Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Having problems can someone look at my HJT log??  (Read 6760 times)

0 Members and 1 Guest are viewing this topic.

aces67

    Topic Starter


    Intermediate
  • I love YaBB 1G - SP1!
    Having problems can someone look at my HJT log??
    « on: September 21, 2007, 04:08:16 PM »
    My internet is running ver slow. I've ran Ccleaner, Adaware, Spybot, AVG free, Ewido Antispyware and Mcaffee and nothing has helped it.

    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\LTMSG.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\DropBox\DropBox\DropBox.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\SiteAdvisor\6172\SAService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\System32\alg.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [DropBoxUtility] "C:\Program Files\DropBox\DropBox\DropBox.exe" /s
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    Logged

    aces67

      Topic Starter


      Intermediate
    • I love YaBB 1G - SP1!
      Re: Having problems can someone look at my HJT log??
      « Reply #1 on: September 21, 2007, 04:10:11 PM »
      O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
      O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.4.69/cab/aolpPlugins.10.4.0.4.cab
      O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
      O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166385398125
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166386230984
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
      O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
      O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
      O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
      O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
      O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
      O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
      O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
      O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe


      Thanks!
      Logged

      unlovedwarrior



        Guru

      • someday this name will be known
        • Thanked: 13
        Re: Having problems can someone look at my HJT log??
        « Reply #2 on: September 21, 2007, 04:17:19 PM »
        follow this guide then follow this one

        make sure you do as much of the guides as you can in safe mode

        and also i would make a folder on your desktop and put hijackthis in that folder
        Logged

        aces67

          Topic Starter


          Intermediate
        • I love YaBB 1G - SP1!
          Re: Having problems can someone look at my HJT log??
          « Reply #3 on: September 24, 2007, 03:35:14 PM »
          Thanks for your response. I did everything you listed... I even uninstalled and reinstalled IE thinking I had a bad download but it's still slow. My ISP says it's not on their end.

          What else could be going on??

          Thanks!
          Logged

          CBMatt

          • Mod & Malware Specialist


            • Prodigy

          • Sad and lonely...and loving every minute of it.
            • Thanked: 167
            • Yes
          • Experience: Experienced
          • OS: Windows 7
          Re: Having problems can someone look at my HJT log??
          « Reply #4 on: September 25, 2007, 12:32:11 AM »
          What kind of connection do you have?
          Are there any other computers sharing this connection?  If so, are they experiencing any difficulties?
          How long has this been happening?
          Have you tried System Restore?

          Download ComboFix and save it to your desktop.  Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says.  Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt.  Go ahead and post that here.  Note: Don't click on the window while it's running; this may cause stalls.

          Also post a new HijackThis log.
          Logged
          Quote
          An undefined problem has an infinite number of solutions.
          —Robert A. Humphrey

          aces67

            Topic Starter


            Intermediate
          • I love YaBB 1G - SP1!
            Re: Having problems can someone look at my HJT log??
            « Reply #5 on: September 25, 2007, 08:49:48 AM »
            My computer is on Wildblue Satellite internet. IT's the only computer hooked up and the problem started a couple of weeks ago.

            Here's my combo fix log

            Files Created from 2007-08-25 to 2007-09-25  )))))))))))))))))))))))))))))))
            .

            2007-09-25 09:20   51,200   --a------   C:\WINDOWS\NirCmd.exe
            2007-09-17 16:52   266,360   --a------   C:\WINDOWS\system32\TweakUI.exe
            2007-09-17 16:37   <DIR>   d--------   C:\Program Files\CCleaner
            2007-09-17 16:27   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
            2007-09-17 13:58   <DIR>   d--------   C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
            2007-09-17 13:57   <DIR>   d--------   C:\Program Files\SiteAdvisor
            2007-09-17 13:57   <DIR>   d--------   C:\DOCUME~1\Owner\APPLIC~1\SiteAdvisor
            2007-09-17 13:57   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
            2007-09-17 13:55   71,496   --a------   C:\WINDOWS\system32\drivers\mfeavfk.sys
            2007-09-17 13:55   37,480   --a------   C:\WINDOWS\system32\drivers\mfesmfk.sys
            2007-09-17 13:55   34,184   --a------   C:\WINDOWS\system32\drivers\mfebopk.sys
            2007-09-17 13:55   32,008   --a------   C:\WINDOWS\system32\drivers\mferkdk.sys
            2007-09-17 13:55   170,408   --a------   C:\WINDOWS\system32\drivers\mfehidk.sys
            2007-09-17 13:55   109,608   --a------   C:\WINDOWS\system32\drivers\Mpfp.sys
            2007-09-17 13:54   <DIR>   d--------   C:\Program Files\McAfee.com
            2007-09-17 13:53   <DIR>   d--------   C:\Program Files\McAfee
            2007-09-17 13:53   <DIR>   d--------   C:\Program Files\Common Files\McAfee
            2007-09-17 13:39   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
            2007-09-17 07:33   10,872   --a------   C:\WINDOWS\system32\drivers\AvgAsCln.sys
            2007-09-17 06:44   63   --a------   C:\WINDOWS\system\SysSD.dll
            2007-09-17 06:43   <DIR>   d--------   C:\Program Files\SpywareDetector
            2007-09-12 11:00   <DIR>   d--------   C:\DOCUME~1\Owner\.housecall6.6
            2007-08-31 16:59   139,536   --a------   C:\WINDOWS\system32\javaee.dll
            2007-08-30 12:58   <DIR>   d--------   C:\Program Files\AviSynth 2.5
            2007-08-26 10:33   82,248   --a------   C:\WINDOWS\system32\drivers\iksyssec.sys
            2007-08-26 10:33   57,672   --a------   C:\WINDOWS\system32\drivers\iksysflt.sys
            2007-08-26 10:33   40,264   --a------   C:\WINDOWS\system32\drivers\ikfilesec.sys
            2007-08-26 10:33   29,000   --a------   C:\WINDOWS\system32\drivers\kcom.sys
            2007-08-26 10:32   626,688   --a------   C:\WINDOWS\system32\msvcr80.dll
            2007-08-26 10:32   <DIR>   d--------   C:\Program Files\Spyware Doctor
            2007-08-26 10:32   <DIR>   d--------   C:\DOCUME~1\Owner\APPLIC~1\PC Tools
            2007-08-26 10:21   2,560   ---------   C:\WINDOWS\system32\drivers\cdralw2k.sys
            2007-08-26 10:21   2,432   ---------   C:\WINDOWS\system32\drivers\cdr4_xp.sys
            2007-08-26 10:18   <DIR>   d--------   C:\Program Files\Picasa2
            2007-08-26 10:16   <DIR>   d--------   C:\WINDOWS\system32\runtime
            2007-08-26 10:11   <DIR>   d--------   C:\Program Files\Norton Security Scan
            2007-08-26 09:55   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
            Logged

            aces67

              Topic Starter


              Intermediate
            • I love YaBB 1G - SP1!
              Re: Having problems can someone look at my HJT log??
              « Reply #6 on: September 25, 2007, 08:51:06 AM »
              ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2007-09-17 21:41   ---------   d--------   C:\Program Files\QuickTime
              2007-09-17 21:11   ---------   d--------   C:\Program Files\Google
              2007-09-16 21:06   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
              2007-09-16 20:01   ---------   d--------   C:\Program Files\Norton AntiVirus
              2007-09-16 20:01   ---------   d--------   C:\Program Files\Common Files\Symantec Shared
              2007-09-16 20:01   ---------   d--------   C:\DOCUME~1\Owner\APPLIC~1\Symantec
              2007-09-16 20:01   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
              2007-09-16 18:26   ---------   d--------   C:\Program Files\Symantec
              2007-08-31 17:27   ---------   d--------   C:\DOCUME~1\Owner\APPLIC~1\Google
              2007-08-30 13:00   ---------   d--------   C:\Program Files\DropBox
              2007-08-26 10:15   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
              2007-08-22 16:22   3888   --a------   C:\WINDOWS\viassary-hp.reg
              2007-08-22 16:22   ---------   d--------   C:\Program Files\Easy Internet signup
              2007-08-19 20:30   ---------   d--------   C:\Program Files\CDBurnerXP Pro 3
              2007-08-18 08:57   ---------   d--h-----   C:\Program Files\InstallShield Installation Information
              2007-08-18 08:57   ---------   d--------   C:\Program Files\Quicken
              2007-08-17 23:00   0   --ah-----   C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
              2007-08-17 23:00   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
              2007-08-17 22:59   0   --ah-----   C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
              2007-08-17 22:53   ---------   d--------   C:\Program Files\Motorola Phone Tools
              2007-08-17 22:52   ---------   d--------   C:\Program Files\Common Files\Motorola Shared
              2007-08-17 22:45   ---------   d--------   C:\Program Files\Avanquest update
              2007-08-17 17:53   9232   --a------   C:\DOCUME~1\Owner\mqdmmdfl.sys
              2007-08-17 17:53   92064   --a------   C:\DOCUME~1\Owner\mqdmmdm.sys
              2007-08-17 17:53   79328   --a------   C:\DOCUME~1\Owner\mqdmserd.sys
              2007-08-17 17:53   66656   --a------   C:\DOCUME~1\Owner\mqdmbus.sys
              2007-08-17 17:53   6208   --a------   C:\DOCUME~1\Owner\mqdmcmnt.sys
              2007-08-17 17:53   5936   --a------   C:\DOCUME~1\Owner\mqdmwhnt.sys
              2007-08-17 17:53   4048   --a------   C:\DOCUME~1\Owner\mqdmcr.sys
              2007-08-17 17:53   25600   --a------   C:\DOCUME~1\Owner\usbsermptxp.sys
              2007-08-17 17:53   22768   --a------   C:\DOCUME~1\Owner\usbsermpt.sys
              2007-08-03 10:38   ---------   d--------   C:\Program Files\Lavasoft
              2007-08-03 10:38   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
              2007-08-03 10:37   ---------   d--------   C:\Program Files\Common Files\Wise Installation Wizard
              2007-07-31 07:13   ---------   d--------   C:\Program Files\Snapfish Picture Mover
              2007-07-31 07:13   ---------   d--------   C:\DOCUME~1\Owner\APPLIC~1\Snapfish
              2007-07-30 19:19   92504   --a------   C:\WINDOWS\system32\cdm.dll
              2007-07-30 19:19   549720   --a------   C:\WINDOWS\system32\wuapi.dll
              2007-07-30 19:19   53080   --a------   C:\WINDOWS\system32\wuauclt.exe
              2007-07-30 19:19   43352   --a------   C:\WINDOWS\system32\wups2.dll
              2007-07-30 19:19   325976   --a------   C:\WINDOWS\system32\wucltui.dll
              2007-07-30 19:19   271224   --a------   C:\WINDOWS\system32\mucltui.dll
              2007-07-30 19:19   207736   --a------   C:\WINDOWS\system32\muweb.dll
              2007-07-30 19:19   203096   --a------   C:\WINDOWS\system32\wuweb.dll
              2007-07-30 19:19   1712984   --a------   C:\WINDOWS\system32\wuaueng.dll
              2007-07-30 19:18   33624   --a------   C:\WINDOWS\system32\wups.dll
              2007-07-26 12:48   ---------   d--------   C:\Program Files\WON
              2007-07-26 12:48   ---------   d--------   C:\Program Files\Sierra On-Line
              2007-07-25 08:53   ---------   d--------   C:\Program Files\Cub Rummy
              2007-06-26 01:08   1104896   --a------   C:\WINDOWS\system32\msxml3.dll
              2006-05-07 11:20   774144   --a------   C:\Program Files\RngInterstitial.dll
              .
              Logged

              aces67

                Topic Starter


                Intermediate
              • I love YaBB 1G - SP1!
                Re: Having problems can someone look at my HJT log??
                « Reply #7 on: September 25, 2007, 08:52:58 AM »
                (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                 
                *Note* empty entries & legit default entries are not shown

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04]
                "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-08-20 16:51]
                "CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 09:23]
                "HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 04:55]
                "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02]
                "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 10:01]
                "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 23:42]
                "LTMSG"="LTMSG.exe" [2003-07-14 19:52 C:\WINDOWS\ltmsg.exe]
                "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 22:28]
                "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 21:56]
                "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 C:\WINDOWS\ALCXMNTR.EXE]
                "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-08-20 16:55]
                "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-20 09:59]
                "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11:06]
                "MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 11:06]
                "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-03 06:45]
                "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-31 07:33]
                "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02]
                "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
                "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
                "DropBoxUtility"="C:\Program Files\DropBox\DropBox\DropBox.exe" [2007-08-24 00:40]
                "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
                "SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-02-08 21:39]

                [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "NVIEW"="nview.dll,nViewLoadHook" []
                "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
                "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
                "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-29 07:58]
                "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

                C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
                Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-26 09:55:30]
                HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 10:20:40]

                C:\DOCUME~1\Owner\STARTM~1\Programs\Startup\
                PowerReg Scheduler V3.exe [2007-05-30 10:54:12]

                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
                "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
                @=""

                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
                path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
                backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
                path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
                backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Organize.lnk]
                path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Organize.lnk
                backup=C:\WINDOWS\pss\Organize.lnkStartup

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Snapfish Picture Mover.lnk]
                path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Snapfish Picture Mover.lnk
                backup=C:\WINDOWS\pss\Snapfish Picture Mover.lnkStartup

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DropBoxUtility]
                "C:\Program Files\DropBox\DropBox\DropBox.exe" /s

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
                C:\Program Files\Picasa2\PicasaMediaDetector.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
                C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
                "gusvc"=2 (0x2)
                "AOL ACS"=2 (0x2)

                S2 NdisFilter;NdisFilter;\??\c:\windows\system32\drivers\ndisfilter.sys
                S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys
                S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys
                S3 DPCNET5U;Satellite USB Driver;C:\WINDOWS\system32\DRIVERS\dpcnet5u.sys
                S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys

                *Newly Created Service* - CATCHME
                .
                Contents of the 'Scheduled Tasks' folder
                "2007-09-17 18:54:50 C:\WINDOWS\Tasks\McDefragTask.job"
                - c:\program files\mcafee\mqc\QcConsol.exe
                "2007-09-17 18:54:49 C:\WINDOWS\Tasks\McQcTask.job"
                - c:\program files\mcafee\mqc\QcConsol.exe
                .
                **************************************************************************

                catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                Rootkit scan 2007-09-25 09:34:35
                Windows 5.1.2600 Service Pack 2 NTFS

                detected NTDLL code modification:
                ZwClose

                scanning hidden processes ...

                scanning hidden autostart entries ...

                scanning hidden files ...

                scan completed successfully
                hidden files: 0

                **************************************************************************
                .
                Completion time: 2007-09-25  9:40:39
                C:\ComboFix-quarantined-files.txt ... 2007-09-25 09:40
                Logged

                aces67

                  Topic Starter


                  Intermediate
                • I love YaBB 1G - SP1!
                  Re: Having problems can someone look at my HJT log??
                  « Reply #8 on: September 25, 2007, 08:56:15 AM »
                  Here's my Hijack this log

                  Logfile of HijackThis v1.99.1
                  Scan saved at 9:53:07 AM, on 9/25/2007
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v7.00 (7.00.5730.0011)

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\csrss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\windows\system\hpsysdrv.exe
                  C:\WINDOWS\System32\hkcmd.exe
                  C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
                  C:\WINDOWS\System32\hphmon05.exe
                  C:\HP\KBD\KBD.EXE
                  C:\WINDOWS\LTMSG.exe
                  C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
                  C:\WINDOWS\ALCXMNTR.EXE
                  C:\WINDOWS\System32\igfxtray.exe
                  C:\Program Files\QuickTime\qttask.exe
                  C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
                  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                  C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
                  C:\Program Files\Spyware Doctor\SDTrayApp.exe
                  C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
                  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
                  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                  C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
                  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                  C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
                  C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                  c:\program files\common files\mcafee\mna\mcnasvc.exe
                  C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
                  C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
                  c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
                  C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                  C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
                  C:\Program Files\McAfee\MPF\MPFSrv.exe
                  C:\Program Files\Spyware Doctor\svcntaux.exe
                  C:\Program Files\Spyware Doctor\swdsvc.exe
                  C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
                  C:\Program Files\DropBox\DropBox\DropBox.exe
                  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
                  C:\Program Files\SiteAdvisor\6172\SAService.exe
                  C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Messenger\msmsgs.exe
                  C:\WINDOWS\system32\wdfmgr.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\Program Files\Google\Google Updater\GoogleUpdater.exe
                  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                  c:\PROGRA~1\mcafee.com\agent\mcagent.exe
                  C:\PROGRA~1\McAfee\MSC\mcregist.exe
                  C:\WINDOWS\system32\wuauclt.exe
                  c:\program files\mcafee\msc\mcuimgr.exe
                  C:\WINDOWS\System32\HPZipm12.exe
                  C:\WINDOWS\System32\alg.exe
                  C:\WINDOWS\explorer.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
                  Logged

                  aces67

                    Topic Starter


                    Intermediate
                  • I love YaBB 1G - SP1!
                    Re: Having problems can someone look at my HJT log??
                    « Reply #9 on: September 25, 2007, 08:58:09 AM »
                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus10.hpwis.com/
                    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
                    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
                    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
                    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
                    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
                    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
                    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
                    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
                    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
                    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
                    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
                    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
                    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
                    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
                    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
                    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
                    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
                    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
                    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
                    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
                    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
                    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
                    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
                    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
                    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
                    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
                    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
                    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
                    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
                    O4 - HKLM\..\Run: [DropBoxUtility] "C:\Program Files\DropBox\DropBox\DropBox.exe" /s
                    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
                    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
                    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
                    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                    O4 - Startup: PowerReg Scheduler V3.exe
                    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
                    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
                    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
                    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
                    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
                    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    Logged

                    aces67

                      Topic Starter


                      Intermediate
                    • I love YaBB 1G - SP1!
                      Re: Having problems can someone look at my HJT log??
                      « Reply #10 on: September 25, 2007, 08:59:50 AM »
                      O11 - Options group: [INTERNATIONAL] International*
                      O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
                      O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.4.69/cab/aolpPlugins.10.4.0.4.cab
                      O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
                      O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
                      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166385398125
                      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166386230984
                      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
                      O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
                      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
                      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
                      O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
                      O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
                      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
                      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
                      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                      O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
                      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
                      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                      O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
                      O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
                      O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                      O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
                      O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
                      O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
                      O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
                      O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                      O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
                      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
                      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
                      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
                      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
                      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
                      O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe



                      Thanks for looking!
                      Logged

                      CBMatt

                      • Mod & Malware Specialist


                        • Prodigy

                      • Sad and lonely...and loving every minute of it.
                        • Thanked: 167
                        • Yes
                      • Experience: Experienced
                      • OS: Windows 7
                      Re: Having problems can someone look at my HJT log??
                      « Reply #11 on: September 25, 2007, 01:27:38 PM »
                      Can you think of anything that happened right before your problem started?  I'll have to take a much closer look at your logs tonight, but right now, I'm not seeing much that could be contributing to your problem.  There are a couple of things you should get rid of, though...

                      Once we start, you won't have access to this post anymore, so I recommend that you print out this post or save it to a Notepad file.  Open HijackThis and scan again.  Check the following entries, but don't do anything to them yet...

                      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac

                      O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

                      O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe

                      Now, close all windows (including this one) besides HijackThis, then click Fix Checked.  Close HijackThis and reboot into Safe Mode and enable hidden files and folders.

                      Navigate to and delete the following file(s) if present...

                      C:\WINDOWS\system32\ALCXMNTR.exe

                      Once you've done all of this, reboot into Normal Mode and let me know how everything's running now and if you had any problems following my steps.  You may also want to try running a scan with SUPERAntiSpyware in Safe Mode.
                      Logged
                      Quote
                      An undefined problem has an infinite number of solutions.
                      —Robert A. Humphrey

                      CBMatt

                      • Mod & Malware Specialist


                        • Prodigy

                      • Sad and lonely...and loving every minute of it.
                        • Thanked: 167
                        • Yes
                      • Experience: Experienced
                      • OS: Windows 7
                      Re: Having problems can someone look at my HJT log??
                      « Reply #12 on: October 04, 2007, 02:28:25 AM »
                      Due to lack of feedback, I am closing this topic.  If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

                      If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.
                      Logged
                      Quote
                      An undefined problem has an infinite number of solutions.
                      —Robert A. Humphrey
                      Pages: [1]   Go Up
                      « previous next »