without quotes. Do you see more than one Background Intelligent Transfer Service and Automatic Updates on the list? Whether you see just 1 of each, or if there's 2 of each there, right click on them and choose Properties, then on the General tab, look at the section where it says "Path to executable:". If the path doesn't contain System32 (i.e. the file is running direct from the Windows folder), then enable the viewing of hidden/system files and hunt down the executables in the Windows folder and upload them HERE. I have a feeling those services are the cause of your problem, but if they are, this is something new that I've not seen before. The rest of the log appears to be clean.

[staxman]

I don't really know what to do there stax. Something isn't right here: -

 

O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

 

Both of those services should be running from C:\WINDOWS\System32.

 

Hit Start then Run and type "services.msc" without quotes. Do you see more than one Background Intelligent Transfer Service and Automatic Updates on the list? Whether you see just 1 of each, or if there's 2 of each there, right click on them and choose Properties, then on the General tab, look at the section where it says ":". If the path doesn't contain System32 (i.e. the file is running direct from the Windows folder), then enable the viewing of hidden/system files and hunt down the executables in the Windows folder and upload them HERE. I have a feeling those services are the cause of your problem, but if they are, this is something new that I've not seen before. The rest of the log appears to be clean.

 

thanks, i knew it was something to do with bits, in the services Path to executable it says %fystemRoot%\System32\svchost.exe -k netsvcs, which im guseeing is normal appart from the 1st bit which says %fystemRoot% starts with a f insted of s, in the widows dir there are no files called bits or anything like that or wuauserv, im reinstalling dll files so hopefully that should fix it

[airnino]

it seems that there is a new tricky trojan called "trojan.fakelv.lvt" around. from what i read so far one gets infected from faked youtube vids, often via a facebook link. quite a few people i know have caught it already. so i wanted to know if my system is ok or not. here is my hijackthis log:

 

 

Logfile of HijackThis v1.99.0

Scan saved at 17:46:16, on 28.08.2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Programme\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\DeltTray.exe

C:\Programme\iTunes\iTunesHelper.exe

C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

C:\program files\real\realplayer\update\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe

C:\Programme\Microsoft ActiveSync\Wcescomm.exe

C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe

C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe

C:\PROGRA~1\MICROS~4\rapimgr.exe

C:\Programme\iPod\bin\iPodService.exe

C:\Installer\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [DeltTray] DeltTray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\Wcescomm.exe"

O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programme\Paltalk Messenger\Paltalk.exe

O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Kaspersky Anti-Virus Service - Kaspersky Lab ZAO - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Google Update Service (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-Dienst (gupdatem) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

 

thanks in advance!

 

edit: i use kaspersky internet security 2011 and i also got hijackthis, ccleaner and regseeker if that information is of any use.

[Steve]

Your system is clean mate, although you're using an old version of HijackThis there.

 

That trojan won't just infect your computer. Like 99+% of malware and viruses these days, it relies on the user choosing to install it, so you might go on a page with a fake YouTube video that prompts you to install a "codec" before you can play it, which of course is the trojan, or you might see someone post a link to a "new version of Flash" that promises to make videos look better, which again, is the trojan.

 

The same advice applies to users of all OS's: -

 

1. Keep software up to date and install it from a trusted source (the homepage of the creator of the software, preferably)

2. Don't install anything that you just randomly come across when browsing the web, no matter what it claims to be, especially if you're just prompted to download some random exe file

3. Keep your OS up to date with security updates and patches

4. If you run an anti-virus application (which is advisable on Windows at least), make sure it's up to date and using the latest virus definitions

 

As long as you do that, the chances of your system getting infected are very low indeed as almost all infections these days rely on social engineering to trick you into installing something yourself.

[airnino]

thanks a whole lot mate!

[Steve]

No worries. I just read up on that trojan. It seems very clever, even taking you into a fake "safe mode" if you try and go into safe mode to remove it. It'll detect which antivirus software you're using and uninstall it (or try to), then it'll download a fake AV app and give it the same icon as the AV software you were using to try and fool you into installing it. Whoever created it is a cunt of the highest order.

[chile]

hi i just did a scan with avast! and it found 4 infected files. then it did a boot scan and found like 29 more infected files. I deleted most of them but there was one called win 32 spyware-gen that couldnt be deleted, put into quarantine or repaired so am a bit concerned. Ive just done a normal cclean and registry clean and heres me hijack log.. help appreciated!

 

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\AVAST Software\Avast\AvastSvc.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\RUNDLL32.EXE

D:\WINDOWS\system32\DeltaIITray.exe

D:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

D:\Program Files\Common Files\Java\Java Update\jusched.exe

D:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE

D:\Program Files\AVAST Software\Avast\avastUI.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Windows Live\Messenger\msnmsgr.exe

D:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

D:\Program Files\Messenger\msmsgs.exe

D:\Program Files\Logitech\Vid HD\Vid.exe

D:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

D:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

D:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe

D:\Program Files\Skype\Phone\Skype.exe

D:\Program Files\Belkin\F5D8053v3011\Belkinwcui.exe

D:\Program Files\Paltalk Messenger\paltalk.exe

D:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\OpenOffice.org 3\program\soffice.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Giraffic\GirafficWatchdog.exe

D:\Program Files\Java\jre6\bin\jqs.exe

D:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

D:\WINDOWS\system32\lxdncoms.exe

D:\Program Files\OpenOffice.org 3\program\soffice.bin

D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\Giraffic\Giraffic.exe

D:\WINDOWS\system32\wuauclt.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - D:\Program Files\uTorrentBar\tbuTor.dll

O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - D:\Program Files\KeyScrambler\KeyScramblerIE.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - D:\Program Files\ConduitEngine\ConduitEngine.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - D:\PROGRA~1\WI9130~1\Datamngr\ToolBar\searchqudtx.dll

O2 - BHO: UrlHelper Class - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - D:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - D:\Program Files\uTorrentBar\tbuTor.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - D:\Program Files\uTorrentBar\tbuTor.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - D:\Program Files\ConduitEngine\ConduitEngine.dll

O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - D:\PROGRA~1\WI9130~1\Datamngr\ToolBar\searchqudtx.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [nwiz] D:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [M-Audio Taskbar Icon] D:\WINDOWS\system32\DeltaIITray.exe

O4 - HKLM\..\Run: [LWS] D:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [DATAMNGR] D:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE

O4 - HKLM\..\Run: [avast] "D:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "D:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun

O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Logitech Vid] "D:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode

O4 - HKCU\..\Run: [VeohPlugin] "D:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"

O4 - HKCU\..\Run: [Facebook Update] "D:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: Dropbox.lnk = D:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe

O4 - Startup: OpenOffice.org 3.2.lnk = D:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: Belkin F5D8053 N Wireless USB Adapter Utility.lnk = D:\Program Files\Belkin\F5D8053v3011\Belkinwcui.exe

O4 - Global Startup: PalTalk.lnk = D:\Program Files\Paltalk Messenger\paltalk.exe

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - D:\Program Files\Paltalk Messenger\Paltalk.exe

O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - D:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - D:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O20 - AppInit_DLLs: d:\progra~1\wi9130~1\datamngr\datamngr.dll d:\progra~1\wi9130~1\datamngr\iebho.dll

O23 - Service: avast! Antivirus - AVAST Software - D:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Giraffic Video Accelerator (Giraffic) - Giraffic - D:\Program Files\Giraffic\GirafficWatchdog.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - D:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

O23 - Service: lxdn_device - - D:\WINDOWS\system32\lxdncoms.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 10392 bytes

[Steve]

When you're installing software, be wary of optional extras, particularly toolbars. Quite a lot of free software will try and force this shit on you unless you uncheck the relevant boxes when you're running through the installer.

 

Go through Add/Remove Programs and uninstall any toolbars that you didn't want, reboot, then post a new HijackThis log. It also helps if you post the full log, as you left the top part out. You're still running XP I take it?

[chile]

Ah right sorry i saw something like an I.P addy and thought id snip that bit out. I uninstalled searchqu toolbar in add/remove programs cheers. Yup im still an XPer, thanks for halping

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:44:28, on 11/09/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\AVAST Software\Avast\AvastSvc.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\RUNDLL32.EXE

D:\WINDOWS\system32\DeltaIITray.exe

D:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

D:\Program Files\Common Files\Java\Java Update\jusched.exe

D:\Program Files\AVAST Software\Avast\avastUI.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

D:\Program Files\uTorrent\uTorrent.exe

D:\Program Files\Windows Live\Messenger\msnmsgr.exe

D:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

D:\Program Files\Messenger\msmsgs.exe

D:\Program Files\Logitech\Vid HD\Vid.exe

D:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

D:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe

D:\Program Files\Skype\Phone\Skype.exe

D:\Program Files\Belkin\F5D8053v3011\Belkinwcui.exe

D:\Program Files\Paltalk Messenger\paltalk.exe

D:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe

D:\Program Files\OpenOffice.org 3\program\soffice.exe

D:\Program Files\OpenOffice.org 3\program\soffice.bin

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Giraffic\GirafficWatchdog.exe

D:\Program Files\Java\jre6\bin\jqs.exe

D:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

D:\WINDOWS\system32\lxdncoms.exe

D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\wuauclt.exe

D:\Program Files\Giraffic\Giraffic.exe

D:\Program Files\Common Files\Java\Java Update\jucheck.exe

\?\D:\WINDOWS\system32\WBEM\WMIADAP.EXE

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - D:\Program Files\uTorrentBar\tbuTor.dll

O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - D:\Program Files\KeyScrambler\KeyScramblerIE.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - D:\Program Files\ConduitEngine\ConduitEngine.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - D:\Program Files\uTorrentBar\tbuTor.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - D:\Program Files\uTorrentBar\tbuTor.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - D:\Program Files\ConduitEngine\ConduitEngine.dll

O3 - Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)

O4 - HKLM\..\Run: [nwiz] D:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [M-Audio Taskbar Icon] D:\WINDOWS\system32\DeltaIITray.exe

O4 - HKLM\..\Run: [LWS] D:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avast] "D:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "D:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun

O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Logitech Vid] "D:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode

O4 - HKCU\..\Run: [VeohPlugin] "D:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"

O4 - HKCU\..\Run: [Facebook Update] "D:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: Dropbox.lnk = D:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe

O4 - Startup: OpenOffice.org 3.2.lnk = D:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: Belkin F5D8053 N Wireless USB Adapter Utility.lnk = D:\Program Files\Belkin\F5D8053v3011\Belkinwcui.exe

O4 - Global Startup: PalTalk.lnk = D:\Program Files\Paltalk Messenger\paltalk.exe

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - D:\Program Files\Paltalk Messenger\Paltalk.exe

O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - D:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - D:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O20 - AppInit_DLLs:

O23 - Service: avast! Antivirus - AVAST Software - D:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Giraffic Video Accelerator (Giraffic) - Giraffic - D:\Program Files\Giraffic\GirafficWatchdog.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - D:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

O23 - Service: lxdn_device - - D:\WINDOWS\system32\lxdncoms.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 9853 bytes