# Trojan.Net-MSV/VPS-Variant Infection



## gscookie (Aug 3, 2007)

I'm running Windows XP on and Acer Aspire 5600 with Norton 360 and SuperAntispyware. I originally had a problem with logging on with IE but my daughter then added Trojan.net-MSV/VPS-variant on top of it. I have run SmitFraudfix and a complete SuperAntispyware (but can't retrieve the log from the scan). I have included the hijack this before and after the superantispyware and the smitfraudfix logs. Please help me gain control over my computer and make suggestions on what I should be using to keep the computer safe. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 3:32:24 AM, on 1/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\1167058518\ee\aolsoftware.exe
c:\program files\common files\aol\1167058518\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1167058518\ee\aolsoftware.exe
C:\Documents and Settings\Janis\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: XTN Monitor - {1FBABB0D-0B1A-49C4-B7BE-29A70A50DB87} - C:\WINDOWS\ddwlxtqqwt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: The enqvwkp - {B1B10992-4C8F-4F54-85B2-CB3CA788E498} - C:\WINDOWS\enqvwkp.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1167058518\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [License] locker.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/v2.13/cab/aolpPlugins.10.6.0.8.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1198736413078
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/zuma/popcaploader_v5.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: bmlvqkn - {3B5FBD3A-072E-4530-BA6E-8A9058F898FA} - C:\WINDOWS\bmlvqkn.dll
O21 - SSODL: agrlmvp - {B0D6E5F1-D529-45C7-8445-E8381C284A21} - C:\WINDOWS\agrlmvp.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

SmitFraudFix v2.274

Scan done at 4:00:56.53, Wed 01/16/2008
Run from C:\Documents and Settings\Janis\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\Video Add-on\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4242A0FC-184B-47BA-8349-DC0FD5B5F24A}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4242A0FC-184B-47BA-8349-DC0FD5B5F24A}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4242A0FC-184B-47BA-8349-DC0FD5B5F24A}: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

SmitFraudFix v2.274

Scan done at 4:00:56.53, Wed 01/16/2008
Run from C:\Documents and Settings\Janis\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\Video Add-on\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4242A0FC-184B-47BA-8349-DC0FD5B5F24A}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4242A0FC-184B-47BA-8349-DC0FD5B5F24A}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4242A0FC-184B-47BA-8349-DC0FD5B5F24A}: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of HijackThis v1.99.1
Scan saved at 8:25:47 AM, on 1/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Janis\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: The enqvwkp - {B1B10992-4C8F-4F54-85B2-CB3CA788E498} - C:\WINDOWS\enqvwkp.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1167058518\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [License] locker.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/v2.13/cab/aolpPlugins.10.6.0.8.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1198736413078
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/zuma/popcaploader_v5.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: bmlvqkn - {3B5FBD3A-072E-4530-BA6E-8A9058F898FA} - C:\WINDOWS\bmlvqkn.dll
O21 - SSODL: agrlmvp - {B0D6E5F1-D529-45C7-8445-E8381C284A21} - C:\WINDOWS\agrlmvp.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

What do you recommend I do next??


----------



## gscookie (Aug 3, 2007)

Oh I found the Superantispyware log so I'm adding it here. This was done after the SmitFraudFix....Thanks- any help would be appreciated 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/16/2008 at 07:22 AM

Application Version : 3.9.1008

Core Rules Database Version : 3369
Trace Rules Database Version: 1365

Scan type : Complete Scan
Total Scan Time : 03:01:29

Memory items scanned : 179
Memory threats detected : 0
Registry items scanned : 6535
Registry threats detected : 10
File items scanned : 76219
File threats detected : 37

Trojan.Net-MSV/VPS-Variant
HKLM\Software\Classes\CLSID\{1FBABB0D-0B1A-49C4-B7BE-29A70A50DB87}
HKCR\CLSID\{1FBABB0D-0B1A-49C4-B7BE-29A70A50DB87}
HKCR\CLSID\{1FBABB0D-0B1A-49C4-B7BE-29A70A50DB87}
HKCR\CLSID\{1FBABB0D-0B1A-49C4-B7BE-29A70A50DB87}\InprocServer32
HKCR\CLSID\{1FBABB0D-0B1A-49C4-B7BE-29A70A50DB87}\InprocServer32#ThreadingModel
HKCR\CLSID\{1FBABB0D-0B1A-49C4-B7BE-29A70A50DB87}\ProgID
HKCR\CLSID\{1FBABB0D-0B1A-49C4-B7BE-29A70A50DB87}\Programmable
HKCR\CLSID\{1FBABB0D-0B1A-49C4-B7BE-29A70A50DB87}\TypeLib
HKCR\CLSID\{1FBABB0D-0B1A-49C4-B7BE-29A70A50DB87}\VersionIndependentProgID
C:\WINDOWS\DDWLXTQQWT.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FBABB0D-0B1A-49C4-B7BE-29A70A50DB87}

Adware.Tracking Cookie
C:\Documents and Settings\Janis\Cookies\[email protected][2].txt
C:\Documents and Settings\Janis\Cookies\[email protected][2].txt
C:\Documents and Settings\Janis\Cookies\[email protected][2].txt
C:\Documents and Settings\Janis\Cookies\[email protected][2].txt
C:\Documents and Settings\Janis\Cookies\[email protected][2].txt
C:\Documents and Settings\Janis\Cookies\[email protected][2].txt
C:\Documents and Settings\Janis\Cookies\[email protected][1].txt
C:\Documents and Settings\Janis\Cookies\[email protected][1].txt
C:\Documents and Settings\Mikayla\Cookies\[email protected][2].txt
C:\Documents and Settings\Mikayla\Cookies\[email protected][1].txt
C:\Documents and Settings\Mikayla\Cookies\[email protected][1].txt
C:\Documents and Settings\Mikayla\Cookies\[email protected][1].txt
C:\Documents and Settings\Mikayla\Cookies\[email protected][2].txt
C:\Documents and Settings\Mikayla\Cookies\[email protected][2].txt
C:\Documents and Settings\Mikayla\Cookies\[email protected][2].txt
C:\Documents and Settings\Mikayla\Cookies\[email protected][1].txt
C:\Documents and Settings\Mikayla\Cookies\[email protected][2].txt
C:\Documents and Settings\Mikayla\Cookies\[email protected][1].txt
C:\Documents and Settings\Mikayla\Cookies\[email protected][1].txt
C:\Documents and Settings\Mikayla\Cookies\[email protected][1].txt
C:\Documents and Settings\Mikayla\Cookies\[email protected][1].txt
C:\Documents and Settings\Mikayla\Cookies\[email protected][2].txt
C:\Documents and Settings\Mikayla\Cookies\[email protected][1].txt
C:\Documents and Settings\Mikayla\Cookies\[email protected][1].txt
C:\Documents and Settings\Mikayla\Cookies\[email protected][1].txt
C:\Documents and Settings\Mikayla\Cookies\[email protected]****games[2].txt
C:\Documents and Settings\Mikayla\Cookies\[email protected][2].txt
C:\Documents and Settings\Mikayla\Cookies\[email protected][1].txt
C:\Documents and Settings\Mikayla\Cookies\[email protected][1].txt
C:\Documents and Settings\Mikayla\Cookies\[email protected][2].txt
C:\Documents and Settings\Mikayla\Cookies\[email protected][1].txt
C:\Documents and Settings\Mikayla\Cookies\[email protected][2].txt
C:\Documents and Settings\Mikayla\Cookies\[email protected][2].txt
C:\Documents and Settings\Mikayla\Cookies\[email protected][1].txt
C:\Documents and Settings\Mikayla\Cookies\[email protected][3].txt

Trojan.Downloader/Media-Codec
C:\DOCUMENTS AND SETTINGS\JANIS\MY DOCUMENTS\LYONS\VIDEOACCESSCODECINSTALL.EXE


----------



## gscookie (Aug 3, 2007)

Well after looking at some of the other threads, I ran a ComboFix but may have lost the original report log when I stepped away from the computer and it rebooted in normal mode and froze up. I rebooted in safe mode, ran ComboFix again, and a HijackThis log. Don't think I can do any more from this point without some expert help.

I am including the HijackThis log after the SuperAntiSpyware scan because it up in the first post and this is getting hard for me to keep things straight (and I'm the running these programs on the computer, lol)

HijackThis log 3

Logfile of HijackThis v1.99.1
Scan saved at 8:25:47 AM, on 1/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Janis\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: The enqvwkp - {B1B10992-4C8F-4F54-85B2-CB3CA788E498} - C:\WINDOWS\enqvwkp.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1167058518\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [License] locker.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/v2.13/cab/aolpPlugins.10.6.0.8.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1198736413078
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/zuma/popcaploader_v5.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: bmlvqkn - {3B5FBD3A-072E-4530-BA6E-8A9058F898FA} - C:\WINDOWS\bmlvqkn.dll
O21 - SSODL: agrlmvp - {B0D6E5F1-D529-45C7-8445-E8381C284A21} - C:\WINDOWS\agrlmvp.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

ComboFix Log2

ComboFix 08-01-17.3 - Janis 2008-01-16 17:06:39.3 - *FAT32*x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.806 [GMT -8:00]
Running from: C:\Documents and Settings\Janis\Desktop\ComboFix.exe

*WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!*
.

((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
.

2008-01-16 16:37 . 2000-08-31 08:00	51,200	--a------	C:\WINDOWS\NirCmd.exe
2008-01-16 16:27 . 2008-01-16 16:27 d--hs----	C:\FOUND.014
2008-01-16 03:45 . 2007-09-05 23:22	289,144	--a------	C:\WINDOWS\system32\VCCLSID.exe
2008-01-16 03:45 . 2006-04-27 16:49	288,417	--a------	C:\WINDOWS\system32\SrchSTS.exe
2008-01-16 03:45 . 2007-12-20 23:11	81,920	--a------	C:\WINDOWS\system32\IEDFix.exe
2008-01-16 03:45 . 2003-06-05 20:13	53,248	--a------	C:\WINDOWS\system32\Process.exe
2008-01-16 03:45 . 2004-07-31 17:50	51,200	--a------	C:\WINDOWS\system32\dumphive.exe
2008-01-16 03:45 . 2007-10-03 23:36	25,600	--a------	C:\WINDOWS\system32\WS2Fix.exe
2008-01-15 19:21 . 2008-01-15 19:21 d--hs----	C:\FOUND.013
2008-01-15 17:55 . 2008-01-15 15:45	262,144	--a------	C:\WINDOWS\bmlvqkn.dll
2008-01-15 17:55 . 2008-01-15 15:45	196,608	--a------	C:\WINDOWS\agrlmvp.dll
2008-01-15 17:55 . 2008-01-15 15:45	90,112	--a------	C:\WINDOWS\fxtqdrl.exe
2008-01-14 20:18 . 2008-01-14 20:18 d--hs----	C:\FOUND.012
2008-01-10 18:51 . 2008-01-10 18:51 d--------	C:\Documents and Settings\Mikayla\Application Data\Apple Computer
2008-01-09 09:43 . 2008-01-09 09:43 d--------	C:\Documents and Settings\Janis\Application Data\U3
2008-01-07 17:19 . 2007-02-03 10:27	938,272	-ra------	C:\WINDOWS\system32\drivers\LV302V32.SYS
2008-01-07 17:18 . 2008-01-07 17:18	127,034	-r-------	C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-01-07 17:11 . 2008-01-07 17:11 d--------	C:\Program Files\Logitech
2008-01-07 17:11 . 2008-01-07 17:11 d--------	C:\Program Files\Common Files\LogiShrd
2008-01-07 17:11 . 2008-01-07 17:11 d--------	C:\Documents and Settings\All Users\Application Data\Logitech
2008-01-07 17:11 . 2008-01-07 17:11 d--------	C:\Documents and Settings\All Users\Application Data\Logishrd
2008-01-07 07:18 . 2008-01-07 07:18 d--------	C:\Program Files\AOL Pictures
2008-01-05 10:20 . 2008-01-05 10:20	2	--a------	C:\WINDOWS\uid.tmp
2008-01-05 10:04 . 2008-01-05 10:04	43,520	--a------	C:\WINDOWS\wl.exe
2008-01-05 10:03 . 2008-01-05 10:03	217,088	--a------	C:\WINDOWS\locker.exe
2008-01-05 09:07 . 2008-01-05 09:07	31	--a------	C:\WINDOWS\st.bat
2007-12-28 03:00 . 2007-12-28 03:00 d--------	C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-27 21:04 . 2007-07-30 19:19	271,224	--a------	C:\WINDOWS\system32\mucltui.dll
2007-12-27 21:04 . 2007-07-30 19:19	30,072	--a------	C:\WINDOWS\system32\mucltui.dll.mui
2007-12-27 05:38 . 2007-12-27 05:38 dr-h-----	C:\Documents and Settings\Guest\Application Data\yahoo!
2007-12-26 21:37 . 2007-12-26 21:37 d--------	C:\Documents and Settings\Guest\Application Data\AOL
2007-12-26 21:35 . 2007-07-31 16:45 d--------	C:\Documents and Settings\Guest\Application Data\Apple Computer
2007-12-26 21:30 . 2007-12-26 21:30 d--hs----	C:\FOUND.011
2007-12-19 06:13 . 2007-12-19 06:13	73,216	--a------	C:\WINDOWS\WinLockDll.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 12:01	6,206	----a-w	C:\WINDOWS\system32\tmp.reg
2007-12-13 08:59	---------	d-----w	C:\Documents and Settings\Mikayla\Application Data\Symantec
2007-12-05 15:05	805	----a-w	C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-05 15:05	60,800	----a-w	C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-05 15:05	123,952	----a-w	C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-05 15:05	10,740	----a-w	C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-01 07:57	43,696	----a-w	C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 07:57	317,616	----a-w	C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 07:57	279,088	----a-w	C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 07:57	10,549	----a-w	C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 07:57	10,549	----a-w	C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 07:57	10,545	----a-w	C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 07:57	1,430	----a-w	C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 07:57	1,421	----a-w	C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 07:57	1,415	----a-w	C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-26 23:59	---------	d-----w	C:\Documents and Settings\Janis\Application Data\Snapfish
2007-11-07 09:26	721,920	----a-w	C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26	721,920	----a-w	C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:42	3,590,656	----a-w	C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20	360,064	----a-w	C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:35	1,287,680	----a-w	C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35	1,287,680	----a-w	C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-28 01:40	222,720	----a-w	C:\WINDOWS\system32\wmasf.dll
2007-10-28 01:40	222,720	----a-w	C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34	8,460,288	----a-w	C:\WINDOWS\system32\dllcache\shell32.dll
.

((((((((((((((((((((((((((((( [email protected]_16.52.07.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-31 16:00:00	163,328	----a-w	C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-12 06:17 50776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"LaunchApp"="Alaunch" []
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-16 17:24 88204 C:\WINDOWS\AGRSMMSG.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 17:28 16005120 C:\WINDOWS\RTHDCPL.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 14:21 53248]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 07:17 102491]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 07:16 692315]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00 345088]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 13:55 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 13:52 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 13:55 118784]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-04 18:08 421888]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 13:56 471040]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 16:43 401408]
"ImageItEncrypt"="C:\WINDOWS\system32\ImageItEncrypt.exe" [2005-12-30 14:02 40960]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 05:50 71216]
"HostManager"="C:\Program Files\Common Files\AOL\1167058518\ee\AOLSoftware.exe" [2006-09-25 16:52 50736]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-12-25 06:56 26112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12 488984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13 774168]
"License"="locker.exe" [2008-01-05 10:03 217088 C:\WINDOWS\locker.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-02 12:29:49]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-21 21:20:47]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-07 17:18:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bmlvqkn"= {3B5FBD3A-072E-4530-BA6E-8A9058F898FA} - C:\WINDOWS\bmlvqkn.dll [2008-01-15 15:45 262144]
"agrlmvp"= {B0D6E5F1-D529-45C7-8445-E8381C284A21} - C:\WINDOWS\agrlmvp.dll [2008-01-15 15:45 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 16:14]
S2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57]
S2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57]
S2 int15;int15;C:\WINDOWS\system32\drivers\int15.sys [2006-04-14 15:27]
S2 tvicport;tvicport;C:\WINDOWS\system32\drivers\tvicport.sys [2006-04-14 15:27]
S3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-07 20:17]
S3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 17:10]

*Newly Created Service* - COMHOST 
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 17:10:44
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully 
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-16 17:11:48
ComboFix-quarantined-files.txt 2008-01-17 01:11:42
ComboFix2.txt 2008-01-17 00:53:20
.
2008-01-09 00:15:54	--- E O F ---


----------



## gscookie (Aug 3, 2007)

HijackThis log 4

Logfile of HijackThis v1.99.1
Scan saved at 5:17:45 PM, on 1/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Janis\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1167058518\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [License] locker.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/v2.13/cab/aolpPlugins.10.6.0.8.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1198736413078
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/zuma/popcaploader_v5.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: bmlvqkn - {3B5FBD3A-072E-4530-BA6E-8A9058F898FA} - C:\WINDOWS\bmlvqkn.dll
O21 - SSODL: agrlmvp - {B0D6E5F1-D529-45C7-8445-E8381C284A21} - C:\WINDOWS\agrlmvp.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Any help will be greatly appreciated- Thanks!


----------



## sjpritch25 (Sep 8, 2005)

Welcome to TSG 

Before we start fixing anything you should *print out these instructions* or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Download *SDFix* and save it to your desktop.
Double click *SDFix.exe* and it will extract the files to %systemdrive%
_(this is the drive that contains the Windows Directory, typically C:\SDFix)_. *DO NOT use it just yet*.

*Reboot your computer in* *SAFE MODE*" using the *F8* method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click *RunThis.cmd* to start the script.
 Type *Y* to begin the cleanup process.
It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
*Press any Key* and it will restart the PC.
When the PC restarts, the Fixtool will run again and complete the removal process then display *Finished*, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as *Report.txt*.
Finally copy and paste the contents of the results file *Report.txt* in your next reply along with a new HijackThis log.


----------



## gscookie (Aug 3, 2007)

Thank you so much for getting back to me-- my husband wants to do a systems recovery tonight if we can't get the computer working again.

Here is the SDFix report
SDFix: Version 1.127

Run by Janis on Thu 01/17/2008 at 10:58 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\agrlmvp.dll - Deleted
C:\WINDOWS\bmlvqkn.dll - Deleted
C:\WINDOWS\fxtqdrl.exe - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 11:04:16
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Mon 22 May 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Mon 22 May 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Mon 22 May 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Mon 22 May 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Mon 22 May 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Fri 19 Nov 2004 54,872 A..H. --- "C:\Program Files\America Online 9.0\AOLphx.exe"
Fri 19 Nov 2004 31,832 A..H. --- "C:\Program Files\America Online 9.0\rbm.exe"
Fri 28 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT6.tmp"
Fri 26 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Janis\Application Data\U3\temp\Launchpad Removal.exe"

Finished!

And the HijackThis log
Logfile of HijackThis v1.99.1
Scan saved at 11:19:42 AM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Janis\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1167058518\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [License] locker.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/v2.13/cab/aolpPlugins.10.6.0.8.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1198736413078
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

I am still working in safe mode because the huge white IE screen is covering the rest of the command bar-- there is a orange button on a black background underneath it that says your subscription has expired (or something of the sort) that i get flashes of when I turn off the computer. What should I do next?


----------



## sjpritch25 (Sep 8, 2005)

While in Safe Mode

Note: You may need to unhide hidden files and folders.
*Configure Windows XP to show hide hidden files:*
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select* "Show hidden files and folders". *
Uncheck the *"Hide protected operating system files (recommended)*" option.
Uncheck the *"Hide file extensions for known file types"* option.
Click *Yes* to confirm. Click *OK.*

Please *DELETE* the following file(s) *IF STILL PRESENT*. You can use Windows Explorer to navigate or use Windows Search feature to locate them.

*Files:*
C:\WINDOWS\locker.exe *<-- this file*

====================================================

Run HijackThis, and press "Do a System Scan Only". 
1. When the scan is complete place a check mark next to the following entries:
*
O4 - HKLM\..\Run: [License] locker.exe
*
2. After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked." Then, reboot your computer...


----------



## gscookie (Aug 3, 2007)

Wow! The huge white screen is gone and I can work in normal mode! Thank you so much!! I still get an error page for IE that reads "Internet Explorer cannot display the webpage" though, and my CPU usage is at 54% with only AOL and IE as a running applications, but when I close IE it drops to 4%...Is there any way to fix the IE problem and make my computer run faster? (now I feel like I'm whining, lol) You have really helped a lot so far, so I'm making a donation tonight.

HijackThis log
Logfile of HijackThis v1.99.1
Scan saved at 9:38:24 PM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Common Files\AOL\1167058518\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
c:\program files\common files\aol\1167058518\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1167058518\ee\aolsoftware.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\Janis\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1167058518\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/v2.13/cab/aolpPlugins.10.6.0.8.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1198736413078
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


----------



## sjpritch25 (Sep 8, 2005)

See if this helps with the error

http://support.microsoft.com/kb/926431


----------



## gscookie (Aug 3, 2007)

Here's the diagnostics. What is www.passport.net? Also, what virus was causing that big white screen? Should I run any other scans or do I need to run a Killbox?

Last diagnostic run time: 01/18/08 06:22:26 HTTP, HTTPS, FTP Diagnostic 
HTTP, HTTPS, FTP connectivity

info FTP (Passive): Successfully connected to ftp.microsoft.com. 
info HTTP: Successfully connected to www.microsoft.com. 
warn HTTPS: Error 12037 connecting to www.passport.net: The date in the certificate is invalid or has expired 
info HTTPS: Successfully connected to www.microsoft.com.


----------



## sjpritch25 (Sep 8, 2005)

passport is related to microsoft live.

Everything that was malware related it a scam to try and collect money. Thats really all it is. Basically, it try's to scare people into purchasing the software to (supposedly remove the infection).

Please perform a scan with *Kaspersky Webscan Online Virus Scanner*

1. Read the Requirements and Privacy statement, then select "*Accept*". 2. A new window will appear promting you to install an ActiveX component from Kaspersky - "*Do you want to install this software*?". 3. Click "*Yes*" or select "*Install*" to download the ActiveX controls that allows ActiveScan to run. 4. When the download is complete it will say ready, click "*Next*". 5. Click "*Scan Settings*" and check the option to use the *Extended Database* if available otherwise Standard). 6. Click "*Scan Options*" and select both "*Scan Archives*" and "*Scan Mail Bases*". 7. Click "*OK*". 8. Under "*Select a target to scan*", click on "*My Computer*". 9. When the scan is complete choose to save the results as "*Save as Text*" named kaspersky.txt to your desktop and post them in your next reply.

Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for _Free Online Virus Scanner_. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps *here* and reboot afterwards if your system does not reboot automatically or it will show '_Kaspersky Online Scanner license key was not found!_


----------



## sjpritch25 (Sep 8, 2005)

Screenshot is the one that i tested on my test box. Same infection you had.


----------



## gscookie (Aug 3, 2007)

Um, before you got back to me and told me to run the SDFix, I removed 4 things using HJ. I know it was okay to remove this pogo link but was it a threat?

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/z...ploader_v5.cab

These were not on my clean HijackThis log that was run in Sept 2007 so I deleted them. What are they part of?

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: bmlvqkn - {3B5FBD3A-072E-4530-BA6E-8A9058F898FA} - C:\WINDOWS\bmlvqkn.dll
O21 - SSODL: agrlmvp - {B0D6E5F1-D529-45C7-8445-E8381C284A21} - C:\WINDOWS\agrlmvp.dll

Kaspersky is still downloading...


----------



## sjpritch25 (Sep 8, 2005)

Here is a good reason why you need to leave everything to us experts.
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

This not malware, but related to Microsoft. 
http://www.castlecops.com/o21list-49.html

When kaspersky is done, post the log. Afterwards we will restore the entry that you deleted.


----------



## gscookie (Aug 3, 2007)

You are 100% right that I should leave these things to the professionals! This scan is greek to me...

Kapersky scan
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, January 18, 2008 12:50:18 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/01/2008
Kaspersky Anti-Virus database records: 522081
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 76946
Number of viruses found: 3
Number of infected objects: 11
Number of suspicious objects: 0
Duration of the scan process: 02:11:55

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\software.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\default.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SAM.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\Media Ce.evt	Object is locked	skipped
C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\Internet.evt	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY	Object is locked	skipped
C:\WINDOWS\system32\config\SOFTWARE	Object is locked	skipped
C:\WINDOWS\system32\config\SYSTEM	Object is locked	skipped
C:\WINDOWS\system32\config\DEFAULT	Object is locked	skipped
C:\WINDOWS\system32\config\SAM	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb	Object is locked	skipped
C:\WINDOWS\system32\h323log.txt	Object is locked	skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl	Object is locked	skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_700.dat	Object is locked	skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_e3c.dat	Object is locked	skipped
C:\WINDOWS\TEMP\cc6.tmp	Object is locked	skipped
C:\WINDOWS\TEMP\cc7.tmp	Object is locked	skipped
C:\WINDOWS\TEMP\cc8.tmp	Object is locked	skipped
C:\WINDOWS\TEMP\JET1A1D.tmp	Object is locked	skipped
C:\WINDOWS\TEMP\JET1C21.tmp	Object is locked	skipped
C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{D065C24B-846A-4593-B84B-E269D43E178D}.bin	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{B3342046-B924-46A5-A835-4796D86051EA}.crmlog	Object is locked	skipped
C:\WINDOWS\WindowsUpdate.log	Object is locked	skipped
C:\WINDOWS\SchedLgU.Txt	Object is locked	skipped
C:\WINDOWS\Sti_Trace.log	Object is locked	skipped
C:\WINDOWS\wiaservc.log	Object is locked	skipped
C:\WINDOWS\wiadebug.log	Object is locked	skipped
C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt	Object is locked	skipped
C:\WINDOWS\WinLockDll.dll	Infected: not-a-virus:RiskTool.Win32.Winlocker.a	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-01-18_Log.ALUSchedulerSvc.LiveUpdate	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\790232C8.TMP	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\9846C68F.TMP	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\CACHE\mko00	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\mkosm	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\mkosm.aby	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\mkosm.abi	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\SNMaster.idx	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\mkosm\MyDB.idx	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\mkosm\toolbar.lst	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\APP10708.LST	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Janis\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\Janis\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Janis\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Janis\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Janis\Local Settings\Application Data\ApplicationHistory\ePower_DMC.exe.3ca0acde.ini.inuse	Object is locked	skipped
C:\Documents and Settings\Janis\Local Settings\Application Data\ApplicationHistory\ePresentation.exe.e70224e9.ini.inuse	Object is locked	skipped
C:\Documents and Settings\Janis\Local Settings\Application Data\ApplicationHistory\Acer.Empowering.Framework.Launcher.exe.7c55249b.ini.inuse	Object is locked	skipped
C:\Documents and Settings\Janis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\Janis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Janis\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls	Object is locked	skipped
C:\Documents and Settings\Janis\Local Settings\Temp\~DFAC20.tmp	Object is locked	skipped
C:\Documents and Settings\Janis\Local Settings\Temp\Perflib_Perfdata_ba4.dat	Object is locked	skipped
C:\Documents and Settings\Janis\Local Settings\Temp\Perflib_Perfdata_9d8.dat	Object is locked	skipped
C:\Documents and Settings\Janis\My Documents\lyons\nothing.exe/data0007	Infected: Trojan-Downloader.Win32.Zlob.gbg	skipped
C:\Documents and Settings\Janis\My Documents\lyons\nothing.exe	NSIS: infected - 1	skipped
C:\Documents and Settings\Janis\My Documents\lyons\Video31.exe/data0006	Infected: not-a-virus:RiskTool.Win32.Winlocker.a	skipped
C:\Documents and Settings\Janis\My Documents\lyons\Video31.exe	NSIS: infected - 1	skipped
C:\Documents and Settings\Janis\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe	Infected: not-a-virus:RiskTool.Win32.Reboot.f	skipped
C:\Documents and Settings\Janis\Desktop\SmitfraudFix.exe/data.rar	Infected: not-a-virus:RiskTool.Win32.Reboot.f	skipped
C:\Documents and Settings\Janis\Desktop\SmitfraudFix.exe	RarSFX: infected - 2	skipped
C:\Documents and Settings\Janis\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\Janis\Application Data\AOL\C_America Online 9.0\IDB\art.idx	Object is locked	skipped
C:\Documents and Settings\Janis\Application Data\AOL\C_America Online 9.0\IDB\sap.dat	Object is locked	skipped
C:\Documents and Settings\Janis\Application Data\AOL\C_America Online 9.0\IDB\Apps.Lst	Object is locked	skipped
C:\Documents and Settings\Janis\Application Data\AOL\C_America Online 9.0\IDB\sysnews.lst	Object is locked	skipped
C:\Documents and Settings\Janis\Application Data\AOL\C_America Online 9.0\IDB\spool.lst	Object is locked	skipped
C:\Documents and Settings\Janis\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.dat	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAD.dat	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWADMT.dat	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.ldb	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT	Object is locked	skipped
C:\Program Files\Norton 360\Log\AVManual.log	Object is locked	skipped
C:\Program Files\Norton 360\Log\CUInternetPageViewHistory.log	Object is locked	skipped
C:\Program Files\Norton 360\Log\VABrowserSettings.log	Object is locked	skipped
C:\Program Files\Norton 360\Log\WDFScanner.log	Object is locked	skipped
C:\Program Files\Norton 360\Log\AVContext.log	Object is locked	skipped
C:\Program Files\Norton 360\Log\CUInternetSearchHistory.log	Object is locked	skipped
C:\Program Files\Norton 360\Log\CUInternetTempFiles.log	Object is locked	skipped
C:\Program Files\Norton 360\Log\CUWindowsTempFiles.log	Object is locked	skipped
C:\Program Files\Norton 360\Log\LiveUpdate.log	Object is locked	skipped
C:\Program Files\Norton 360\Log\VAWeakPasswords.log	Object is locked	skipped
C:\Program Files\Norton 360\Log\Backup.log	Object is locked	skipped
C:\Program Files\Norton 360\Log\VAIPAddresses.log	Object is locked	skipped
C:\Program Files\Norton 360\Log\ISIntrusionPrevented.log	Object is locked	skipped
C:\Program Files\Norton 360\Log\NCO.log	Object is locked	skipped
C:\Program Files\Norton 360\Log\AutoProtect.log	Object is locked	skipped
C:\Program Files\Norton 360\Log\EmailScan.log	Object is locked	skipped
C:\Program Files\Norton 360\Log\InternetSecurity.log	Object is locked	skipped
C:\Program Files\Norton 360\Log\ISIOTraffic.log	Object is locked	skipped
C:\Program Files\Norton 360\Log\ISNewNetwork.log	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janis\Data\inuse.txt	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janis\Data\main.log	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janis\Data\storydb.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janis\Data\storydb.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janis\Data\chn.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janis\Data\chn.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janis\Data\prs_die.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janis\Data\prs_die.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janis\Data\prs_dnd.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janis\Data\prs_dnd.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janis\Data\prs_ext.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janis\Data\prs_ext.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janis\Data\prs_rcv.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janis\Data\prs_rcv.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janis\Data\prs.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janis\Data\prs.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janis\Data\L0000002.FCS	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janis\Data\chandir.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janis\Data\chandir.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janis\Data\D0000000.FCS	Object is locked	skipped
C:\System Volume Information\_restore{677A5165-3EAE-471A-A33E-41B8C3EB2721}\RP86\A0039120.exe	Infected: not-a-virus:RiskTool.Win32.Reboot.f	skipped
C:\System Volume Information\_restore{677A5165-3EAE-471A-A33E-41B8C3EB2721}\RP86\A0042422.dll	Infected: not-a-virus:RiskTool.Win32.Winlocker.a	skipped
C:\System Volume Information\_restore{677A5165-3EAE-471A-A33E-41B8C3EB2721}\RP86\A0046674.exe	Infected: not-a-virus:RiskTool.Win32.Reboot.f	skipped
C:\System Volume Information\_restore{677A5165-3EAE-471A-A33E-41B8C3EB2721}\RP87\change.log	Object is locked	skipped

Scan process completed.


----------



## sjpritch25 (Sep 8, 2005)

Please *DELETE* the following file(s) *IF STILL PRESENT*. You can use Windows Explorer to navigate or use Windows Search feature to locate them.

*Files:*
C:\WINDOWS\WinLockDll.dll *<-- this file*
C:\Documents and Settings\Janis\My Documents\lyons\nothing.exe *<-- this file*
C:\Documents and Settings\Janis\My Documents\lyons\Video31.exe *<-- this file*

Open Hijackthis and click on *Do System Scan Only*. Click on *Config* and looke for the *Backup* icon. After you have clicked on *Backup*, navigate the to the following entry *O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll* and click on the Restore button. Exit out of Hijackthis and reboot your computer.

In your next reply, post a fresh Hijackthis log. How is everything running??


----------



## gscookie (Aug 3, 2007)

Okay it was running fine and after I did the last step, it started to run really slow and now i can't even get it to boot up in safe mode....how do I do a systems recovery on this computer since I've spent the last 3-4 days trying to fix this and am ready to throw in the towel?? I'm trying to get a copy of the last HJT for you off the laptop but am still waiting for it to finish booting up.


----------



## sjpritch25 (Sep 8, 2005)

When you get it back up, post the hijackthis log.


----------



## gscookie (Aug 3, 2007)

I actually reset to last known working config because I couldn't get it to boot up in safe mode. It looks normal but is loading very very slowly, I'm getting the same IE "cannot display the webpage" error. Something isn't right.

Here is the lastest HJT log....what now? This is so frustrating.
Logfile of HijackThis v1.99.1
Scan saved at 8:26:22 PM, on 1/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Common Files\AOL\1167058518\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\America Online 9.0\waol.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
c:\program files\common files\aol\1167058518\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1167058518\ee\aolsoftware.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Documents and Settings\Janis\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1167058518\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/v2.13/cab/aolpPlugins.10.6.0.8.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1198736413078
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


----------



## sjpritch25 (Sep 8, 2005)

Download *Combofix* from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 *Link 1*
 *Link 2*
 *Link 3*

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on *combofix.exe* & follow the prompts. 
When finished, it will produce a report for you.
Please post the *"C:\ComboFix.txt" *along with a *new HijackThis log* for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


----------



## gscookie (Aug 3, 2007)

I think the download of the WindowsXP Prof 2pack went to my temp files. When it asks to run or save on the first promt, do I click save to desktop?


----------



## sjpritch25 (Sep 8, 2005)

What is WindowsXP Prof 2pack?? Are you trying to install the recovery console?


----------



## gscookie (Aug 3, 2007)

Yes, that's what the bleepingcomputers link suggested I do before running combofix.exe. I deleted the combofix.exe that was on my desktop, loaded a new combofix.exe, and was trying to install a recovery console.


----------



## gscookie (Aug 3, 2007)

I haven't installed the recovery console. Should I just run the combofix?


----------



## sjpritch25 (Sep 8, 2005)

Please run ComboFix.

Earlier, What were you trying to install ?


----------



## gscookie (Aug 3, 2007)

Yes, under the combofix download were instructions on installing the recovery console.

Here is ComboFix
ComboFix 08-01-18.5 - Janis 2008-01-19 12:49:37.5 - *FAT32*x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.796 [GMT -8:00]
Running from: C:\Documents and Settings\Janis\Desktop\ComboFix.exe

*WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\wl.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-19 to 2008-01-19 )))))))))))))))))))))))))))))))
.

2008-01-19 12:48 . 2000-08-31 08:00	51,200	--a------	C:\WINDOWS\NirCmd.exe
2008-01-18 20:13 . 2008-01-18 20:13	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-01-18 20:13 . 2008-01-18 20:13	1,409	--a------	C:\WINDOWS\QTFont.for
2008-01-18 20:06 . 2008-01-18 20:06 d--hs----	C:\FOUND.016
2008-01-18 08:36 . 2008-01-18 08:36 d--------	C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-18 08:35 . 2008-01-18 08:36 d--------	C:\WINDOWS\system32\Kaspersky Lab
2008-01-17 10:56 . 2008-01-17 10:56 d--------	C:\WINDOWS\ERUNT
2008-01-17 08:27 . 2008-01-17 08:27 d--hs----	C:\FOUND.015
2008-01-17 07:18 . 2008-01-17 07:18 d--------	C:\!KillBox
2008-01-16 16:27 . 2008-01-16 16:27 d--hs----	C:\FOUND.014
2008-01-16 03:45 . 2007-09-05 23:22	289,144	--a------	C:\WINDOWS\system32\VCCLSID.exe
2008-01-16 03:45 . 2006-04-27 16:49	288,417	--a------	C:\WINDOWS\system32\SrchSTS.exe
2008-01-16 03:45 . 2007-12-20 23:11	81,920	--a------	C:\WINDOWS\system32\IEDFix.exe
2008-01-16 03:45 . 2003-06-05 20:13	53,248	--a------	C:\WINDOWS\system32\Process.exe
2008-01-16 03:45 . 2004-07-31 17:50	51,200	--a------	C:\WINDOWS\system32\dumphive.exe
2008-01-16 03:45 . 2007-10-03 23:36	25,600	--a------	C:\WINDOWS\system32\WS2Fix.exe
2008-01-15 19:21 . 2008-01-15 19:21 d--hs----	C:\FOUND.013
2008-01-14 20:18 . 2008-01-14 20:18 d--hs----	C:\FOUND.012
2008-01-10 18:51 . 2008-01-10 18:51 d--------	C:\Documents and Settings\Mikayla\Application Data\Apple Computer
2008-01-09 09:43 . 2008-01-09 09:43 d--------	C:\Documents and Settings\Janis\Application Data\U3
2008-01-07 17:19 . 2007-02-03 10:27	938,272	-ra------	C:\WINDOWS\system32\drivers\LV302V32.SYS
2008-01-07 17:18 . 2008-01-07 17:18	127,034	-r-------	C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-01-07 17:11 . 2008-01-07 17:11 d--------	C:\Program Files\Logitech
2008-01-07 17:11 . 2008-01-07 17:11 d--------	C:\Program Files\Common Files\LogiShrd
2008-01-07 17:11 . 2008-01-07 17:11 d--------	C:\Documents and Settings\All Users\Application Data\Logitech
2008-01-07 17:11 . 2008-01-07 17:11 d--------	C:\Documents and Settings\All Users\Application Data\Logishrd
2008-01-07 07:18 . 2008-01-07 07:18 d--------	C:\Program Files\AOL Pictures
2008-01-05 10:20 . 2008-01-05 10:20	2	--a------	C:\WINDOWS\uid.tmp
2008-01-05 09:07 . 2008-01-05 09:07	31	--a------	C:\WINDOWS\st.bat
2007-12-28 03:00 . 2007-12-28 03:00 d--------	C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-27 21:04 . 2007-07-30 19:19	271,224	--a------	C:\WINDOWS\system32\mucltui.dll
2007-12-27 21:04 . 2007-07-30 19:19	30,072	--a------	C:\WINDOWS\system32\mucltui.dll.mui
2007-12-27 05:38 . 2007-12-27 05:38 dr-h-----	C:\Documents and Settings\Guest\Application Data\yahoo!
2007-12-26 21:37 . 2007-12-26 21:37 d--------	C:\Documents and Settings\Guest\Application Data\AOL
2007-12-26 21:35 . 2007-07-31 16:45 d--------	C:\Documents and Settings\Guest\Application Data\Apple Computer
2007-12-26 21:30 . 2007-12-26 21:30 d--hs----	C:\FOUND.011

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 22:45	6,100	----a-w	C:\WINDOWS\system32\tmp.reg
2007-12-13 08:59	---------	d-----w	C:\Documents and Settings\Mikayla\Application Data\Symantec
2007-12-05 15:05	805	----a-w	C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-05 15:05	60,800	----a-w	C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-05 15:05	123,952	----a-w	C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-05 15:05	10,740	----a-w	C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-01 07:57	43,696	----a-w	C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 07:57	317,616	----a-w	C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 07:57	279,088	----a-w	C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 07:57	10,549	----a-w	C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 07:57	10,549	----a-w	C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 07:57	10,545	----a-w	C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 07:57	1,430	----a-w	C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 07:57	1,421	----a-w	C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 07:57	1,415	----a-w	C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-26 23:59	---------	d-----w	C:\Documents and Settings\Janis\Application Data\Snapfish
2007-11-07 09:26	721,920	----a-w	C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26	721,920	----a-w	C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:42	3,590,656	----a-w	C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20	360,064	----a-w	C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:35	1,287,680	----a-w	C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35	1,287,680	----a-w	C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-28 01:40	222,720	----a-w	C:\WINDOWS\system32\wmasf.dll
2007-10-28 01:40	222,720	----a-w	C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34	8,460,288	----a-w	C:\WINDOWS\system32\dllcache\shell32.dll
.

((((((((((((((((((((((((((((( [email protected]_16.52.07.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-17 00:38:30	237,568	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\ntuser.dat
+ 2008-01-19 20:49:14	237,568	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\ntuser.dat
- 2008-01-17 00:38:30	12,288	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-19 20:49:14	12,288	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-17 00:38:34	4,780,032	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-19 20:49:16	4,780,032	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
- 2008-01-17 00:38:34	172,032	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-19 20:49:18	172,032	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2000-08-31 16:00:00	163,328	----a-w	C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
+ 2008-01-17 15:17:34	163,328	----a-w	C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-01-19 02:16:42	4,780,032	----a-w	C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-01-19 02:16:44	172,032	----a-w	C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-01-17 15:17:34	163,328	----a-w	C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-01-17 18:56:48	4,780,032	----a-w	C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-01-17 18:56:48	172,032	----a-w	C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2005-05-24 20:27:16	213,048	----a-w	C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 23:47:20	94,208	----a-w	C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 23:49:54	950,272	----a-w	C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2006-01-09 17:36:06	40,960	----a-w	C:\WINDOWS\system32\swsc.exe
+ 2000-08-31 16:00:00	136,704	----a-w	C:\WINDOWS\system32\swsc.exe
- 2006-12-01 13:20:34	79,360	----a-w	C:\WINDOWS\system32\swxcacls.exe
+ 2000-08-31 16:00:00	212,480	----a-w	C:\WINDOWS\system32\swxcacls.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-12 06:17 50776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"LaunchApp"="Alaunch" []
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-16 17:24 88204 C:\WINDOWS\AGRSMMSG.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 17:28 16005120 C:\WINDOWS\RTHDCPL.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 14:21 53248]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 07:17 102491]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 07:16 692315]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00 345088]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 13:55 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 13:52 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 13:55 118784]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-04 18:08 421888]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 13:56 471040]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 16:43 401408]
"ImageItEncrypt"="C:\WINDOWS\system32\ImageItEncrypt.exe" [2005-12-30 14:02 40960]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 05:50 71216]
"HostManager"="C:\Program Files\Common Files\AOL\1167058518\ee\AOLSoftware.exe" [2006-09-25 16:52 50736]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-12-25 06:56 26112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12 488984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13 774168]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-02 12:29:49]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-21 21:20:47]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-07 17:18:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 16:14]
S2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57]
S2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57]
S2 int15;int15;C:\WINDOWS\system32\drivers\int15.sys [2006-04-14 15:27]
S2 tvicport;tvicport;C:\WINDOWS\system32\drivers\tvicport.sys [2006-04-14 15:27]
S3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-07 20:17]
S3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 17:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54851d5e-c3f4-11dc-8ca9-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c9e8bb0-beda-11dc-8c7b-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - COMHOST 
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 12:53:52
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully 
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-19 12:54:45
ComboFix-quarantined-files.txt 2008-01-19 20:54:42
ComboFix3.txt 2008-01-17 00:53:20
ComboFix2.txt 2008-01-17 01:11:50
.
2008-01-18 09:23:18	--- E O F ---

Here is HJT
Logfile of HijackThis v1.99.1
Scan saved at 1:24:30 PM, on 1/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Common Files\AOL\1167058518\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\program files\common files\aol\1167058518\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Janis\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1167058518\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/v2.13/cab/aolpPlugins.10.6.0.8.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1198736413078
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


----------



## sjpritch25 (Sep 8, 2005)

How is everything running??


----------



## gscookie (Aug 3, 2007)

Running S...L...O...W--- takes a few minutes to boot everything up. No IE connection yet either BUT No white screen and no pop ups


----------



## sjpritch25 (Sep 8, 2005)

This aren't necessary to startup. This may help with speed

Run HijackThis, and press "Do a System Scan Only". 
1. When the scan is complete place a check mark next to the following entries:
*
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
*
2. After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked." Then, reboot your computer...


----------



## gscookie (Aug 3, 2007)

Still booting up, an error message flashed during HJT that said to contact someone but i didn't catch it all...it took my computer 30 sec to turn off with an error flashed about scvhost.exe and 3.02 minutes to get to the user name screen


----------



## gscookie (Aug 3, 2007)

my sound is scratchy and slow too


----------



## gscookie (Aug 3, 2007)

another 3mins 20 secs to finish uploading all start up items.....


----------



## gscookie (Aug 3, 2007)

HJT log file
Logfile of HijackThis v1.99.1
Scan saved at 4:13:55 PM, on 1/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1167058518\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\common files\aol\1167058518\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Janis\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1167058518\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/v2.13/cab/aolpPlugins.10.6.0.8.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1198736413078
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


----------



## sjpritch25 (Sep 8, 2005)

How much memory is installed on the computer?


----------



## gscookie (Aug 3, 2007)

LOL, where do I find that? Hubby bought this as a gift last Christmas
I think it has 1 GB of RAM


----------



## gscookie (Aug 3, 2007)

I looked on systems properties and it say .99 GB of RAM


----------



## sjpritch25 (Sep 8, 2005)

There really is nothing else to remove from startup. Is boot up still slow??

Defrag may help speed things up.

http://support.microsoft.com/kb/314848


----------



## gscookie (Aug 3, 2007)

Yes it is still very slow. Will run defrag tomorrow. I left my power cord at work today and don't think the program will be finished before my battery runs out. My idle systems processes take up around 89 CPU...is that normal?

I just uninstalled Spywareblaster from my programs and it improved my log off speed significantly but not my boot up speed. There is spiking in my CPU usage with no applications running and I'm just looking at processes.


----------



## gscookie (Aug 3, 2007)

Defrag is complete. Computer is still running slow on boot up and there is a lag when starting new applications. Aol is still working. I have deleted programs I don't use often. Still can't get on internet using IE...and now am getting a Yahoo Messenger Error message and can only log on through AOL.

Can I get rid of some of the programs that were downloaded to clean the computer? (SmitFraudFix, Kapersky, etc.)


----------



## sjpritch25 (Sep 8, 2005)

What error do you receive trying to open IE7??


----------



## gscookie (Aug 3, 2007)

It's no longer opening IE-- I get "IE has encountered a problem and needs to close" box. I can't figure out how to copy the data report being sent to Microsoft.


----------



## sjpritch25 (Sep 8, 2005)

Does this look familiar ??

http://support.microsoft.com/kb/831432


----------



## gscookie (Aug 3, 2007)

Yes, it is popping up all over the place now when i try to start applications.


----------



## gscookie (Aug 3, 2007)

Is Lucoms~exe really a liveupdate function of Norton 360?


----------



## sjpritch25 (Sep 8, 2005)

> Is Lucoms~exe really a liveupdate function of Norton 360?


Correct.

Try this

On your Desktop
Right-Click on your *Internet Explorer* icon and select *Properties*. Internet Options should appear, click on *Advanced Tab* and click on *Reset*. Reboot your computer and let me know if IE is still not working properly. Thanks.


----------



## gscookie (Aug 3, 2007)

The computer started running slower again after performing this. I am now getting the same error that this whole problem started with..."IE cannot display the webpage"
http://support.microsoft.com/kb/926431/en-us
The CPU usage goes down when I run AOL....and spikes ocassionally


----------



## gscookie (Aug 3, 2007)

I ran a network diagnostics....
Internet Service 
Internet Explorer Web Proxy Not Configured 
Modems and Network Adapters 
+ Network Adapters FAILED 
+ [00000001] Realtek RTL8139/810x Family Fast Ethernet NIC 
Caption = [00000001] Realtek RTL8139/810x Family Fast Ethernet NIC 
DatabasePath = %SystemRoot%\System32\drivers\etc 
Description = Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport 
DHCPEnabled = TRUE 
DHCPLeaseExpires = 4:35:59 PM 8/11/2007 
DHCPLeaseObtained = 10:35:59 AM 8/11/2007 
DNSEnabledForWINSResolution = FALSE 
DNSHostName = acer-d3c08b49af 
DomainDNSRegistrationEnabled = FALSE 
FullDNSRegistrationEnabled = TRUE 
Index = 1 
IPConnectionMetric = 1 
IPEnabled = TRUE 
IPFilterSecurityEnabled = FALSE 
IPSecPermitIPProtocols = 0 
IPSecPermitTCPPorts = 0 
IPSecPermitUDPPorts = 0 
IPXEnabled = FALSE 
MACAddress = 00:16:36:64:0B:BD 
ServiceName = RTL8023xp 
SettingID = {EF5FD53B-67F8-477E-A124-86F630E02BFF} 
TcpipNetbiosOptions = 0 
TcpMaxDataRetransmissions = 5 
WINSEnableLMHostsLookup = TRUE 
+ [00000010] Intel(R) PRO/Wireless 3945ABG Network Connection (FAILED) 
Caption = [00000010] Intel(R) PRO/Wireless 3945ABG Network Connection 
DatabasePath = %SystemRoot%\System32\drivers\etc 
+ DefaultIPGateway = x (Same Subnet) (PASSED) 
Pinging x with 32 bytes of data:
Reply from x: bytes=32 time=50ms TTL=50
Reply from x: bytes=32 time=72ms TTL=72
Reply from x: bytes=32 time=1ms TTL=1
Reply from x: bytes=32 time=5ms TTL=5
Ping statistics for x:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss)
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 72ms, Average = 32ms
Description = Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport 
DHCPEnabled = TRUE 
DHCPLeaseExpires = 9:26:12 PM 1/21/2008 
DHCPLeaseObtained = 9:26:12 PM 1/20/2008 
+ DHCPServer = 192.168.1.254 (PASSED) 
Pinging x with 32 bytes of data:
Reply from x: bytes=32 time=34ms TTL=34
Reply from x: bytes=32 time=60ms TTL=60
Reply from x: bytes=32 time=65ms TTL=65
Reply from x: bytes=32 time=32ms TTL=32
Ping statistics for x:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss)
Approximate round trip times in milli-seconds:
Minimum = 32ms, Maximum = 65ms, Average = 47ms
DNSDomain = gateway.2wire.net 
DNSEnabledForWINSResolution = FALSE 
DNSHostName = acer-d3c08b49af 
+ DNSServerSearchOrder = x(PASSED) 
Pinging x with 32 bytes of data:
Reply from x: bytes=32 time=38ms TTL=38
Reply from x: bytes=32 time=25ms TTL=25
Reply from x: bytes=32 time=65ms TTL=65
Reply from x: bytes=32 time=65ms TTL=65
Ping statistics for x:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss)
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 65ms, Average = 48ms
DomainDNSRegistrationEnabled = FALSE 
FullDNSRegistrationEnabled = TRUE 
GatewayCostMetric = 25 
Index = 10 
+ IPAddress = x(FAILED) 
Pinging x with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for x:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)
IPConnectionMetric = 25 
IPEnabled = TRUE 
IPFilterSecurityEnabled = FALSE 
IPSecPermitIPProtocols = 0 
IPSecPermitTCPPorts = 0 
IPSecPermitUDPPorts = 0 
IPSubnet = x 
IPXEnabled = FALSE 
MACAddress = 00:13:02:BE:E0:3D 
ServiceName = w39n51 
SettingID = {} 
TcpipNetbiosOptions = 0 
TcpMaxDataRetransmissions = 5 
WINSEnableLMHostsLookup = TRUE

YM is working again for some reason...?!


----------



## gscookie (Aug 3, 2007)

Do I need the newer version of HJT? I'm using HJT v1.99.1. 
I removed Logitech webcam which was a new device added on 1/7/08.
Also, if I want to remove Norton 360 and install AVG Free, how should I go about this because I've read that it isn't an easy remove...


----------



## gscookie (Aug 3, 2007)

Here's the new HJT log with version 2.2...thought it would be easier to see what I've taken off this way...boot up and log off are still slow so the things I removed made little difference.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:27 AM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Common Files\AOL\1167058518\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
c:\program files\common files\aol\1167058518\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1167058518\ee\aolsoftware.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1167058518\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/v2.13/cab/aolpPlugins.10.6.0.8.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1198736413078
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11565 bytes

WHERE did this go??? O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll 
I looked back and yes it was there after you told me to reinstall it using backup (I still have the old HJT on my computer- I was afraid to remove it in case we needed something in it...)


----------



## sjpritch25 (Sep 8, 2005)

How do you get online?? Via a wireless /ethernet cable??


----------



## gscookie (Aug 3, 2007)

I get online with wifi on a dsl line using my aol program when on the acer laptop. Right now I am on our pc.


----------



## sjpritch25 (Sep 8, 2005)

Are you still not able to get online via the laptop??


----------



## gscookie (Aug 3, 2007)

I can get on but I'm using AOL Online 9.0 Security Edition SE (broadband setting)--- I still can't get my IE shortcut icon to log on.

I ran a SuperAntiSpyWare (took over 5 hours in normal mode)
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/21/2008 at 05:06 PM

Application Version : 3.9.1008

Core Rules Database Version : 3384
Trace Rules Database Version: 1378

Scan type : Complete Scan
Total Scan Time : 05:53:59

Memory items scanned : 670
Memory threats detected : 0
Registry items scanned : 6379
Registry threats detected : 0
File items scanned : 69725
File threats detected : 24

Adware.Tracking Cookie
C:\Documents and Settings\Janis\Cookies\[email protected][2].txt
C:\Documents and Settings\Janis\Cookies\[email protected][2].txt
C:\Documents and Settings\Janis\Cookies\[email protected][1].txt
C:\Documents and Settings\Janis\Cookies\[email protected][1].txt
C:\Documents and Settings\Janis\Cookies\[email protected][1].txt
C:\Documents and Settings\Janis\Cookies\[email protected][1].txt
C:\Documents and Settings\Janis\Cookies\[email protected][1].txt
C:\Documents and Settings\Janis\Cookies\[email protected][3].txt
C:\Documents and Settings\Janis\Cookies\[email protected][2].txt
C:\Documents and Settings\Janis\Cookies\[email protected][1].txt
C:\Documents and Settings\Janis\Cookies\[email protected][1].txt
C:\Documents and Settings\Janis\Cookies\[email protected][1].txt
C:\Documents and Settings\Janis\Cookies\[email protected][1].txt
C:\Documents and Settings\Janis\Cookies\[email protected][2].txt
C:\Documents and Settings\Janis\Cookies\[email protected][2].txt
C:\Documents and Settings\Janis\Cookies\[email protected][2].txt
C:\Documents and Settings\Janis\Cookies\[email protected][1].txt
C:\Documents and Settings\Janis\Cookies\[email protected][1].txt
C:\Documents and Settings\Janis\Cookies\[email protected][1].txt
C:\Documents and Settings\Janis\Cookies\[email protected][1].txt
C:\Documents and Settings\Janis\Cookies\[email protected][1].txt
C:\Documents and Settings\Janis\Cookies\[email protected][2].txt

Trojan.Adw-ENQVWKP
C:\SYSTEM VOLUME INFORMATION\_RESTORE{677A5165-3EAE-471A-A33E-41B8C3EB2721}\RP86\A0041307.DLL
C:\QOOBOX\QUARANTINE\C\WINDOWS\ENQVWKP.DLL.VIR

Can I deleted some of thes things from my desktop? (SmitFraudFix, ComboFix, SD Fix, SuperAntiSpyware after we are all done)-- I want to download AVG Free...do you have a link?


----------



## sjpritch25 (Sep 8, 2005)

Go to *Start* ---> *Run* ---> type ComboFix /u and press enter this will remove ComboFix.

You can delete the following folders

C:\SDFix


----------



## gscookie (Aug 3, 2007)

Done...what else can I delete from C:\ drive folders...i don't know what some of those things are. (see attached screen pic)


I get the same error that started this whole thing... Internet Explorer cannot open the webpage.


----------



## sjpritch25 (Sep 8, 2005)

Do you have a ethernet cable that you can plug into the laptop. I think you can get online, just not wirelessly. Please try that.


----------



## gscookie (Aug 3, 2007)

Do I have to do anything other than plug it into the back of my computer? I'm still getting the same error...


----------



## gscookie (Aug 3, 2007)

Okay, why is my CPU usage low running aol-- it must be doing something while it isn't running...4% vs 30%


----------



## gscookie (Aug 3, 2007)

Hi sjpritch25,
I may have figured out why the my start up is so slow...it could be a glitch due to the Windows firewall recently being turned off (as discussed in a thread in Operating Systems, "XP- Very Slow Start UP- Ideas Please?) http://support.microsoft.com/default.aspx?scid=kb;en-us;889320 ....but that still doesn't answer why I can't log onto IE with my WiFi anymore.

1) Should I reinstall the O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll ?
2) Is there any indication that the high CPU spikes could be due to a svchost worm?

Thanks for all your help with this. I'm not changing anything else until you reply because I know that can make fixing the problem(s) harder...


----------



## sjpritch25 (Sep 8, 2005)

Go to *Start[/b ---> Control Panel ---> Click on Network Connections ---> Let me know if your network adapter says limited/no connectivity. Also, make sure you have an ethernet cable plugged in. Thanks.*


----------



## gscookie (Aug 3, 2007)

Okay this is the connectivity with the cable plugged in (thumbnail 1)... I then disabled LAN and clicked IE and got the same error page and ran the diagnostic (thumbnail 2)


----------



## sjpritch25 (Sep 8, 2005)

Do you get the same message when you type in *www.google.com* ???


----------



## gscookie (Aug 3, 2007)

This is what I get when I type www.google.com on IE (but I'm on LAN--I can't get on eithernet with cable until hubby goes to work in 90 mins...)

Last diagnostic run time: 01/25/08 06:25:42 Network Adapter Diagnostic 
Network location detection

info Using home Internet connection 
info Redirecting user to support call

HTTP, HTTPS, FTP Diagnostic 
HTTP, HTTPS, FTP connectivity

warn FTP (Passive): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established 
info HTTP: Successfully connected to www.microsoft.com. 
warn HTTPS: Error 12037 connecting to www.passport.net: The date in the certificate is invalid or has expired 
info HTTPS: Successfully connected to www.microsoft.com. 
warn FTP (Active): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established 
error Could not make an FTP connection.


----------



## gscookie (Aug 3, 2007)

Okay, maybe I didn't understand what info you wanted when I'm plugged into the ethernet cable... it does not say limited or no connectivity.

Here is thumbnails of the connection....


----------



## gscookie (Aug 3, 2007)

Here are thumbnails of IE google trial and diagnostics while connected to ethernet cable...


----------



## sjpritch25 (Sep 8, 2005)

Looks to me like something not setup correctly with your router. Let me see if i can get someone more knowledgeable with hardware.


----------



## gscookie (Aug 3, 2007)

INTERNET EXPLORER CONNECTION ACTIVE AGAIN

Hi sjpritch25,
I was noticing that my Norton 360 kept turning itself off and went on the Norton website to get the product code so I could uninstall it (still might) and ended up chatting with a tech guy there.

Apparently there is a glitch/virus? (\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080118.007\NAVENG.SYS or NAVEX15.SYS) attached to Norton (regedit> NAVENG ImagePath, regedit> NAVEX15 ImagePath). We tried to manually reset the date from 20080118.007 to 20080125.007 but it didn't work. Once Norton was uninstalled, IE connection came back! I'm still having a slow boot up...may be a systems issue not related to malware


----------



## gscookie (Aug 3, 2007)

Okay the reinstalled Norton is still turning itself off for virus and spyware scanning...I'm uninstalling it and installing AVG Free


----------



## gscookie (Aug 3, 2007)

Hi sjpritch25,
Norton is removed and I can log onto the internet with AOL AND IE again. Somehow my Windows Firewall was turned off (I know I turned it on when I posted that Windows system problem that requires a hotfix from microsoft--I have the hotfix link but haven't run it yet) so I don't know what is going on with this dang computer. I have posted the latest HJT log and a thumbnail of what AGV Free found (is there a way to get a text of these AVG Free scan findings?)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:02:38 AM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\AOL\1167058518\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
c:\program files\common files\aol\1167058518\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1167058518\ee\aolsoftware.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1167058518\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/v2.13/cab/aolpPlugins.10.6.0.8.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1198736413078
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 9858 bytes


----------



## JohnWill (Oct 19, 2002)

I'm just joining this thread to help with the networking issue, so if I ask for information that's already been presented, please humor me. It's far too long for me to read the whole thing and try to digest it. 

Please supply the following info, *exact make and models* of the equipment please.

Name of your ISP (Internet Service Provider).
Make *and* exact model of the broadband modem.
Make *and* exact model of the router.
_Model numbers can usually be obtained from the label on the device._
Connection type, wired or wireless.
If wireless, encryption used, (none, WEP, WPA, or WPA2)
Make and model of your computer.
Version and patch level of Windows on all affected machines, i.e. XP-Home (or XP-Pro), SP1-SP2, Vista, etc.

Try these simple tests.

Hold the *Windows* key and press *R*, then type *CMD* to open a command prompt:

PING 216.109.112.135

PING yahoo.com

Right click in the command window and choose *Select All*, then hit *Enter*.
Paste the results in a message here.

If you are on a machine with no network connection, use a floppy, USB disk, or a CD-RW disk to transfer a text file with the information to allow pasting it here.

I'd also like to see this:

Hold the *Windows* key and press *R*, then type *CMD* to open a command prompt:

Type the following command:

*IPCONFIG /ALL*

Right click in the command window and choose *Select All*, then hit *Enter*.
Paste the results in a message here.

If you are on a machine with no network connection, use a floppy, USB disk, or a CD-RW disk to transfer a text file with the information to allow pasting it here.


----------



## gscookie (Aug 3, 2007)

Hi JohnWill,
Thanks for joining the thread. I can't get into the room that has all the router info (I was heading out for work and need to unlock the door) but I ran the tests you wanted.

I am on an Acer Aspire5600 running Windows XP Service pack 2 and am wireless on an at&t dsl system (not sure of the specifications but I think it's the basic speed)

Any help is greatly appreciated!


----------



## JohnWill (Oct 19, 2002)

Well, you have good network connectivity here, so this is not really a network issue. I assume the issue is you can't get browsers to connect?


----------



## gscookie (Aug 3, 2007)

Yeah, I'm pretty sure it was Norton 360 related...first i couldn't get on IE, but could use AOL--then we uninstalled Norton and I could get on both--reinstalled Norton and could get IE but not AOL--uninstalled Norton and installed AVG Free and can now get on IE and AOL....


----------



## JohnWill (Oct 19, 2002)

So, what's the current issue?


----------



## sjpritch25 (Sep 8, 2005)

gscookie,
Everything AVG found are in System Restore, we will remove those later. How is everything running??


----------



## sjpritch25 (Sep 8, 2005)

Thanks again John


----------



## gscookie (Aug 3, 2007)

Once I am fully booted up and everything is loaded (takes about 6.5 mins for everything to load up to the Acer tool bar) the computer is running much better. 
CPU is low (in the teens when not connected to the internet, and under 10% for the most part when connected to the internet). The sound is still scratchy but the original problems (no IE connection, nasty porn pop ups and the screenshot virus) all appear to be gone. 
I do get svchost.exe errors on start up and shut down if I log off from my personal settings and not the user log in page... AND the slow boot up time---is there something that could be turning my Window's Firewall off? And should I run the hotfix since it was turned off?


----------



## JohnWill (Oct 19, 2002)

I'm tossing the ball back over the net to the security folks, I think the networking issues are solved.


----------



## gscookie (Aug 3, 2007)

Thanks John!!


----------



## sjpritch25 (Sep 8, 2005)

Lets see what we can clean up. Post a fresh Hijackthis log.


----------



## gscookie (Aug 3, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:40:20 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\AOL\1167058518\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
c:\program files\common files\aol\1167058518\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1167058518\ee\aolsoftware.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1167058518\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/v2.13/cab/aolpPlugins.10.6.0.8.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1198736413078
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 9577 bytes


----------



## sjpritch25 (Sep 8, 2005)

I will leave these up to you

fix these in Hijackthis if you like

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe Info *Here*[/url

O4 - HKLM\..\Run: [LaunchApp] Alaunch [url=http://www.bleepingcomputer.com/startups/LaunchApp-2485.html]Info *Here*

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE Info *here*

Download *speedup.zip* to your Desktop, Extract/Unzip speedup.reg to your Desktop. Double-Click on speedup.reg and allow it to be merged into Windows Registry.

Reboot your Computer

Let me know how everything is running.


----------



## gscookie (Aug 3, 2007)

Removed the 3 suggested above and ran speedup program...log off was faster but no appreciable difference in boot up (still running over 6 minutes: about 2.5 to user log in and over 4 to Acer E toolbar)...does the following still need to reinstalled?
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

Latest HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:47 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\AOL\1167058518\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
c:\program files\common files\aol\1167058518\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1167058518\ee\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1167058518\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/v2.13/cab/aolpPlugins.10.6.0.8.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1198736413078
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 9077 bytes


----------



## sjpritch25 (Sep 8, 2005)

Yes you still need to restore that. You could try and defrag your computer.


----------



## gscookie (Aug 3, 2007)

I looked in the old HJT program and O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll was not in there to be restored. I'll need some instruction on restoring it.

I defragmented the C drive, ran the Microsoft hotfix (it didn't help speed boot up), and installed Google toolbar because I use it at work and home for my bookmarks... Here's the latest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:29 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\AOL\1167058518\ee\aolsoftware.exe
c:\program files\common files\aol\1167058518\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1167058518\ee\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1167058518\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/v2.13/cab/aolpPlugins.10.6.0.8.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1198736413078
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 9911 bytes


----------



## sjpritch25 (Sep 8, 2005)

Refer back to post #16


----------



## gscookie (Aug 3, 2007)

I know I restored it when you instructed me to... it isn't in the HJT backup files.


----------



## sjpritch25 (Sep 8, 2005)

Okay, its been restored.


----------



## gscookie (Aug 3, 2007)

LOL, then why doesn't it show up? LOL

Anyway, what is there left to do?? Is my boot up problem a systems issue?


----------



## sjpritch25 (Sep 8, 2005)

not sure either.


----------



## JohnWill (Oct 19, 2002)

There's a couple of things to try here.


Boot up in safe mode, see how long that takes. If it's much shorter (typically it takes more time), then it's something that's starting in normal mode that is the issue.

Using MSCONFIG, disable groups of startup applications until you get a faster boot, try to narrow it down that way.

Also using MSCONFIG, enable the /BOOTLOG switch, boot in normal mode and post it here. Maybe we can see something that is causing the delay.


----------



## gscookie (Aug 3, 2007)

It takes under 2 minutes to boot up in safe mode without networking.

I know I ran a bootup log earlier on my computer (but didn't post it) and I can't remember how to do it again...LOL

Will return this afternoon and try to narrow down what is causing the slow down.

Thanks so much for your help you guys!


----------



## JohnWill (Oct 19, 2002)

Let us know how you make out. I normally disable stuff in groups to narrow it down a bit, then when a group shows promise, I add them back in with smaller increments. It all depends on how much startup stuff you have how long this process will take.


----------



## gscookie (Aug 3, 2007)

Okay, I'm not sure this is what you wanted but here is a start up list generated using HJT...

StartupList report, 1/27/2008, 3:18:18 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16574)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\AOL\1167058518\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
c:\program files\common files\aol\1167058518\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1167058518\ee\aolsoftware.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Janis\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Acer Empowering Technology.lnk = ?
Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

AGRSMMSG = AGRSMMSG.exe
RTHDCPL = RTHDCPL.EXE
SynTPLpr = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
eDataSecurity Loader = C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
Acer ePresentation HPD = C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
igfxtray = C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd = C:\WINDOWS\system32\hkcmd.exe
igfxpers = C:\WINDOWS\system32\igfxpers.exe
ePower_DMC = C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
Boot = C:\Acer\Empowering Technology\ePower\Boot.exe
eRecoveryService = C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
ImageItEncrypt = C:\WINDOWS\system32\ImageItEncrypt.exe
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
HostManager = C:\Program Files\Common Files\AOL\1167058518\ee\AOLSoftware.exe
AOLDialer = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
SUPERAntiSpyware = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[KB910393] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{407408d4-94ed-4d86-ab69-a7f649d112ee}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

Part 2 to follow....


----------



## gscookie (Aug 3, 2007)

Part 2 of HJT startup log text

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Yahoo!\Common\yiesrvc.dll - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
(no name) - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

[AOL Pictures Uploader Class]
InProcServer32 = C:\Program Files\AOL Pictures\10_6_0_8a\aolpUploader.dll
CODEBASE = http://o.aolcdn.com/pictures/ap/Resources/v2.13/cab/aolpPlugins.10.6.0.8.cab

[Installation Support]
InProcServer32 = C:\Program Files\Yahoo!\Common\Yinsthelper.dll
CODEBASE = C:\Program Files\Yahoo!\Common\Yinsthelper.dll

[Snapfish Activia]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.ocx
CODEBASE = http://www.costcophotocenter.com/CostcoActivia.cab

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1198736413078

[Java Plug-in 1.6.0_03]
InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

[Java Plug-in 1.5.0_10]
InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

[Java Plug-in 1.5.0_11]
InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

[Java Plug-in 1.6.0_02]
InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

[Java Plug-in 1.6.0_03]
InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

[Java Plug-in 1.6.0_03]
InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

abp480n5: system32\DRIVERS\ABP480N5.SYS (system)
Memory Check Service: C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (autostart)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Microsoft Embedded Controller Driver: system32\DRIVERS\ACPIEC.sys (system)
adpu160m: system32\DRIVERS\adpu160m.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AEGIS Protocol (IEEE 802.1x) v3.4.9.0: system32\DRIVERS\AegisP.sys (autostart)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Agere Systems Soft Modem: system32\DRIVERS\AGRSM.sys (manual start)
Intel AGP Bus Filter: system32\DRIVERS\agp440.sys (system)
Compaq AGP Bus Filter: system32\DRIVERS\agpCPQ.sys (system)
Aha154x: system32\DRIVERS\aha154x.sys (system)
aic78u2: system32\DRIVERS\aic78u2.sys (system)
aic78xx: system32\DRIVERS\aic78xx.sys (system)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: system32\DRIVERS\aliide.sys (system)
ALI AGP Bus Filter: system32\DRIVERS\alim1541.sys (system)
AMD AGP Bus Filter Driver: system32\DRIVERS\amdagp.sys (system)
amsint: system32\DRIVERS\amsint.sys (system)
AOL Connectivity Service: "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" (autostart)
AOL TopSpeed Monitor: C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (autostart)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
asc: system32\DRIVERS\asc.sys (system)
asc3350p: system32\DRIVERS\asc3350p.sys (system)
asc3550: system32\DRIVERS\asc3550.sys (system)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (autostart)
AVG7 Clean Driver: \SystemRoot\System32\Drivers\avgclean.sys (system)
Broadcom 802.11 Network Adapter Driver: system32\DRIVERS\bcmwl5.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
catchme: \??\C:\DOCUME~1\Janis\LOCALS~1\Temp\catchme.sys (manual start)
cbidf: system32\DRIVERS\cbidf2k.sys (system)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
cd20xrnt: system32\DRIVERS\cd20xrnt.sys (system)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
Microsoft ACPI Control Method Battery Driver: system32\DRIVERS\CmBatt.sys (manual start)
CmdIde: system32\DRIVERS\cmdide.sys (system)
Microsoft Composite Battery Driver: system32\DRIVERS\compbatt.sys (system)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: system32\DRIVERS\cpqarray.sys (system)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
dac2w2k: system32\DRIVERS\dac2w2k.sys (system)
dac960nt: system32\DRIVERS\dac960nt.sys (system)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Dritek Keyboard Filter Driver: system32\DRIVERS\DKbFltr.sys (manual start)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
dpti2o: system32\DRIVERS\dpti2o.sys (system)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Media Center Receiver Service: C:\WINDOWS\eHome\ehRecvr.exe (autostart)
Media Center Scheduler Service: C:\WINDOWS\eHome\ehSched.exe (autostart)
Acer EPM Power Scheme Driver: \??\C:\WINDOWS\system32\drivers\epm-psd.sys (autostart)
Acer EPM System Hardware Driver: \??\C:\WINDOWS\system32\drivers\epm-shd.sys (autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Intel(R) PROSet/Wireless Event Log: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Google Updater Service: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (autostart)
Microsoft UAA Bus Driver for High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
hpn: system32\DRIVERS\hpn.sys (system)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i2omp: system32\DRIVERS\i2omp.sys (system)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
ialm: system32\DRIVERS\ialmnt5.sys (manual start)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
ini910u: system32\DRIVERS\ini910u.sys (system)
int15: \??\C:\WINDOWS\system32\drivers\int15.sys (autostart)
Service for Realtek HD Audio (WDM): system32\drivers\RtkHDAud.sys (manual start)
IntelIde: system32\DRIVERS\intelide.sys (system)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
LightScribeService Direct Disc Labeling Service: "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Logitech USB Monitor Filter: system32\drivers\LVUSBSta.sys (manual start)
Media Center Extender Service: C:\WINDOWS\ehome\mcrdsvc.exe (autostart)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
MHN: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
MHN driver: system32\DRIVERS\mhndrv.sys (manual start)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
mraid35x: system32\DRIVERS\mraid35x.sys (system)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Windows Installer: %systemroot%\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Upper Class Filter Driver: system32\DRIVERS\NTIDrvr.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
Pcmcia: system32\DRIVERS\pcmcia.sys (system)
Volume Adapter: system32\DRIVERS\lv302af.sys (manual start)
perc2: system32\DRIVERS\perc2.sys (system)
perc2hib: system32\DRIVERS\perc2hib.sys (system)
Padus ASPI Shell: \??\C:\WINDOWS\system32\drivers\pfc.sys (manual start)
Logitech QuickCam IM(PID_PEPI): system32\DRIVERS\LV302V32.SYS (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
psdfilter: \??\C:\WINDOWS\system32\Drivers\psdfilter.sys (manual start)
psdvdisk: \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
ql1080: system32\DRIVERS\ql1080.sys (system)
Ql10wnt: system32\DRIVERS\ql10wnt.sys (system)
ql12160: system32\DRIVERS\ql12160.sys (system)
ql1240: system32\DRIVERS\ql1240.sys (system)
ql1280: system32\DRIVERS\ql1280.sys (system)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Intel(R) PROSet/Wireless Registry Service: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (autostart)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Packet Capture Protocol v.0 (experimental): "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Realtek 10/100/1000 NIC Family all in one NDIS XP Driver: system32\DRIVERS\Rtnicxp.sys (manual start)
Intel(R) PROSet/Wireless Service: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (autostart)
WLAN Transport: system32\DRIVERS\s24trans.sys (autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SASDIFSV: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (system)
SASENUM: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (manual start)
SASKUTIL: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (system)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
sdbus: system32\DRIVERS\sdbus.sys (manual start)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: system32\DRIVERS\sisagp.sys (system)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
Sparrow: system32\DRIVERS\sparrow.sys (system)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{3D910655-96E2-40DB-8F84-44C9196577C5} (manual start)
symc810: system32\DRIVERS\symc810.sys (system)
symc8xx: system32\DRIVERS\symc8xx.sys (system)
symlcbrd: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys (autostart)
sym_hi: system32\DRIVERS\sym_hi.sys (system)
sym_u3: system32\DRIVERS\sym_u3.sys (system)
Synaptics TouchPad Driver: system32\DRIVERS\SynTP.sys (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
tifm21: system32\drivers\tifm21.sys (manual start)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)
TosIde: system32\DRIVERS\toside.sys (system)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
tvicport: \??\C:\WINDOWS\system32\drivers\tvicport.sys (autostart)
ultra: system32\DRIVERS\ultra.sys (system)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: system32\DRIVERS\viaagp.sys (system)
ViaIde: system32\DRIVERS\viaide.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Intel(R) PRO/Wireless 3945ABG Adapter Driver: system32\DRIVERS\w39n51.sys (manual start)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
WAN Miniport (ATW): system32\DRIVERS\wanatw4.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Windows Management Interface for ACPI: system32\DRIVERS\wmiacpi.sys (system)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Windows Media Player Network Sharing Service: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (manual start)
WpdUsb: System32\Drivers\wpdusb.sys (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (system)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
zntport: \??\C:\WINDOWS\system32\drivers\zntport.sys (autostart)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 41,717 bytes
Report generated in 0.453 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## JohnWill (Oct 19, 2002)

You need to follow the process I outlined by disabling groups of items in MSCONFIG to narrow down the list of suspects. It's going to be difficult for us to go through that big list and identify them.


----------



## gscookie (Aug 3, 2007)

Please, I need step by step instructions to get a bootlog text-- everything I tried has been unsucessful.

Disabling AOL dialer, AOL software and Superantispyware from start up shaved off about 90 seconds from my boot up time...


----------



## JohnWill (Oct 19, 2002)

http://articles.techrepublic.com.com/5100-22_11-5184301.html


----------



## gscookie (Aug 3, 2007)

Here is the bootlog of the normal setting on my computer (nothing disabled)

Service Pack 2 1 28 2008 15:46:12.375
Loaded driver \WINDOWS\system32\ntkrnlpa.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver ACPI.sys
Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver compbatt.sys
Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS
Loaded driver pciide.sys
Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Loaded driver aliide.sys
Loaded driver intelide.sys
Loaded driver toside.sys
Loaded driver viaide.sys
Loaded driver cmdide.sys
Loaded driver pcmcia.sys
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver dmload.sys
Loaded driver dmio.sys
Loaded driver ACPIEC.sys
Loaded driver \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Loaded driver PartMgr.sys
Loaded driver UBHelper.sys
Loaded driver VolSnap.sys
Loaded driver cpqarray.sys
Loaded driver \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Loaded driver atapi.sys
Loaded driver aha154x.sys
Loaded driver sparrow.sys
Loaded driver symc810.sys
Loaded driver aic78xx.sys
Loaded driver dac960nt.sys
Loaded driver ql10wnt.sys
Loaded driver amsint.sys
Loaded driver asc.sys
Loaded driver asc3550.sys
Loaded driver mraid35x.sys
Loaded driver i2omp.sys
Loaded driver ini910u.sys
Loaded driver ql1240.sys
Loaded driver aic78u2.sys
Loaded driver symc8xx.sys
Loaded driver sym_hi.sys
Loaded driver sym_u3.sys
Loaded driver ABP480N5.SYS
Loaded driver asc3350p.sys
Loaded driver cd20xrnt.sys
Loaded driver ultra.sys
Loaded driver adpu160m.sys
Loaded driver dpti2o.sys
Loaded driver ql1080.sys
Loaded driver ql1280.sys
Loaded driver ql12160.sys
Loaded driver perc2.sys
Loaded driver perc2hib.sys
Loaded driver hpn.sys
Loaded driver cbidf2k.sys
Loaded driver dac2w2k.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Loaded driver fltMgr.sys
Loaded driver sr.sys
Loaded driver PxHelp20.sys
Loaded driver Fastfat.sys
Loaded driver KSecDD.sys
Loaded driver WudfPf.sys
Loaded driver NDIS.sys
Loaded driver sisagp.sys
Loaded driver viaagp.sys
Loaded driver Mup.sys
Loaded driver alim1541.sys
Loaded driver amdagp.sys
Loaded driver agp440.sys
Loaded driver agpCPQ.sys
Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\system32\DRIVERS\ialmnt5.sys
Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\w39n51.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\Rtnicxp.sys
Loaded driver \SystemRoot\system32\drivers\tifm21.sys
Loaded driver \SystemRoot\system32\DRIVERS\sdbus.sys
Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\system32\DRIVERS\DKbFltr.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\SynTP.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\pfc.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\system32\DRIVERS\NTIDrvr.sys
Loaded driver \SystemRoot\System32\Drivers\GEARAspiWDM.sys
Loaded driver \SystemRoot\system32\DRIVERS\CmBatt.sys
Loaded driver \SystemRoot\system32\DRIVERS\wmiacpi.sys
Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\system32\DRIVERS\psched.sys
Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanatw4.sys
Loaded driver \SystemRoot\system32\DRIVERS\rdpdr.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\update.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\drivers\RtkHDAud.sys
Loaded driver \SystemRoot\system32\DRIVERS\AGRSM.sys
Loaded driver \SystemRoot\System32\Drivers\Modem.SYS
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Fdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Flpydisk.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Loaded driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\Drivers\avgclean.sys
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \SystemRoot\System32\Drivers\avg7core.sys
Loaded driver \SystemRoot\System32\Drivers\avg7rsw.sys
Loaded driver Fastfat.SYS
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\System32\Drivers\avg7rsxp.sys
Loaded driver \SystemRoot\system32\DRIVERS\AegisP.sys
Loaded driver \SystemRoot\system32\DRIVERS\s24trans.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys
Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys
Did not load driver \SystemRoot\System32\Drivers\Serial.SYS
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Loaded driver \SystemRoot\System32\Drivers\ASCTRM.SYS
Loaded driver \??\C:\WINDOWS\system32\drivers\epm-psd.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\epm-shd.sys
Loaded driver \SystemRoot\System32\Drivers\HTTP.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\int15.sys
Loaded driver \SystemRoot\system32\DRIVERS\srv.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\tvicport.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\zntport.sys
Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys


----------



## JohnWill (Oct 19, 2002)

Nothing leaps out at me as being suspicious. Did you try to narrow down the offending file?


----------



## gscookie (Aug 3, 2007)

I think the AOL files are bogging down my system. 
When I disable them at start up in the msconfig box, every time I boot up, the computer says I am in diagnostic mode and refers me back to the msconfig box... how do I disable them at start up without being referred back to systems configurations everytime? Superantispyware doesn't need to load at start up either since it isn't the Professional edition and only scans on demand....


----------



## JohnWill (Oct 19, 2002)

When MSCONFIG comes up, you can tell it you don't want it to run every time, even though you have disabled something. You can configure Superantispyware not to load on startup, that's how I run it.


----------



## gscookie (Aug 3, 2007)

Okay I did both those things.... The computer is running fine once it's booted up-- just takes about 5-6 minutes to do that.

I have a question-- the original infections came on my daughter's settings of Windows. I just logged onto her user page and am getting an error page. Should that be happening? Do I need to run scans on this user setting too?!

The error box says:Window Internet Explorer
RED CIRCLE WITH X- Cannot find file:///C:\\WINDOWS\\privacy_danger\\index.htm. Make sure the path or Internet address is correct.
And the background screen is all white....


----------



## gscookie (Aug 3, 2007)

Maybe this is why the computer is still running slow-- dang kids!

This is on the user page that got the original infections--she didn't tell me about them and started using my settings. I didn't think that her settings weren't being scanned while I was fixing things on the computer.

Here's the HJT log--what should we use to clean this up?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:07 PM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-985681610-1787833304-4194397614-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Janis')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/v2.13/cab/aolpPlugins.10.6.0.8.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1198736413078
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9786 bytes


----------



## gscookie (Aug 3, 2007)

Okay after doing a search on the privacy_danger error, bleepingcomputers techs suggested running a SmitFraud scan and then a SmitFraud clean. Here they are:

SmitFraudFix v2.274

Scan done at 21:39:14.80, Mon 01/28/2008
Run from C:\Documents and Settings\Mikayla\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\AOL\1167058518\ee\aolsoftware.exe
c:\program files\common files\aol\1167058518\ee\aolsoftware.exe
c:\program files\common files\aol\1167058518\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mikayla

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mikayla\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MIKAYLA\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4242A0FC-184B-47BA-8349-DC0FD5B5F24A}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4242A0FC-184B-47BA-8349-DC0FD5B5F24A}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4242A0FC-184B-47BA-8349-DC0FD5B5F24A}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4242A0FC-184B-47BA-8349-DC0FD5B5F24A}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

SmitFraudFix v2.274

Scan done at 21:48:55.54, Mon 01/28/2008
Run from C:\Documents and Settings\Mikayla\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4242A0FC-184B-47BA-8349-DC0FD5B5F24A}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4242A0FC-184B-47BA-8349-DC0FD5B5F24A}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4242A0FC-184B-47BA-8349-DC0FD5B5F24A}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4242A0FC-184B-47BA-8349-DC0FD5B5F24A}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

And the HJT log after SmitFraud clean... think the R3 URLSearchHook needs to go? (just a guess...)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:31 PM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/v2.13/cab/aolpPlugins.10.6.0.8.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1198736413078
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 9044 bytes

The whitebackground is gone and so is the error pop up...


----------



## sjpritch25 (Sep 8, 2005)

Right-Click on your *Desktop*, Click on *Properties*, Click on *Desktop*, Click on *Customize*, Click *Web* Tab, Look for the following *Privacy Protection* and click on *Remove*. Click on *Apply*, then *Ok* to exit. Reboot your computer.

How is everything running???


----------



## gscookie (Aug 3, 2007)

There is no Privacy Protection showing in the Web tab section (it is clear on both user desktops.)

Once the computer is booted up (5-6 mins), it is running great! Boot up is taking over 2 minutes to the Windows user log in page (the Windows splash screen runs for about a 110 secs and the black screen following it for 24 secs). The sound is scratchy on boot up at the loading personal settings window... I ran a check disk (no errors found), disk clean up, defrag, virus and spyware scans--have not done a cc clean or registry clean up though.


----------



## JohnWill (Oct 19, 2002)

If you don't have the Privacy tab, something is still very wrong.


----------



## gscookie (Aug 3, 2007)

Am I supposed to be on the desktop properties or the IE properties?


----------



## JohnWill (Oct 19, 2002)

Duh, I was in the clouds and thought we were talking about IE!  Never mind.


----------



## gscookie (Aug 3, 2007)

No worries-- I thought I probably checked the wrong thing...

I've removed AOL software from my computer since our paid service expired a few days ago. I have a question about antispyware programs--should they be running all the time or on demand? If on demand, how often should you schedule scans?


----------



## JohnWill (Oct 19, 2002)

You can run them either way. I happen to run mine on demand, since I don't have a big problem with spyware.


----------



## gscookie (Aug 3, 2007)

Do you use a program that prevents it from loadings on your computer? Do you recommend Spywareblaster or Spywareguard?


----------



## sjpritch25 (Sep 8, 2005)

I would install one pro-Active, like Windows Defender, and another On Demand.


----------



## sjpritch25 (Sep 8, 2005)

If you already have one Pro-Active Anti-Spyware application, SpywareBlaster will be fine.


----------



## gscookie (Aug 3, 2007)

I only have Superantispyware (on demand) on my computer since norton 360 is removed.


----------



## gscookie (Aug 3, 2007)

Do I need to run any more fixes or scans on my daughter's user registry? That was where the initial infections were downloaded...


----------



## gscookie (Aug 3, 2007)

I was researching Trojan Downloader Zlob (in the AVG Free vault) and decided to give AVG Anti-Spyware a try... it found Fizzlebar. I'm posting the AVG Anti-Spyware report and my latest HJT log from my daughter's registry will follow-

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:	12:50:09 AM 1/31/2008

+ Scan result:

HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject -> Adware.FizzleBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject.1 -> Adware.FizzleBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject\CLSID -> Adware.FizzleBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject\CurVer -> Adware.FizzleBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Janis\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mikayla\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mikayla\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mikayla\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mikayla\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Mikayla\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Janis\Cookies\[email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Janis\Cookies\[email protected][2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Janis\Cookies\[email protected][2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Mikayla\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Janis\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Mikayla\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Janis\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Mikayla\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Janis\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.219:C:\Documents and Settings\Janis\Application Data\Mozilla\Firefox\Profiles\i8bbna86.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Janis\Cookies\[email protected]eclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Mikayla\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Janis\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Mikayla\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.179:C:\Documents and Settings\Janis\Application Data\Mozilla\Firefox\Profiles\i8bbna86.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.235:C:\Documents and Settings\Mikayla\Application Data\Mozilla\Firefox\Profiles\uc2l1pi3.default\cookies.txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Janis\Cookies\[email protected][2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Mikayla\Cookies\[email protected][2].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.115:C:\Documents and Settings\Mikayla\Application Data\Mozilla\Firefox\Profiles\uc2l1pi3.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.116:C:\Documents and Settings\Mikayla\Application Data\Mozilla\Firefox\Profiles\uc2l1pi3.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.117:C:\Documents and Settings\Mikayla\Application Data\Mozilla\Firefox\Profiles\uc2l1pi3.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Janis\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Mikayla\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Janis\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Mikayla\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.56:C:\Documents and Settings\Mikayla\Application Data\Mozilla\Firefox\Profiles\uc2l1pi3.default\cookies.txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Janis\Cookies\[email protected][1].txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.82:C:\Documents and Settings\Janis\Application Data\Mozilla\Firefox\Profiles\i8bbna86.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.83:C:\Documents and Settings\Janis\Application Data\Mozilla\Firefox\Profiles\i8bbna86.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.84:C:\Documents and Settings\Janis\Application Data\Mozilla\Firefox\Profiles\i8bbna86.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.85:C:\Documents and Settings\Janis\Application Data\Mozilla\Firefox\Profiles\i8bbna86.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Janis\Cookies\[email protected][1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Mikayla\Cookies\[email protected][1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Janis\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Mikayla\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Mikayla\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Mikayla\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.90:C:\Documents and Settings\Janis\Application Data\Mozilla\Firefox\Profiles\i8bbna86.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.91:C:\Documents and Settings\Janis\Application Data\Mozilla\Firefox\Profiles\i8bbna86.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.92:C:\Documents and Settings\Janis\Application Data\Mozilla\Firefox\Profiles\i8bbna86.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.93:C:\Documents and Settings\Janis\Application Data\Mozilla\Firefox\Profiles\i8bbna86.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Janis\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Mikayla\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Janis\Cookies\[email protected][2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Mikayla\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Janis\Cookies\[email protected][1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Janis\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Mikayla\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.

::Report end


----------



## gscookie (Aug 3, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:44 AM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Documents and Settings\Mikayla\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)< what is this for?
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML< why is this still showing up?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/v2.13/cab/aolpPlugins.10.6.0.8.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1198736413078
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe


----------



## sjpritch25 (Sep 8, 2005)

Typical

Run HijackThis, and press "Do a System Scan Only". 
1. When the scan is complete place a check mark next to the following entries:
*
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
*
2. After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked." Then, reboot your computer...

The other line is related to Yahoo, but if you uninstalled it. You can remove that too.


----------



## gscookie (Aug 3, 2007)

Latest HJT of daughter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:53 AM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Mikayla\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/v2.13/cab/aolpPlugins.10.6.0.8.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1198736413078
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Mikayla\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 8821 bytes


----------



## sjpritch25 (Sep 8, 2005)

Log is clean!!!! :up:


----------



## gscookie (Aug 3, 2007)

Yay!! How about this one?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:23 AM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Mikayla\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/v2.13/cab/aolpPlugins.10.6.0.8.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1198736413078
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Mikayla\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 8465 bytes


----------



## gscookie (Aug 3, 2007)

John,
I was working on the "clean boot" tests and realized that my biggest issue is that it takes so long for the system to boot up before we even get to the Window's user log in screen (and start loading personal preferences.) No matter what I change in terms of start up on the start up or services tabs, it still takes around 2 mins and 10 sec to get to the User log in screen... is that normal?

Thanks for your help with this matter!


----------



## sjpritch25 (Sep 8, 2005)

How old is this computer??


----------



## gscookie (Aug 3, 2007)

13 months--got it for Xmas in 2006


----------



## sjpritch25 (Sep 8, 2005)

Unless John can think of anything else, i don't know what would increase the speed. Other than a re-install of Windows.


----------



## gscookie (Aug 3, 2007)

So now that it's clean, I can back up my files, etc., in case it needs to be reloaded if we have to re-install Windows? I was reading the intermediate clean up tasks and I wasn't sure about CCleaner for disk or registry clean up (http://computercleanup.blogspot.com/2006/11/cleanup-startup-programs.html)....


----------



## JohnWill (Oct 19, 2002)

Well, if you plan on using CCleaner, I'd do a full backup first.  Truthfully, probably 99 times out of 100, it works fine and does not cause an issue. It's that 1% of the time that something ugly happens.


----------



## gscookie (Aug 3, 2007)

Okay, I ran CCleaner and everything still works. Boot up is still the same but I got rid of all those AOL and Symantic leftovers that were left after the uninstall of the main programs. Do I need to run it on all the Windows Users, ie, my 2 daughters' desktops?


----------

