Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » PC is runs slow

[Fixed] Hijackthis! Logs - PC is runs slow posted in the Security & Safety forums; hello, My Uncles PC is running very slow and it has many popups. We ran superanitspyware and spybot and they found virtmundo and winfixer trojan. We had the products clean ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 3 1 2 3 >
  #1  
Old 12-23-2007
jplink's Avatar
Bronze Member
  
Join Date: Feb 2007
Posts: 69
jplink - See this Members User comments on their Profile page
Default PC is runs slow
hello,
My Uncles PC is running very slow and it has many popups.
We ran superanitspyware and spybot and they found virtmundo and winfixer trojan.
We had the products clean the spyware but the PC is still experianceing problems and the HJT log still does not look clean.
Here is the HJT log Thanks in advance
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:06:39 AM, on 12/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\Explorer.EXE
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Softex\OmniPass\Help.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Guest\My Documents\New Folder\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDO WS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CoolBHO - {5C2A9795-B130-4622-B036-BDCAD28602DC} - C:\Program Files\Cool\Cool.dll
O2 - BHO: (no name) - {5CFCB9FF-B4A9-429B-8B5A-4CD8C7F7FD07} - C:\WINDOWS\system32\mljjk.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [mcinfo_1197136082] C:\DOCUME~1\Owner\LOCALS~1\Temp\mcinfo_1197136082. exe /insfin
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxbmmon.exe] "C:\Program Files\Lexmark 4200 Series\lxbmmon.exe"
O4 - HKLM\..\Run: [Lexmark 4200 Series Fax Server] "C:\Program Files\Lexmark 4200 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [20ddfb3d] rundll32.exe "C:\WINDOWS\system32\vtscjgel.dll",b
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [20ddfb3d] rundll32.exe "C:\WINDOWS\system32\hwsstcky.dll",b
O4 - HKUS\S-1-5-21-2912012921-3701798555-1929767710-501\..\Run: [RecordNow!] (User '?')
O4 - HKUS\S-1-5-21-2912012921-3701798555-1929767710-501\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook (User '?')
O4 - HKUS\S-1-5-21-2912012921-3701798555-1929767710-501\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User '?')
O4 - HKUS\S-1-5-21-2912012921-3701798555-1929767710-501\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (User '?')
O4 - HKUS\S-1-5-21-2912012921-3701798555-1929767710-501\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe (User '?')
O4 - HKUS\S-1-5-21-2912012921-3701798555-1929767710-501\..\Run: [20ddfb3d] rundll32.exe "C:\WINDOWS\system32\hwsstcky.dll",b (User '?')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\BILLMIND.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1197147419718
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...80/mcfscan.cab
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: lxbm_device - - C:\WINDOWS\system32\lxbmcoms.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 8939 bytes
  #2  
Old 12-23-2007
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 2,978
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: PC is runs slow
Download SDFix from here and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum.

=========================================
This will help to identify malware on your system.
Please download Combofix from any of these locations:
Here
or
Here
Save ComboFix to the desktop and please ensure that you disable realtime security/virus programs that monitors your PC while CF is running.
1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
Caution...Never run and remove files using ComboFix without being supervised by a security analyst.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #3  
Old 12-25-2007
jplink's Avatar
Bronze Member
  
Join Date: Feb 2007
Posts: 69
jplink - See this Members User comments on their Profile page
Default Re: PC is runs slow
Thanks for replying.Here is the logs you requested:SDFix: Version 1.71Run by Owner - Tue 12/25/2007 / 10:37:46.34Microsoft Windows XP [Version 5.1.2600]Running From: C:\SDFixSafe Mode:Checking Services: Restoring Windows Registry EntriesRestoring Default Hosts FileRebooting...Normal Mode:Checking Files:No Trojan Files Found...ADS Check:C:\WINDOWS\system32No streams found. Final Check:Remaining Services:------------------Authorized Application Key Export:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]Remaining Files:---------------Checking For Files with Hidden Attributes :C:\Documents and Settings\Owner\Desktop\test\ATF-Cleaner.exeC:\Documents and Settings\Owner\Desktop\test\avg75free_487a1130.exe C:\Documents and Settings\Owner\Desktop\test\CleanUp452.exeC:\Docum ents and Settings\Owner\Desktop\test\cwshredder.exeC:\Docum ents and Settings\Owner\Desktop\test\EClea2_0.exeC:\Documen ts and Settings\Owner\Desktop\test\haxfix.exeC:\Documents and Settings\Owner\Desktop\test\HijackThis.exeC:\Docum ents and Settings\Owner\Desktop\test\pagedfrg.exeC:\Documen ts and Settings\Owner\Desktop\test\SmitfraudFix.exeC:\Doc uments and Settings\Owner\Desktop\test\spybotsd14.exeC:\Docum ents and Settings\Owner\Desktop\test\Starter.exeC:\Document s and Settings\Owner\Desktop\test\SmitfraudFix\dumphive. exeC:\Documents and Settings\Owner\Desktop\test\SmitfraudFix\exit.exeC :\Documents and Settings\Owner\Desktop\test\SmitfraudFix\GenericRe nosFix.exeC:\Documents and Settings\Owner\Desktop\test\SmitfraudFix\HostsChk. exeC:\Documents and Settings\Owner\Desktop\test\SmitfraudFix\Process.e xeC:\Documents and Settings\Owner\Desktop\test\SmitfraudFix\Reboot.ex eC:\Documents and Settings\Owner\Desktop\test\SmitfraudFix\restart.e xeC:\Documents and Settings\Owner\Desktop\test\SmitfraudFix\SmiUpdate .exeC:\Documents and Settings\Owner\Desktop\test\SmitfraudFix\SrchSTS.e xeC:\Documents and Settings\Owner\Desktop\test\SmitfraudFix\swreg.exe C:\Documents and Settings\Owner\Desktop\test\SmitfraudFix\swsc.exeC :\Documents and Settings\Owner\Desktop\test\SmitfraudFix\swxcacls. exeC:\Documents and Settings\Owner\Desktop\test\SmitfraudFix\unzip.exe C:\Documents and Settings\Owner\Desktop\test\SmitfraudFix\VCCLSID.e xeC:\Program Files\Belle`s Beauty Boutique\BellesBeautyBoutique.exeC:\Program Files\Family Feud II\Family Feud II.exeC:\WINDOWS\SMINST\HPCD.sysC:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmpC: \Documents and Settings\All Users\DRM\Cache\Indiv01.tmpC:\WINDOWS\system32\con fig\default.tmp.LOGC:\WINDOWS\system32\config\SAM. tmp.LOGC:\WINDOWS\system32\config\SECURITY.tmp.LOG C:\WINDOWS\system32\config\software.tmp.LOGC:\WIND OWS\system32\config\system.tmp.LOGC:\Documents and Settings\Owner\Desktop\test\PageDefrag.zipC:\Docum ents and Settings\Owner\Desktop\test\SDFix.zip Finished</p>
  #4  
Old 12-25-2007
jplink's Avatar
Bronze Member
  
Join Date: Feb 2007
Posts: 69
jplink - See this Members User comments on their Profile page
Default Re: PC is runs slow
Sorry about that last post, don't know why it did that.
Here is a new post


SDFix: Version 1.71
Run by Owner - Tue 12/25/2007 / 10:37:46.34
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:



Restoring Windows Registry Entries
Restoring Default Hosts File

Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found...


ADS Check:
C:\WINDOWS\system32
No streams found.

Final Check:
Remaining Services:
------------------

Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

Remaining Files:
---------------

Checking For Files with Hidden Attributes :
C:\Documents and Settings\Owner\Desktop\test\ATF-Cleaner.exe
C:\Documents and Settings\Owner\Desktop\test\avg75free_487a1130.exe
C:\Documents and Settings\Owner\Desktop\test\CleanUp452.exe
C:\Documents and Settings\Owner\Desktop\test\cwshredder.exe
C:\Documents and Settings\Owner\Desktop\test\EClea2_0.exe
C:\Documents and Settings\Owner\Desktop\test\haxfix.exe
C:\Documents and Settings\Owner\Desktop\test\HijackThis.exe
C:\Documents and Settings\Owner\Desktop\test\pagedfrg.exe
C:\Documents and Settings\Owner\Desktop\test\SmitfraudFix.exe
C:\Documents and Settings\Owner\Desktop\test\spybotsd14.exe
C:\Documents and Settings\Owner\Desktop\test\Starter.exe
C:\Documents and Settings\Owner\Desktop\test\SmitfraudFix\dumphive. exe
C:\Documents and Settings\Owner\Desktop\test\SmitfraudFix\exit.exe
C:\Documents and Settings\Owner\Desktop\test\SmitfraudFix\GenericRe nosFix.exe
C:\Documents and Settings\Owner\Desktop\test\SmitfraudFix\HostsChk. exe
C:\Documents and Settings\Owner\Desktop\test\SmitfraudFix\Process.e xe
C:\Documents and Settings\Owner\Desktop\test\SmitfraudFix\Reboot.ex e
C:\Documents and Settings\Owner\Desktop\test\SmitfraudFix\restart.e xe
C:\Documents and Settings\Owner\Desktop\test\SmitfraudFix\SmiUpdate .exe
C:\Documents and Settings\Owner\Desktop\test\SmitfraudFix\SrchSTS.e xe
C:\Documents and Settings\Owner\Desktop\test\SmitfraudFix\swreg.exe
C:\Documents and Settings\Owner\Desktop\test\SmitfraudFix\swsc.exe
C:\Documents and Settings\Owner\Desktop\test\SmitfraudFix\swxcacls. exe
C:\Documents and Settings\Owner\Desktop\test\SmitfraudFix\unzip.exe
C:\Documents and Settings\Owner\Desktop\test\SmitfraudFix\VCCLSID.e xe
C:\Program Files\Belle`s Beauty Boutique\BellesBeautyBoutique.exe
C:\Program Files\Family Feud II\Family Feud II.exe
C:\WINDOWS\SMINST\HPCD.sys
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG
C:\Documents and Settings\Owner\Desktop\test\PageDefrag.zip
C:\Documents and Settings\Owner\Desktop\test\SDFix.zip
Finished
  #5  
Old 12-25-2007
jplink's Avatar
Bronze Member
  
Join Date: Feb 2007
Posts: 69
jplink - See this Members User comments on their Profile page
Default Re: PC is runs slow
That looks much better
Here is the combofix:
"Owner" - 2007-12-25 10:52:21 - ComboFix 07-07-23.6 - Service Pack 2 NTFS

((((((((((((((((((((((((( Files Created from 2007-11-25 to 2007-12-25 )))))))))))))))))))))))))))))))

2007-12-24 17:04 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-12-22 21:15 84,032 --a------ C:\WINDOWS\system32\kovjtdfg.dll
2007-12-22 21:15 78,400 --a------ C:\WINDOWS\system32\gudvaewc.dll
2007-12-22 20:40 84,032 --a------ C:\WINDOWS\system32\cgeidkmu.dll
2007-12-22 20:40 78,400 --a------ C:\WINDOWS\system32\irwfdaxb.dll
2007-12-22 19:10 <DIR> d---s---- C:\DOCUME~1\Guest\UserData
2007-12-22 18:28 78,400 --a------ C:\WINDOWS\system32\tnrytmxy.dll
2007-12-22 18:27 84,032 --------- C:\WINDOWS\system32\ymkrsqpw.dll
2007-12-22 15:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-12-22 15:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-22 15:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-22 15:31 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\SUPERAntiSpyware.com
2007-12-21 14:14 84,032 --a------ C:\WINDOWS\system32\vtscjgel.dll
2007-12-20 20:40 84,032 --a------ C:\WINDOWS\system32\xxxlvgjq.dll
2007-12-19 22:06 84,032 --a------ C:\WINDOWS\system32\xkqawmtx.dll
2007-12-18 17:26 69,955 --a------ C:\WINDOWS\system32\whyhibnn.dll
2007-12-17 19:29 84,032 --a------ C:\WINDOWS\system32\lrcitmjp.dll
2007-12-16 12:23 78,715 --a------ C:\WINDOWS\system32\uvqjuvik.dll
2007-12-10 15:45 <DIR> d-------- C:\Program Files\Lexmark 4200 Series
2007-12-10 15:44 86,016 --a------ C:\WINDOWS\system32\lxbminsr.dll
2007-12-10 15:44 155,648 --a------ C:\WINDOWS\system32\lxbminsb.dll
2007-12-10 15:44 131,072 --a------ C:\WINDOWS\system32\lxbmins.dll
2007-12-10 15:19 344,064 -ra------ C:\WINDOWS\system32\lxbmcoin.dll
2007-12-10 15:18 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2007-12-10 15:18 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-10 15:09 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-12-09 11:45 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-09 08:54 84,032 --a------ C:\WINDOWS\system32\hwsstcky.dll
2007-12-08 17:23 <DIR> d-------- C:\Program Files\iTunes
2007-12-08 17:18 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-08 17:17 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2007-12-08 17:16 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-08 17:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-12-08 13:08 <DIR> d-------- C:\Program Files\Windows Sidebar
2007-12-08 13:06 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-12-08 13:03 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-08 13:03 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-08 13:02 <DIR> d-------- C:\Program Files\Symantec
2007-12-08 12:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Symantec Temporary Files
2007-12-08 10:08 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\WholeSecurity
2007-12-07 19:37 <DIR> d-------- C:\WINDOWS\McAfee.com
2007-12-01 16:52 <DIR> d-------- C:\Program Files\RegCure
2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 16:03 84,032 --a------ C:\WINDOWS\system32\nlyxlhys.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
2007-12-25 15:49:48 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-25 15:47:26 4,123 ----a-w C:\WINDOWS\viassary-hp.reg
2007-12-18 18:07:18 -------- d-----w C:\Program Files\Quicken
2007-12-16 03:22:35 -------- d-----w C:\Program Files\support.com
2007-12-14 21:04:59 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Apple Computer
2007-12-14 21:04:00 56,872 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-12-09 16:45:52 -------- d--h--w C:\Program Files\WindowsUpdate
2007-12-08 22:23:51 -------- d-----w C:\Program Files\iPod
2007-12-08 22:22:13 -------- d-----w C:\Program Files\QuickTime
2007-12-08 21:25:50 -------- d-----w C:\Program Files\Google
2007-12-08 18:47:32 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Symantec
2007-12-08 18:35:32 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-08 18:35:32 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-08 17:56:37 -------- d-----w C:\Program Files\Common Files\McAfee
2007-12-08 15:21:42 -------- d-----w C:\Program Files\ViaVoice Seamlessly Integrated
2007-12-01 04:57:42 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 04:57:42 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 04:57:42 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 04:57:42 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 04:57:42 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 04:57:42 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-21 21:03:05 1,242 ----a-w C:\WINDOWS\system32\tmp.reg
2007-11-21 20:10:26 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-21 20:10:26 -------- d-----w C:\Program Files\ToniArts
2007-11-21 19:37:30 -------- d-----w C:\Program Files\spy
2007-11-15 20:32:48 -------- d-----w C:\Program Files\Cool
2007-11-13 10:25:53 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 00:30:19 4 ----a-w C:\WINDOWS\system32\stfv.bin
2007-10-29 22:43:03 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-02 00:51:34 25,992 ----a-w C:\WINDOWS\system32\pgdfgsvc.exe
2004-12-31 22:54:45 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C2A9795-B130-4622-B036-BDCAD28602DC}]
2007-11-12 11:50 397312 --a------ C:\Program Files\Cool\Cool.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 22:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-12-08 13:07 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 22:51 316784]
[HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 22:51 316784]
[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VTTimer"="VTTimer.exe" []
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2007-03-07 10:58]
"OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [2003-02-21 00:05]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 11:03]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 21:19]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 00:07]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 23:53]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"lxbmmon.exe"="C:\Program Files\Lexmark 4200 Series\lxbmmon.exe" []
"Lexmark 4200 Series Fax Server"="C:\Program Files\Lexmark 4200 Series\fm3032.exe" []
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 10:01]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" []
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-23 18:37]
"LTMSG"="LTMSG.exe" [2003-07-14 19:52 C:\WINDOWS\ltmsg.exe]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02]
"AOLT4"="K:\AOLSETUP.exe" []
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" []
"QuickenBillminder"="C:\Program Files\Quicken\Billmind.exe" [2004-10-05 15:03]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" []
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" []
"RecordNow!"="" []
"NVIEW"="nview.dll,nViewLoadHook" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"AROReminder"="C:\Program Files\Advanced Registry Optimizer\ARO.exe" []
"7bf74f97.exe"="C:\Documents and Settings\Owner\Local Settings\Application Data\7bf74f97.exe" []
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Camio Viewer.lnk - C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe [2004-04-26 15:59:18]
Cool - Auto Update.lnk - C:\Program Files\Cool\cool.exe [2007-11-15 15:32:00]
Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2003-10-11 00:13:48]
PowerReg Scheduler.exe [2007-09-23 20:16:37]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Billminder.lnk - C:\Program Files\Quicken\BILLMIND.EXE [2004-10-05 15:03:08]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 10:20:40]
Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [2004-06-08 19:34:33]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2004-12-31 18:24:10]
Quicken Startup.lnk - C:\Program Files\Quicken\QWDLLS.EXE [2004-03-07 15:43:03]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-20 23:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages msv1_0 C:\WINDOWS\system32\mljjk.dll
R0 fasttx2k;fasttx2k;C:\WINDOWS\system32\DRIVERS\fast tx2k.sys
R1 AFS2K;AFS2k;C:\WINDOWS\system32\drivers\AFS2K.sys
R1 SRTSPX;SRTSPX;C:\WINDOWS\system32\Drivers\SRTSPX.S YS
R2 CO_Mon;CO_Mon;\??\C:\WINDOWS\system32\drivers\CO_M on.sys
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
R2 lxbm_device;lxbm_device;C:\WINDOWS\system32\lxbmco ms.exe -service
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\C:\Pro gram Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
R3 ltmodem5;Agere Modem Driver;C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
R3 MxlW2k;MxlW2k;C:\WINDOWS\system32\drivers\MxlW2k.s ys
R3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys
R3 SRTSP;SRTSP;C:\WINDOWS\system32\Drivers\SRTSP.SYS
R3 SunkFilt;Alcor Micro Corp - 9360;\??\C:\WINDOWS\System32\Drivers\sunkfilt.sys
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM. sys
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbehci.sys
R3 usbhub;USB2 Enabled Hub;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 USBSTOR;USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbuhci.sys
S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys
S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys
S3 ALCXSENS;Service for WDM 3D Audio Driver;C:\WINDOWS\system32\drivers\ALCXSENS.SYS
S3 COH_Mon;COH_Mon;\??\C:\WINDOWS\system32\Drivers\CO H_Mon.sys
S3 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe
S3 HidUsb;Microsoft HID Class Driver;C:\WINDOWS\system32\DRIVERS\hidusb.sys
S3 LVUSBSta;Logitech USB Monitor Filter;C:\WINDOWS\system32\drivers\lvusbsta.sys
S3 QCMerced;Logitech QuickCam Communicate;C:\WINDOWS\system32\DRIVERS\LVCM.sys
S3 SRTSPL;SRTSPL;C:\WINDOWS\system32\Drivers\SRTSPL.S YS
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison;\??\C:\WINDOWS\System32\Drivers\sunkfiltp.s ys
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys
S3 usbaudio;USB Audio Driver (WDM);C:\WINDOWS\system32\drivers\usbaudio.sys
S3 usbccgp;Microsoft USB Generic Parent Driver;C:\WINDOWS\system32\DRIVERS\usbccgp.sys
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbohci.sys
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S3 usbscan;USB Scanner Driver;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 usbvideo;USB Video Device (WDM);C:\WINDOWS\system32\Drivers\usbvideo.sys
S3 viagfx;viagfx;C:\WINDOWS\system32\DRIVERS\vtmini.s ys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys
*Newly Created Service* - COMHOST
Contents of the 'Scheduled Tasks' folder
2007-12-15 14:59:07 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-12-18 02:12:47 C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Owner.job
2007-12-25 15:42:06 C:\WINDOWS\tasks\RegCure Program Check.job
2007-12-01 21:52:29 C:\WINDOWS\tasks\RegCure.job
************************************************** ************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-25 10:55:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
Completion time: 2007-12-25 10:56:36
C:\ComboFix-quarantined-files.txt ... 2007-12-25 10:56
C:\ComboFix2.txt ... 2007-12-24 17:18
C:\ComboFix3.txt ... 2007-10-01 18:47
--- E O F ---
  #6  
Old 12-25-2007
jplink's Avatar
Bronze Member
  
Join Date: Feb 2007
Posts: 69
jplink - See this Members User comments on their Profile page
Default Re: PC is runs slow
And here is a new HJT log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:05:51 AM, on 12/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\lxbmcoms.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Softex\OmniPass\Help.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\LTMSG.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
C:\Program Files\Cool\X_cool.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Owner\Desktop\New Folder\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Il Messaggero Home Page
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CoolBHO - {5C2A9795-B130-4622-B036-BDCAD28602DC} - C:\Program Files\Cool\Cool.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxbmmon.exe] "C:\Program Files\Lexmark 4200 Series\lxbmmon.exe"
O4 - HKLM\..\Run: [Lexmark 4200 Series Fax Server] "C:\Program Files\Lexmark 4200 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AOLT4] K:\AOLSETUP.EXE -ACS
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [QuickenBillminder] C:\Program Files\Quicken\Billmind.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O4 - HKCU\..\Run: [7bf74f97.exe] C:\Documents and Settings\Owner\Local Settings\Application Data\7bf74f97.exe
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
O4 - Startup: Cool - Auto Update.lnk = C:\Program Files\Cool\cool.exe
O4 - Startup: Organize.lnk = ?
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\BILLMIND.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1197147419718
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...80/mcfscan.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: lxbm_device - - C:\WINDOWS\system32\lxbmcoms.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 10405 bytes

Thanks again

Reply
Satellite TV on your PC - over 3000 Channels! Click Here!
Page 1 of 3 1 2 3 >

Bookmarks

« HiJack This log - please help | My Hijack This log »