• Announcements

    • Andrew Browne

      Support for other products than adaware, ad block and Web Companion

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock


      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/

Sign in to follow this  
Followers 0
teiko

problem with pop-ups

19 posts in this topic

hello i m a new computer user and

i have a problem with pop-ups in internet explorer, it started to happen when i(without knowing what i was doing) downloaded netpumper

since then things have been poping up and suggestions come on my screen saying like i have a punch of bad viruses in my computer and if you come to our webpage well fix everything.

also i have downloaded a punch of different programs what all find different things for example spybot finds a thing with a name Swizzor and threat is said to be Trojan i have fixed it since then because it always reappears

also a program called spyware doctor shows a lot of infections by netpumper

in some time i saw a very large cpu usage by IE so i started to use mozilla and i tried to uninstall IE but that didnt work(update thing etc) today i managed to get it off from processes cant remember used some kind of program suggested in here in the forums

i have no idea what really is wrong with my computer though it might seem now that things have gone better i dont want to trust it

it would be really nice if you could help me

 

thank you

Share this post


Link to post
Share on other sites

Hi teiko,

 

You seem to be in a bunch of trouble - however, do not try and un-load Internet Explorer, as it is a core part of Windows and is needed for Windows Updates (Security patches etc).

 

In order for the log-reading malware experts to assist you, please post scan-logs from both Ad-Aware and a program called HijackThis.

 

Log-posting instructions are included in my post in this thread: Infected ??, found this

 

Please also notice my comment in that post on likely delays - thanks :)

 

Regards,

 

Spike

Share this post


Link to post
Share on other sites

ok heres adware log i hope its the right one

 

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:13. november 2006. a. 17:48:52

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R131 09-11-2006

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MRU List(TAC index:0):13 total references

Tracking Cookie(TAC index:3):4 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Search for low-risk threats

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

13.11.2006 17:48:52 - Scan started. (Full System Scan)

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\David\recent

Description : list of recently opened documents

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2031124185-3924086925-184831875-1006\software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2031124185-3924086925-184831875-1006\software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2031124185-3924086925-184831875-1006\software\microsoft\search assistant\acmru

Description : list of recent search terms used with the search assistant

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2031124185-3924086925-184831875-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2031124185-3924086925-184831875-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2031124185-3924086925-184831875-1006\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2031124185-3924086925-184831875-1006\software\microsoft\windows\currentversion\explorer\runmru

Description : mru list for items opened in start | run

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2031124185-3924086925-184831875-1006\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2031124185-3924086925-184831875-1006\software\winrar\dialogedithistory\extrpath

Description : winrar "extract-to" history

 

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 752

ThreadCreationTime : 13.11.2006 17:46:58

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 800

ThreadCreationTime : 13.11.2006 17:47:00

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 824

ThreadCreationTime : 13.11.2006 17:47:01

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 868

ThreadCreationTime : 13.11.2006 17:47:02

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 880

ThreadCreationTime : 13.11.2006 17:47:02

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1024

ThreadCreationTime : 13.11.2006 17:47:02

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1108

ThreadCreationTime : 13.11.2006 17:47:03

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1144

ThreadCreationTime : 13.11.2006 17:47:03

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [szserver.exe]

FilePath : C:\Program Files\Common Files\iS3\Anti-Spyware\

ProcessID : 1180

ThreadCreationTime : 13.11.2006 17:47:03

BasePriority : Normal

FileVersion : 4.4.4.14

ProductVersion : 4, 4, 0, 0

ProductName : SZServer Application

FileDescription : STOPzilla Service

InternalName : SZServer

LegalCopyright : Copyright © 2004

OriginalFilename : SZServer.EXE

 

#:10 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1444

ThreadCreationTime : 13.11.2006 17:47:10

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1476

ThreadCreationTime : 13.11.2006 17:47:10

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:12 [lexbces.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1716

ThreadCreationTime : 13.11.2006 17:47:10

BasePriority : Normal

FileVersion : 9.37

ProductVersion : 9.37

ProductName : MarkVision for Windows (32 bit)

CompanyName : Lexmark International, Inc.

FileDescription : LexBce Service

InternalName : LexBce Service

LegalCopyright : © 1993 - 2003 Lexmark International, Inc.

OriginalFilename : LexBceS.exe

 

#:13 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1740

ThreadCreationTime : 13.11.2006 17:47:10

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:14 [lexpps.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1748

ThreadCreationTime : 13.11.2006 17:47:10

BasePriority : Normal

FileVersion : 9.37

ProductVersion : 9.37

ProductName : MarkVision for Windows (32 bit)

CompanyName : Lexmark International, Inc.

FileDescription : LEXPPS.EXE

InternalName : LEXPPS

LegalCopyright : © 1993 - 2003 Lexmark International, Inc.

OriginalFilename : LEXPPS.EXE

Comments : MarkVision for Windows '95 New P2P Server (32-bit)

 

#:15 [aluschedulersvc.exe]

FilePath : C:\Program Files\Symantec\LiveUpdate\

ProcessID : 1900

ThreadCreationTime : 13.11.2006 17:47:11

BasePriority : Normal

FileVersion : 3.0.0.154

ProductVersion : 3.0.0.154

ProductName : LiveUpdate

CompanyName : Symantec Corporation

FileDescription : Automatic LiveUpdate Scheduler Service

InternalName : Automatic LiveUpdate Scheduler Service

LegalCopyright : Copyright © 1996-2005 Symantec Corporation

OriginalFilename : ALUSchedulerSvc.exe

 

#:16 [guard.exe]

FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\

ProcessID : 1928

ThreadCreationTime : 13.11.2006 17:47:12

BasePriority : Normal

FileVersion : 7, 5, 0, 47

ProductVersion : 7, 5, 0, 47

ProductName : AVG Anti-Spyware

CompanyName : Anti-Malware Development a.s.

FileDescription : AVG Anti-Spyware guard

InternalName : AVG Anti-Spyware guard

LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.

OriginalFilename : guard.exe

 

#:17 [lssrvc.exe]

FilePath : C:\Program Files\Common Files\LightScribe\

ProcessID : 1976

ThreadCreationTime : 13.11.2006 17:47:12

BasePriority : Normal

FileVersion : 1.4.74.1

ProductName : LightScribe

CompanyName : Hewlett-Packard Company

LegalCopyright : © Copyright 2003-2006 Hewlett-Packard Development Company, LP

OriginalFilename : LSSrvc.exe

 

#:18 [sdhelp.exe]

FilePath : C:\Program Files\Spyware Doctor\

ProcessID : 2016

ThreadCreationTime : 13.11.2006 17:47:12

BasePriority : Normal

FileVersion : 3.6.0.2026

ProductVersion : 3.6

ProductName : Spyware Doctor

CompanyName : PC Tools Research Pty Ltd

 

#:19 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 212

ThreadCreationTime : 13.11.2006 17:47:13

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:20 [hpqwmiex.exe]

FilePath : C:\Program Files\Hewlett-Packard\Shared\

ProcessID : 392

ThreadCreationTime : 13.11.2006 17:47:13

BasePriority : Normal

FileVersion : 2, 0, 1, 8

ProductVersion : 2, 0, 1, 8

ProductName : hpqwmiex Module

CompanyName : Hewlett-Packard Development Company, L.P.

FileDescription : hpqwmiex Module

InternalName : hpqwmiex

LegalCopyright : © Copyright 2003-2006 Hewlett-Packard Development Company, L.P.

OriginalFilename : hpqwmiex.EXE

 

#:21 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 884

ThreadCreationTime : 13.11.2006 17:47:15

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:22 [stopzilla.exe]

FilePath : C:\Program Files\STOPzilla!\

ProcessID : 1232

ThreadCreationTime : 13.11.2006 17:47:15

BasePriority : Normal

FileVersion : 4.4.4.14

ProductVersion : 1, 0, 0, 1

ProductName : Stopzilla Application

FileDescription : Stopzilla MFC Application

InternalName : Stopzilla

LegalCopyright : Copyright © 2006

OriginalFilename : Stopzilla.EXE

 

#:23 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 176

ThreadCreationTime : 13.11.2006 17:47:17

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:24 [jusched.exe]

FilePath : C:\Program Files\Java\jre1.5.0_06\bin\

ProcessID : 668

ThreadCreationTime : 13.11.2006 17:47:18

BasePriority : Normal

 

 

#:25 [hp wireless assistant.exe]

FilePath : C:\Program Files\hpq\HP Wireless Assistant\

ProcessID : 772

ThreadCreationTime : 13.11.2006 17:47:18

BasePriority : Normal

FileVersion : 2, 0, 5, 1

ProductVersion : 2, 0, 5, 1

ProductName : HP Wireless Assistant

CompanyName : Hewlett-Packard Development Company, L.P.

FileDescription : HP Wireless Assistant Module

InternalName : HP Wireless Assistant

LegalCopyright : © Copyright 2005, 2006 Hewlett-Packard Development Company, L.P.

OriginalFilename : HP Wireless Assistant.exe

 

#:26 [igfxtray.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1032

ThreadCreationTime : 13.11.2006 17:47:18

BasePriority : Normal

FileVersion : 3.0.0.4543

ProductVersion : 7.0.0.4543

ProductName : Intel® Common User Interface

CompanyName : Intel Corporation

FileDescription : igfxTray Module

InternalName : IGFXTRAY

LegalCopyright : Copyright 1999-2004, Intel Corporation

OriginalFilename : IGFXTRAY.EXE

 

#:27 [hkcmd.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 516

ThreadCreationTime : 13.11.2006 17:47:18

BasePriority : Normal

FileVersion : 3.0.0.4543

ProductVersion : 7.0.0.4543

ProductName : Intel® Common User Interface

CompanyName : Intel Corporation

FileDescription : hkcmd Module

InternalName : HKCMD

LegalCopyright : Copyright 1999-2004, Intel Corporation

OriginalFilename : HKCMD.EXE

 

#:28 [igfxpers.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1284

ThreadCreationTime : 13.11.2006 17:47:18

BasePriority : Normal

FileVersion : 3.0.0.4543

ProductVersion : 7.0.0.4543

ProductName : Intel® Common User Interface

CompanyName : Intel Corporation

FileDescription : persistence Module

InternalName : PERSISTENCE

LegalCopyright : Copyright 1999-2004, Intel Corporation

OriginalFilename : IGFXPERS.EXE

 

#:29 [syntpenh.exe]

FilePath : C:\Program Files\Synaptics\SynTP\

ProcessID : 1460

ThreadCreationTime : 13.11.2006 17:47:18

BasePriority : Normal

FileVersion : 8.2.16.4 03Mar06

ProductVersion : 8.2.16.4 03Mar06

ProductName : Synaptics Pointing Device Driver

CompanyName : Synaptics, Inc.

FileDescription : Synaptics TouchPad Enhancements

InternalName : Synaptics Enhancements Application

LegalCopyright : Copyright © Synaptics, Inc. 1996-2006

OriginalFilename : SynTPEnh.exe

 

#:30 [qpservice.exe]

FilePath : C:\Program Files\HP\QuickPlay\

ProcessID : 1524

ThreadCreationTime : 13.11.2006 17:47:19

BasePriority : Normal

FileVersion : 4.5.0.0000

ProductVersion : 4.5.0.0000

ProductName : HP QuickPlay

CompanyName : CyberLink Corp.

FileDescription : HP QuickPlay Resident Program

InternalName : HP QuickPlay Resident Program

LegalCopyright : Copyright © 2005 CyberLink Corp.

OriginalFilename : QPService.exe

 

#:31 [hpwuschd2.exe]

FilePath : C:\Program Files\Hp\HP Software Update\

ProcessID : 1540

ThreadCreationTime : 13.11.2006 17:47:19

BasePriority : Normal

FileVersion : 50.0.146.000

ProductVersion : 050.000.146.000

ProductName : hp digital imaging - hp all-in-one series

CompanyName : Hewlett-Packard Co.

FileDescription : Hewlett-Packard Product Assistant

InternalName : hpwuSchd2

LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004

OriginalFilename : hpwuSchd2.exe

Comments : Hewlett-Packard Product Assistant

 

#:32 [qlbctrl.exe]

FilePath : C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\

ProcessID : 1516

ThreadCreationTime : 13.11.2006 17:47:19

BasePriority : Normal

FileVersion : 6, 0, 5, 1

ProductVersion : 6, 0, 5, 1

ProductName : HP Quick Launch Buttons

CompanyName : Hewlett-Packard Development Company, L.P.

FileDescription : QLB Controller

InternalName : QLBCTRL.exe

LegalCopyright : © Copyright 2006 Hewlett-Packard Development Company, L.P.

OriginalFilename : QLBCTRL.exe

 

#:33 [lvcomsx.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1652

ThreadCreationTime : 13.11.2006 17:47:19

BasePriority : Normal

FileVersion : 8.4.1.1092

ProductVersion : 8.4.1.1092

ProductName : Logitech QuickCam

CompanyName : Logitech Inc.

FileDescription : LVCom Server

InternalName : LVComS.exe

LegalCopyright : © 1996-2004 Logitech. All rights reserved.

OriginalFilename : LVComS.exe

 

#:34 [logitray.exe]

FilePath : C:\Program Files\Logitech\Video\

ProcessID : 1792

ThreadCreationTime : 13.11.2006 17:47:19

BasePriority : Normal

FileVersion : 8.4.6.1012

ProductVersion : 8.4.6.1012

ProductName : Logitech QuickCam

CompanyName : Logitech Inc.

FileDescription : ImageStudio Tray Application

InternalName : LogiTray.exe

LegalCopyright : © 1996-2005 Logitech. All rights reserved.

OriginalFilename : LogiTray.exe

 

#:35 [ctfmon.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1880

ThreadCreationTime : 13.11.2006 17:47:19

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

 

#:36 [msnmsgr.exe]

FilePath : C:\Program Files\MSN Messenger\

ProcessID : 2060

ThreadCreationTime : 13.11.2006 17:47:19

BasePriority : Normal

FileVersion : 8.0.0812.00

ProductVersion : 8.0.0812

ProductName : Messenger

CompanyName : Microsoft Corporation

FileDescription : Messenger

InternalName : msnmsgr.exe

LegalCopyright : Copyright © Microsoft Corporation. All rights reserved.

OriginalFilename : msnmsgr.exe

 

#:37 [wscntfy.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2100

ThreadCreationTime : 13.11.2006 17:47:19

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Security Center Notification App

InternalName : wscntfy.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : wscntfy.exe

 

#:38 [teatimer.exe]

FilePath : C:\Program Files\Spybot - Search & Destroy\

ProcessID : 2144

ThreadCreationTime : 13.11.2006 17:47:19

BasePriority : Idle

FileVersion : 1, 4, 0, 2

ProductVersion : 1, 4, 0, 3

ProductName : Spybot - Search & Destroy

CompanyName : Safer Networking Limited

FileDescription : System settings protector

InternalName : TeaTimer

LegalCopyright : © 2000-2005 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.

LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.

OriginalFilename : TeaTimer.exe

Comments : Schützt Systemeinstellungen vor ungewollten Änderungen.

 

#:39 [swdoctor.exe]

FilePath : C:\Program Files\Spyware Doctor\

ProcessID : 2168

ThreadCreationTime : 13.11.2006 17:47:19

BasePriority : Normal

FileVersion : 4.0.0.2620

ProductVersion : 3.6

ProductName : Spyware Doctor

CompanyName : PC Tools Research Pty Ltd

FileDescription : Spyware Doctor

InternalName : Spyware Doctor

LegalCopyright : Copyright © 2005. Distributed by PC Tools Research Pty Ltd

OriginalFilename : swdoctor.exe

 

#:40 [wmiprvse.exe]

FilePath : C:\WINDOWS\system32\wbem\

ProcessID : 2284

ThreadCreationTime : 13.11.2006 17:47:20

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : WMI

InternalName : Wmiprvse.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : Wmiprvse.exe

 

#:41 [fxsvr2.exe]

FilePath : C:\Program Files\Logitech\Video\

ProcessID : 3024

ThreadCreationTime : 13.11.2006 17:47:24

BasePriority : Normal

FileVersion : 8.4.6.1012

ProductVersion : 8.4.6.1012

ProductName : Logitech QuickCam

CompanyName : Logitech Inc.

FileDescription : QuickCam Framework Server

InternalName : FxSvr.EXE

LegalCopyright : © 1996-2005 Logitech. All rights reserved.

OriginalFilename : FxSvr.EXE

 

#:42 [wmiprvse.exe]

FilePath : C:\WINDOWS\system32\wbem\

ProcessID : 3076

ThreadCreationTime : 13.11.2006 17:47:24

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : WMI

InternalName : Wmiprvse.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : Wmiprvse.exe

 

#:43 [hpqimzone.exe]

FilePath : C:\Program Files\HP\Digital Imaging\bin\

ProcessID : 3140

ThreadCreationTime : 13.11.2006 17:47:25

BasePriority : Normal

 

 

#:44 [hpqtoa~1.exe]

FilePath : C:\PROGRA~1\HPQ\Shared\

ProcessID : 3516

ThreadCreationTime : 13.11.2006 17:47:32

BasePriority : Normal

FileVersion : 1, 0, 0, 7

ProductVersion : 1, 0, 0, 7

ProductName : HpqToaster Module

FileDescription : HpqToaster Module

InternalName : HpqToaster

LegalCopyright : Copyright 2005

OriginalFilename : HpqToaster.EXE

 

#:45 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3904

ThreadCreationTime : 13.11.2006 17:47:44

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:46 [wuauclt.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1628

ThreadCreationTime : 13.11.2006 17:48:01

BasePriority : Normal

FileVersion : 5.8.0.2694 built by: dnsrv(wmbla)

ProductVersion : 5.8.0.2694

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Automatic Updates

InternalName : wuauclt.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : wuauclt.exe

 

#:47 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\

ProcessID : 2984

ThreadCreationTime : 13.11.2006 17:48:16

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

#:48 [wuauclt.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3612

ThreadCreationTime : 13.11.2006 17:48:20

BasePriority : Normal

FileVersion : 5.8.0.2694 built by: dnsrv(wmbla)

ProductVersion : 5.8.0.2694

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Automatic Updates

InternalName : wuauclt.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : wuauclt.exe

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 13

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 13

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 13

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:6

Value : Cookie:[email protected]/

Expires : 11.11.2011

LastSync : Hits:6

UseCount : 0

Hits : 6

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:3

Value : Cookie:[email protected]/

Expires : 13.11.2006 18:02:56

LastSync : Hits:3

UseCount : 0

Hits : 3

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 2

Objects found so far: 15

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\jjjj\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\jjjj\Cookies\[email protected][2].txt

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 17

 

 

Deep scanning and examining files (D:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for D:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 17

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

137 entries scanned.

New critical objects:0

Objects found so far: 17

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 17

 

17:56:34 Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:07:41.656

Objects scanned:149447

Objects identified:4

Objects ignored:0

New critical objects:4

Share this post


Link to post
Share on other sites

heres my hijackthis thingy

 

Logfile of HijackThis v1.99.1

Scan saved at 18:05:02, on 13.11.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\STOPzilla!\STOPzilla.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Spyware Doctor\swdoctor.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\David\My Documents\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: ZILLAbar BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\ZB2.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)

O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll

O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)

O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)

O3 - Toolbar: STOPzilla securitybar - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\ZB2.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q306&bd=presario&pf=laptop

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

Share this post


Link to post
Share on other sites

and a sad thing too i think i unloaded IE already but there must be a way of getting it back so i dont know

anyway i hope you can help me

thank you

Share this post


Link to post
Share on other sites

Open HijackThis and do a *system scan only*

 

When it finishes, checkmark these entries, then press the *fix checked* button

 

O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)

O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)

O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)

O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)

 

After pressing *fix checked*, close HijackThis

 

1. Download this file - combofix.exe

http://download.bleepingcomputer.com/sUBs/combofix.exe

 

2. Double click on combofix.exe & follow the prompts.

 

Note: If you receive a popup with a Disclaimer, read that and answer Y for yes (or N for no)

Y is recommended (if you put N, the tool will exit without fixing and will remove the combofix file and folders)

 

Do NOT click on the window while the fix is running, because that will cause your system to hang and the fix to stall.

 

3. When finished, it shall produce a log for you. Post that log in your next reply

................................

Next, Download Findlop by Metallica.

http://metallica.geekstogo.com/findlop.zip

 

Unzip it to your desktop.

Double click findlop.bat.

A Notepad file will open.

Copy the content of that file and paste it into your reply to this thread.

Share this post


Link to post
Share on other sites

this is the findlop i dont is it the right one

 

[TRACE] Enumerating jobs and queues

 

 

and now combofix log

 

David - 06-11-14 18:06:57,56 Service Pack 2

ComboFix 06.11.9 - Running from: "C:\Program Files\Mozilla Firefox"

 

((((((((((((((((((((((((((((((( Files Created from 2006-10-14 to 2006-11-14 ))))))))))))))))))))))))))))))))))

 

 

2006-11-12 12:44 53,248 --a------ C:\WINDOWS\system32\Process.exe

2006-11-12 12:44 40,960 --a------ C:\WINDOWS\system32\swsc.exe

2006-11-12 12:44 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2006-11-12 11:57 4,550 --a------ C:\WINDOWS\system32\tmp.reg

2006-11-04 22:45 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

2006-11-01 18:36 501,760 C:\WINDOWS\system32Deutz Engine.scr

2006-11-01 18:36 501,760 C:\WINDOWS\system32Deutz Engine.exe

2006-10-25 18:26 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys

2006-10-25 18:26 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys

2006-10-25 18:26 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS

2006-10-25 18:26 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys

2006-10-25 18:26 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys

2006-10-25 18:26 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys

2006-10-25 18:26 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys

2006-10-25 18:25 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll

2006-10-25 18:25 372,736 -ra------ C:\WINDOWS\system32\LVUI2RC.dll

2006-10-25 18:25 22,016 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys

2006-10-25 18:25 211,712 -ra------ C:\WINDOWS\system32\drivers\LV561AV.SYS

2006-10-25 18:25 204,800 -ra------ C:\WINDOWS\system32\LVUI2.dll

2006-10-25 18:25 204,800 -ra------ C:\WINDOWS\system32\lvcodec2.dll

2006-10-25 18:25 2,180,096 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys

2006-10-25 18:25 106,496 -ra------ C:\WINDOWS\system32\lvcoinst.dll

2006-10-25 18:21 90,112 --a------ C:\WINDOWS\system32\LQCUI2.dll

2006-10-25 18:21 856,064 --a------ C:\WINDOWS\system32\Ltwvc12n.dll

2006-10-25 18:21 78,336 --a------ C:\WINDOWS\system32\lffax12n.dll

2006-10-25 18:21 466,944 --a------ C:\WINDOWS\system32\QCUI2.dll

2006-10-25 18:21 462,848 --a------ C:\WINDOWS\system32\LCamCpl.dll

2006-10-25 18:21 406,016 --a------ C:\WINDOWS\system32\ltkrn12n.dll

2006-10-25 18:21 328,704 --a------ C:\WINDOWS\system32\LFCMP12n.DLL

2006-10-25 18:21 30,720 --a------ C:\WINDOWS\system32\lfbmp12n.dll

2006-10-25 18:21 259,072 --a------ C:\WINDOWS\system32\LTDIS12n.dll

2006-10-25 18:21 215,552 --a------ C:\WINDOWS\system32\Lvkrn12n.dll

2006-10-25 18:21 207,872 --a------ C:\WINDOWS\system32\ltefx12n.dll

2006-10-25 18:21 164,864 --a------ C:\WINDOWS\system32\ltimg12n.dll

2006-10-25 18:21 141,312 --a------ C:\WINDOWS\system32\lftif12n.dll

2006-10-25 18:21 131,072 --a------ C:\WINDOWS\system32\ltfil12n.DLL

2006-10-25 18:04 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe

2006-10-14 21:07 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2006-11-14 18:06 -------- d-------- C:\Program Files\Mozilla Firefox

2006-11-12 11:31 -------- d-------- C:\Program Files\Common Files\iS3

2006-11-12 11:31 -------- d-------- C:\Program Files\Common Files

2006-11-12 11:04 -------- d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2

2006-11-10 18:23 -------- d--h----- C:\Program Files\InstallShield Installation Information

2006-11-07 20:53 -------- d-------- C:\Documents and Settings\David\Application Data\HP

2006-11-05 12:06 -------- d-------- C:\Program Files\Yahoo!

2006-11-05 12:05 -------- d-------- C:\Program Files\Common Files\Sonic Shared

2006-11-05 11:11 -------- d-------- C:\Program Files\CCleaner

2006-11-05 11:02 -------- d-------- C:\Documents and Settings\David\Application Data\Lavasoft

2006-11-05 11:01 -------- d-------- C:\Program Files\Lavasoft

2006-11-04 19:11 -------- d-------- C:\Documents and Settings\David\Application Data\AdobeUM

2006-11-03 06:23 -------- d-------- C:\Program Files\MSN Messenger

2006-11-03 06:23 -------- d-------- C:\Program Files\Common Files\Microsoft Shared

2006-11-01 18:36 501760 --a------ C:\WINDOWS\system32\Deutz Engine.scr

2006-11-01 18:36 501760 --a------ C:\WINDOWS\system32\Deutz Engine.exe

2006-10-31 18:09 -------- d-------- C:\Program Files\Common Files\Symantec Shared

2006-10-31 18:04 -------- d-------- C:\Program Files\Symantec

2006-10-29 19:28 75736 --a------ C:\WINDOWS\system32\cdm.dll

2006-10-29 19:28 465368 --a------ C:\WINDOWS\system32\wuapi.dll

2006-10-29 19:28 41432 --a------ C:\WINDOWS\system32\wups.dll

2006-10-29 19:28 198616 --a------ C:\WINDOWS\system32\iuengine.dll

2006-10-29 19:28 194520 --a------ C:\WINDOWS\system32\wuaueng1.dll

2006-10-29 19:28 18392 --a------ C:\WINDOWS\system32\wups2.dll

2006-10-29 19:28 174040 --a------ C:\WINDOWS\system32\wuweb.dll

2006-10-29 19:28 172504 --a------ C:\WINDOWS\system32\wuauclt1.exe

2006-10-29 19:28 1353688 --a------ C:\WINDOWS\system32\wuaueng.dll

2006-10-29 19:28 127448 --a------ C:\WINDOWS\system32\wucltui.dll

2006-10-29 19:28 124376 --a------ C:\WINDOWS\system32\wuauclt.exe

2006-10-28 10:55 -------- d---s---- C:\Documents and Settings\David\Application Data\Microsoft

2006-10-25 21:12 -------- d-------- C:\Program Files\Logitech

2006-10-25 18:04 -------- d-------- C:\Program Files\Common Files\Logitech

2006-10-21 07:52 -------- d-------- C:\Program Files\SmartFTP Client 2.0

2006-10-14 21:07 -------- d-------- C:\Program Files\Grisoft

2006-10-14 19:03 -------- d-------- C:\Program Files\MSXML 4.0

2006-10-13 12:06 -------- d-------- C:\Documents and Settings\David\Application Data\Help

2006-10-13 11:31 -------- d-------- C:\Program Files\Lexmark 510 Series

2006-10-13 11:30 0 -rahs---- C:\MSDOS.SYS

2006-10-13 11:30 0 -rahs---- C:\IO.SYS

2006-10-13 09:25 -------- d-------- C:\Program Files\Internet Explorer

2006-10-12 11:06 -------- d-------- C:\Program Files\Google

2006-10-12 10:45 -------- d-------- C:\Documents and Settings\David\Application Data\Talkback

2006-10-12 10:45 -------- d-------- C:\Documents and Settings\David\Application Data\Mozilla

2006-10-10 10:17 -------- d-------- C:\Documents and Settings\David\Application Data\NetPumper

2006-10-10 10:17 -------- d-------- C:\Documents and Settings\David\Application Data\32 part

2006-10-10 10:16 -------- d-------- C:\Program Files\32 part

2006-10-07 15:50 -------- d-------- C:\Program Files\EA GAMES

2006-10-03 20:52 -------- d-------- C:\Documents and Settings\David\Application Data\G-Force

2006-10-03 20:42 -------- d-------- C:\Program Files\SoundSpectrum

2006-10-01 09:11 -------- d-------- C:\Program Files\Common Files\GST

2006-09-24 12:59 -------- d-------- C:\Documents and Settings\David\Application Data\Sun

2006-09-16 12:18 -------- d-------- C:\Documents and Settings\David\Application Data\Ahead

2006-09-15 18:41 -------- d-------- C:\Program Files\Common Files\InstallShield

2006-09-15 18:38 -------- d-------- C:\Program Files\Sonic

2006-09-15 18:31 -------- d-------- C:\Program Files\Ahead

2006-09-15 18:28 -------- d-------- C:\Program Files\Common Files\Nero

2006-09-15 18:26 -------- d-------- C:\Program Files\Common Files\Ahead

2006-09-15 12:50 -------- d-------- C:\Program Files\Common Files\DirectX

2006-09-13 05:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll

2006-09-12 16:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll

2006-09-10 21:19 8464 --a------ C:\WINDOWS\system32\sporder.dll

2006-09-09 12:16 124 --a------ C:\Documents and Settings\David\Application Data\wklnhst.dat

2006-08-25 15:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll

2006-08-24 21:42 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe

2006-08-24 21:42 8704 --a------ C:\WINDOWS\system32\uwdf.exe

2006-08-24 21:30 99840 --a------ C:\WINDOWS\system32\wmpshell.dll

2006-08-24 21:30 990208 --a------ C:\WINDOWS\system32\drmv2clt.dll

2006-08-24 21:30 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll

2006-08-24 21:30 8337920 --a------ C:\WINDOWS\system32\wmploc.dll

2006-08-24 21:30 790016 --------- C:\WINDOWS\system32\WMVSENCD.dll

2006-08-24 21:30 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll

2006-08-24 21:30 7168 --a------ C:\WINDOWS\system32\asferror.dll

2006-08-24 21:30 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll

2006-08-24 21:30 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll

2006-08-24 21:30 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll

2006-08-24 21:30 611840 --------- C:\WINDOWS\system32\wmpmde.dll

2006-08-24 21:30 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll

2006-08-24 21:30 537600 --a------ C:\WINDOWS\system32\blackbox.dll

2006-08-24 21:30 532992 --------- C:\WINDOWS\system32\wmdrmsdk.dll

2006-08-24 21:30 428032 --a------ C:\WINDOWS\system32\wmdrmdev.dll

2006-08-24 21:30 414208 --a------ C:\WINDOWS\system32\msscp.dll

2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll

2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll

2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL

2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll

2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll

2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll

2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\wdfapi.dll

2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll

2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll

2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll

2006-08-24 21:30 37376 --a------ C:\WINDOWS\system32\wmdmps.dll

2006-08-24 21:30 35840 --a------ C:\WINDOWS\system32\wpdconns.dll

2006-08-24 21:30 349184 --a------ C:\WINDOWS\system32\wpdsp.dll

2006-08-24 21:30 347648 --a------ C:\WINDOWS\system32\wmdrmnet.dll

2006-08-24 21:30 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll

2006-08-24 21:30 320512 --a------ C:\WINDOWS\system32\mswmdm.dll

2006-08-24 21:30 316928 --------- C:\WINDOWS\system32\MP4SDECD.dll

2006-08-24 21:30 314368 --a------ C:\WINDOWS\system32\wmpdxm.dll

2006-08-24 21:30 305152 --------- C:\WINDOWS\system32\MSDelta.dll

2006-08-24 21:30 295424 --------- C:\WINDOWS\system32\wmpeffects.dll

2006-08-24 21:30 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll

2006-08-24 21:30 276480 --a------ C:\WINDOWS\system32\audiodev.dll

2006-08-24 21:30 27648 --a------ C:\WINDOWS\system32\mspmsnsv.dll

2006-08-24 21:30 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll

2006-08-24 21:30 2589184 --------- C:\WINDOWS\system32\WpdShext.dll

2006-08-24 21:30 258560 --------- C:\WINDOWS\system32\MP43DECD.dll

2006-08-24 21:30 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll

2006-08-24 21:30 242176 --a------ C:\WINDOWS\system32\wmpasf.dll

2006-08-24 21:30 228352 --a------ C:\WINDOWS\system32\cewmdm.dll

2006-08-24 21:30 227328 --a------ C:\WINDOWS\system32\wmerror.dll

2006-08-24 21:30 222208 --a------ C:\WINDOWS\system32\WMASF.dll

2006-08-24 21:30 211968 --------- C:\WINDOWS\system32\MFPLAT.dll

2006-08-24 21:30 210432 --a------ C:\WINDOWS\system32\qasf.dll

2006-08-24 21:30 204800 --a------ C:\WINDOWS\system32\wmpsrcwp.dll

2006-08-24 21:30 198144 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll

2006-08-24 21:30 179712 --a------ C:\WINDOWS\system32\msnetobj.dll

2006-08-24 21:30 175104 --a------ C:\WINDOWS\system32\mspmsp.dll

2006-08-24 21:30 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll

2006-08-24 21:30 1660416 --a------ C:\WINDOWS\system32\wmpencen.dll

2006-08-24 21:30 157184 --a------ C:\WINDOWS\system32\wmidx.dll

2006-08-24 21:30 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll

2006-08-24 21:30 1539584 --------- C:\WINDOWS\system32\WMVDECOD.dll

2006-08-24 21:30 1532416 --------- C:\WINDOWS\system32\WMVENCOD.dll

2006-08-24 21:30 1392128 --------- C:\WINDOWS\system32\WMVSDECD.dll

2006-08-24 21:30 133120 --------- C:\WINDOWS\system32\WPDShServiceObj.dll

2006-08-24 21:30 1327616 --a------ C:\WINDOWS\system32\WMSPDMOE.dll

2006-08-24 21:30 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll

2006-08-24 21:30 130048 --------- C:\WINDOWS\system32\wmpps.dll

2006-08-24 21:30 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll

2006-08-24 21:30 1118208 --a------ C:\WINDOWS\system32\WMADMOE.dll

2006-08-24 21:30 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll

2006-08-24 19:31 100864 --a------ C:\WINDOWS\system32\logagent.exe

2006-08-24 19:27 249344 --------- C:\WINDOWS\system32\drmupgds.exe

2006-08-24 19:26 95288 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll

2006-08-24 19:26 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe

2006-08-24 18:19 316416 --------- C:\WINDOWS\system32\WUDFx.dll

2006-08-24 18:19 145920 --------- C:\WINDOWS\system32\WudfHost.exe

2006-08-24 18:18 56320 --------- C:\WINDOWS\system32\WudfSvc.dll

2006-08-24 18:18 168448 --------- C:\WINDOWS\system32\WudfPlatform.dll

2006-08-22 23:13 11776 --a------ C:\WINDOWS\system32\ieudinit.exe

2006-08-21 12:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll

2006-08-21 09:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe

2006-08-16 11:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"

"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"

"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

"skipnoun"="C:\\DOCUME~1\\LOCALS~1\\APPLIC~1\\32PART~1\\REMOTEBLEH.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"

"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"

"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"

"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"

"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe"

"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"

"QPService"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\""

"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"

"QlbCtrl"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,48,65,77,6c,65,\

74,74,2d,50,61,63,6b,61,72,64,5c,48,50,20,51,75,69,63,6b,20,4c,61,75,6e,63,\

68,20,42,75,74,74,6f,6e,73,5c,51,6c,62,43,74,72,6c,2e,65,78,65,20,2f,53,74,\

61,72,74,00

"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"

"RecGuard"="C:\\Windows\\SMINST\\RecGuard.exe"

"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"

"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"

"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "

"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"

"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\

65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"NoChange"="1"

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

"wextract_cleanup0"="rundll32.exe C:\\WINDOWS\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\DOCUME~1\\David\\LOCALS~1\\Temp\\IXP000.TMP\\\""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\Setup]

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000005

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

Completion time: 06-11-14 18:07:26.95

C:\ComboFix.txt ... 06-11-14 18:07

 

 

ok

Share this post


Link to post
Share on other sites

Very good. Could also please scan once more with HijackThis to produce a fresh log and post that back here as well. :D

Share this post


Link to post
Share on other sites

hello

here is the new hijack log

 

Logfile of HijackThis v1.99.1

Scan saved at 17:32:33, on 15.11.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\David\My Documents\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)

O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)

O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)

O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)

O3 - Toolbar: (no name) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - (no file)

O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)

O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [skipnoun] C:\DOCUME~1\LOCALS~1\APPLIC~1\32PART~1\REMOTEBLEH.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q306&bd=presario&pf=laptop

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

 

thank you

Share this post


Link to post
Share on other sites

Spybot's Teatimer is blocking the fix. We'll need you to temporarily disable it while we get these fixed.

 

1) Open Spybot-S&D

2) Go to the Mode menu and make sure "Advanced Mode" is selected

3) On the left hand side, choose Tools -> Resident

4) Uncheck "Resident TeaTimer" and OK any prompts

5) Restart your computer. (important step!)

....................

Now follow these steps next.

 

1. Open HijackThis and do a *system scan only*

 

When it finishes, place a checkmark in the boxes next to these entires, then press the *fix checked* button

 

O2 - BHO: (no name) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - (no file)

 

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

 

O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)

 

O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)

 

O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)

 

O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)

 

O3 - Toolbar: (no name) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - (no file)

 

O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)

 

O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)

 

O4 - HKCU\..\Run: [skipnoun] C:\DOCUME~1\LOCALS~1\APPLIC~1\32PART~1\REMOTEBLEH.exe

 

After pressing the *fix checked* button close HijackThis.

 

2.. Make sure your PC is configured to show hidden files

How to Show Hidden Files

http://www.xtra.co.nz/help/0,,4155-1916458,00.html

 

Click Start.

 

Open My Computer.

 

Select the Tools menu and click Folder Options.

 

Select the View Tab.

 

Under the Hidden files and folders heading select Show hidden files and folders.

 

Uncheck the Hide protected operating system files (recommended) option.

 

Click Yes to confirm.

 

Click OK.

 

 

3. Reboot into Safe Mode

You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

 

How to start the computer in Safe mode

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

 

Once in SAFE MODE, delete the following folder

C:\\DOCUMENTS AND SETTINGS\\LOCALSETTINGS\\APPLICATION DATA\\32PART....<---delete this folder and all it's contents. NOTE: Folder name begins with the letters 32PART but will longer and may contain spaces such as: 32 part....

 

4. Reboot back into normal mode. Scan once more with HijackThis to produce a fresh log and post it back here for review please.

Share this post


Link to post
Share on other sites

ok heres another log

 

Logfile of HijackThis v1.99.1

Scan saved at 17:58:16, on 16.11.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\David\My Documents\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)

O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)

O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)

O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q306&bd=presario&pf=laptop

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

Share this post


Link to post
Share on other sites

The BHO entries are still there and you still have Teatimer running at startup. That's what is blocking the fix

 

O2 - BHO: (no name) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - (no file)

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)

O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)

O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)

O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)

Share this post


Link to post
Share on other sites

hello

sorry about that, this time they were gone from the list and heres the log

 

Logfile of HijackThis v1.99.1

Scan saved at 13:20:52, on 17.11.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE

C:\WINDOWS\system32\svchost.exe

C:\Documents and Settings\David\My Documents\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q306&bd=presario&pf=laptop

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

 

thank you

Share this post


Link to post
Share on other sites

That looks good! :P

 

(You can turn your teatimer back on now if you wish)

 

How is your computer acting at this point?

Share this post


Link to post
Share on other sites

hello

and thank you very much for helping

so far my computer seems to work quite fine though when i start it too many programs are in the task manager so i take some of them down which have my user name i havent found the place where i can change it jet but i think i will find it sooner or later

but still thank you very much for helping(what was wrong with my computer anyway?)

im really grateful this support forum is the greatest thing i have ever seen and its great that somebody is doing it, thank you very much one more time and have a pleasant day

thank you

bye

Share this post


Link to post
Share on other sites

oh here the logs just in case

 

Logfile of HijackThis v1.99.1

Scan saved at 15:22:10, on 18.11.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE

C:\WINDOWS\system32\svchost.exe

C:\Documents and Settings\David\My Documents\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q306&bd=presario&pf=laptop

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

 

and adawares

Edited by teiko

Share this post


Link to post
Share on other sites

Hello teiko,

 

Sorry about the late reply, we had some email problems with the board and I didn't get all of my notices of replies made to threads I am working.

 

What was wrong with your computer was that you had the LOP parasite:

Description here:

http://sarc.com/avcenter/venc/data/adware.lop.html

 

And here:

http://en.wikipedia.org/wiki/C2.LOP

 

It was using these random names seen in this key that we fixed:

O4 - HKCU\..\Run: [skipnoun] C:\DOCUME~1\LOCALS~1\APPLIC~1\32PART~1\REMOTEBLEH.exe

 

You latest log looks good! Nice job ;)

 

Some final cleanup and prevention recomendations follow.

 

You can go ahead and delete any special tools we used (Findlop, ComboFix, etc). They won't serve a future purpose and are replaced with updated versions frequently, so the copies you have are probably already out of date and no need to keep them.

 

Do a disk cleanup. Go to Start > Run and type in the box: Cleanmgr

Wait while Windows scans your system for files to delete.

Make sure these 3 are checkmarked and press *ok* to delete them.

 

Temporary Files

Temporary Internet Files

Recycle Bin

 

Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?

 

One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.

 

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

 

(winXP)

 

1. Turn off System Restore.

Go to Start and right-click on *My Computer*.

Click Properties.

Click the System Restore tab.

Put a Checkmark in the box next to "Turn off System Restore".

Click Apply, and then click OK.

 

2. Reboot.

 

3. Turn ON System Restore.

Go to Start and right-click on *My Computer*.

Click Properties.

Click the System Restore tab.

Remove the checkmark next to "Turn off System Restore".

Click Apply, and then click OK.

 

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/default.aspx?...kb;en-us;310405

......................

Ad-Aware Plus has realtime protection to prevent infections before they have a chance to a get stronghold on your PC

http://www.lavasoft.com/

 

Also, I can't stress enough the importance of having your Windows critical Security Updates. Most malware today uses exploits on unpatched systems to creep onto your system without your even doing anything but visiting an infected webpage!!

 

Watch what you download, be careful where you surf, and don't trust attachments or even links in email and Instant messages. Even if they come from a buddy, that buddy could be the one infected and it is the virus sending that link from his account. You click on it thinking he is trusted, and *boom* you're infected.

Many "Phishing" attempts are made by cleverly crafted email to look like it is coming from an "official" source (like Microsoft, or your bank, or some other provider). Don't click on links in those. Go directly to the site instead and navigate the menus - don't trust email you think came from a "safe source" unless you are expecting it! There is more in the link I will provide below, but those are the choice avenues of infection these days.

Stay far AWAY from cracks and warez sites - you're sure to get infected files there, and the same can be said for files downloaded from p2p (more than half are usually infected and probably not detectable by your current security software - the newest nasties are always released in those venues).

 

A word about shared computers and networks.

Share Your PC

http://www.microsoft.com/windowsxp/using/s...hare/intro.mspx

Not all users need to have Admin Accounts. It is much safer to have most of your users on a shared system running as Limited User accounts. That way, if there is "an accident", it will only affect one user's account and not the entire system.

 

 

Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help :wub:.

How do I prevent Browser Hijacks and Spyware?

http://www.dslreports.com/faq/13620

 

I'm happy to see you have SP2 installed. That will address numerous security issues in your Operating System and IE

Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable!

Windows Update

http://update.microsoft.com/microsoftupdate/

 

And see this link for instructions on how to configure the enhanced security features in SP2:

http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

 

I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.

 

MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:

Microsoft Baseline Security Analyzer

http://www.microsoft.com/technet/security/...s/mbsahome.mspx

Choose MBSAsetup-EN.msi = (English Version) or the language appropriate for you.

 

Also visit this Free Online Scanner from Microsoft for PC Health and Safety

http://safety.live.com/site/en-US/default.htm

and Microsoft Security At Home

http://www.microsoft.com/athome/security/default.mspx

for tips to Protect your Pc, Protect yourself and Protect your Family.

Share this post


Link to post
Share on other sites

You're quite welcome! Glad we could help :)

 

Since your issues seem resolved I'll go ahead and archive this topic in the "Resolved" section (read only)

 

If you should have any further issues, please feel free to post a new topic.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0