Just earlier today my desktop started acting weird. At first it wouldn't read any DVDs and failed to burn any CDs, but read commercially pressed CDs, so I flashed the firmware and rebooted. Immediately after rebooting, my pc began to open random IE popups from the desktop. I cloed them and thought it was short term. Shortly afterwards random things started to open such as installations for COD4 patches, I figured something was wrong then. I opened task manager and monitored programs for a while, thought everything was fine and opened itunes for some music. Then AppleMobileDeviceManager.exe started to open over and over again. I rebooted into safe mode and ran Ad Aware since no programs would open due to regular windows having 100% CPU usage and almost no ram. It showed me a few programs that could not be removed, and keep in mind explorer.exe crashed about 10 times while the scan was running. When it finished it said some programs would be removed after reboot. I watched the prgrams remove at the windows login screen before windows started, and thought everything was fine. I put some songs on my ipod, left for a few hours, and I just got back. Now there are 255 processes mainly of which are AppleMobileDeviceHelper.exe programs, and no programs will open due to 100% cpu usage and no ram again. I would just reboot and run AGV however it will not open, and this problem seems to start slow and build up so by the time I reinsall AGV it is likely that it will be back up to 255 processes again. Sorry for the long post, however this is my first problem like this in about 3 years so alot has changed on how to handle this type of thing. I have searched around but couldn't find anything quite exactly like what I'm experiencing, but I figured you all could help. Thanks in advance everybody.
Hi Spenman91 This might be quite hard, considering the state of your computer. If it doesn't work in normal mode, do it in safe mode.Go into your Add/Remove programs, and uninstall "Apple Mobile Device Support". After that, please download the HijackThis zip file. Save it onto a convenient place in your computer, and then unzip the file. Rename HijackThis(.exe) to scanner(.exe). Next, run scanner(.exe). A window will pop up. • Click on the button which says Main Menu, then Do a system scan and save a logfile. • Please wait for the scan to be completed. • After the scan has completed, a text window will pop up. Please post the contents of this window here. This will also be located at hijackthis(.txt) in the same folder that HijackThis was originally saved. NOTE:: Do not fix anything using HijackThis, as this may also damage legitimate components of your computer. Best Regards
I don't remember if I mentioned that what ever has infected my computer has disabled my internet for every program that uses internet. I do not already have HijackThis, so I suppose I'll have to reboot the laptop I'm on now so that I can download it and transfer it to my infected desktop through networking. Also, I managed to get my computer to run close a little better last night. I disabled all startup programs using msconfig just to be safe, and I searched around on google and found what you mentioned about uninstalling applemobiledecicehelper.exe. Doing this helped alot, my ram in task manager now shows up at around 487 MB, and CPU usage generally remains low, however there is now constant HDD usage, making everything run pretty slow. I was able to run an outdated AVG scan but could not update due to no internet, I removed alot of infections, and ran spybot as well as ad aware. I believe now my internet loss may have been caused by me attempting to setup Nortins Internet Succurity which came pre installed on my PC, but did not finish due to a crash and sudden crash. I thought it could be blocking all internet connection becuase it is not configured correctly. As of now it will not open so I cannot do anyting with it, but I suppose that shouldn't really affect anything as I believe the program is closed. I will try HijackThis and report back. Thanks for the reply.
Alright, I finally was able to get HijackThis file. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:54:56 PM, on 10/19/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe G:\Programs\PhotoshopElementsFileAgent.exe C:\WINDOWS\arservice.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ISP Monitor\ISPMonitorSrv.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe C:\Program Files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TVersity\Media Server\MediaServer.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\PROGRA~1\AVG\AVG8\avgscanx.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\WinRAR\WinRAR.exe C:\Documents and Settings\HP_Administrator\Desktop\scanner.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: mysidesearch search enhancer - {4622fd96-a223-c489-0112-b7420da7394e} - C:\WINDOWS\system32\ofdetjenflebtwk.dll (file missing) O2 - BHO: (no name) - {46D7049A-9DB9-4AEC-82B1-F101B9367CB1} - C:\WINDOWS\system32\opnlMdDU.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: {af1d37a1-7452-7c0a-4574-e5d1292ff046} - {640ff292-1d5e-4754-a0c7-25471a73d1fa} - C:\WINDOWS\system32\opuvwc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Knight Online Toolbar Helper - {9D006D63-579B-4D77-9C12-15623661ADDA} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: (no name) - {B56F9CCA-0431-450D-9B6C-A4D5764D462E} - C:\WINDOWS\system32\nNededba.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O2 - BHO: agadoo browser optimizer - {eb704584-2c90-9f34-56c6-d688067197eb} - C:\WINDOWS\system32\mgmqzcwpiyuiup.dll (file missing) O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Knight Online Toolbar - {E7D38ED4-2933-43B8-B0B9-52D11CE9CA10} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - G:\Programs\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Append to existing PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.trymedia.com (HKLM) O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: opuvwc.dll,avgrsstx.dll O20 - Winlogon Notify: opnlMdDU - C:\WINDOWS\SYSTEM32\opnlMdDU.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - G:\Programs\PhotoshopElementsFileAgent.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PRTG Service (PRTGService) - Paessler GmbH - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe O23 - Service: PRTG Watchdog (prtgwatchservice) - Unknown owner - C:\Program Files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Softperfect Traffic Meter service process (StmSvc) - Unknown owner - C:\Program Files\SoftPerfect Traffic Meter\stmsvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe -- End of file - 15089 bytes
Hey Spenman91 Boy, are you infected. Before I can do any fixes, I need you to uninstall either Symantec or AVG. If Norton is running on your computer because you cannot uninstall it, try the Norton Removal Tool. One reason your computer is slow is because of two antiviruses running: this will cause conflicts and crashes. After that, please download Malwarebytes Anti-Malware and install it. Follow the prompts and reboot if required. Launch Malwarebytes either by running C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe or double-click the Malwarebytes' Anti-Malware shortcut on your Desktop. Configuring Malwarebytes • Click on the tab Settings. • Make sure only these boxes are checked: Code: Terminate Internet Explorer Automatically save and display logfile after removal Always scan memory objects Always scan registry objects Always scan filesystem Always scan extra and heuristics objects Updating Malwarebytes • Click on the tab Update. • Press the button Check for Updates • Wait for Malwarebytes to be fully updated. **If you cannot update Malwarebytes because of the lack of internet, skip this step. Scanning Time • Click on the tab Scanner. • Check Perform full scan and click on Scan • Wait for the scan to complete, and then click on Show Results. • Make sure all items are checked, then click on Remove Selected. **If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately. Post A Log • A text box will pop up after the removal process is over. Post the contents of the text here. • If no text box pops up, launch Malwarebytes, and click on the tab Logs. • The logs will appear as mbam-log-*date-*time.txt. Select the latest one, and then click on Open. • Post the log here. Best Regards
I downloaded Malwarebytes, and am now in the process of scanning, but I assume that will take a while. The main reason why I am posting is because I attempted to uninstall Nortons Internet Security as you instructed. I should have thought to do that. However, when I tried to download the Norton Removal Tool it asked for a code of some kind. I don't have any code for it because I believe the Nortons program that I have is simply a trial that came with my PC, therefore I don't have a code. I uninstalled AVG so that at least now I do not have 2 Anti-Virus programs installed. I will post back when the scan is finished. I had the setup file for Malwarebytes downloaded but never installed it, thinking it was not any better than Spybot or Ad Aware Remover. @cdavfrew, Thanks for all of the help.
Alright, nearly 4 hours later it is finished, here is the log file. Malwarebytes' Anti-Malware 1.29 Database version: 1276 Windows 5.1.2600 Service Pack 2 10/20/2008 9:21:05 PM mbam-log-2008-10-20 (21-21-05).txt Scan type: Full Scan (C:\|D:\|E:\|G:\|I:\|) Objects scanned: 388782 Time elapsed: 3 hour(s), 49 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 3 Registry Keys Infected: 18 Registry Values Infected: 1 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 11 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\nNededba.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\opnlMdDU.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\opuvwc.dll (Trojan.Vundo.H) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46d7049a-9db9-4aec-82b1-f101b9367cb1} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnlmddu (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{46d7049a-9db9-4aec-82b1-f101b9367cb1} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{640ff292-1d5e-4754-a0c7-25471a73d1fa} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{640ff292-1d5e-4754-a0c7-25471a73d1fa} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b56f9cca-0431-450d-9b6c-a4d5764d462e} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{b56f9cca-0431-450d-9b6c-a4d5764d462e} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\agadoo (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4622fd96-a223-c489-0112-b7420da7394e} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{4622fd96-a223-c489-0112-b7420da7394e} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb704584-2c90-9f34-56c6-d688067197eb} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{eb704584-2c90-9f34-56c6-d688067197eb} (Adware.BHO) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{46d7049a-9db9-4aec-82b1-f101b9367cb1} (Trojan.Vundo.H) -> Delete on reboot. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\nnededba -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\nnededba -> Delete on reboot. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\opnlMdDU.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\opuvwc.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\nNededba.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\abdedeNn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\abdedeNn.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\axgjyhsy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yshyjgxa.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rpxbccgi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tuVnNHab.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully. Thanks
Hey Spenman91 Try using this program to uninstall Norton. http://www.revouninstaller.com/ Now, please download ComboFix. With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it. Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection. • Run Combo-Fix.exe and follow the prompts. **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later. • Wait for the scan to be completed. • If it requires a reboot, please do it. • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt) Do not click on the ComoboFix window, as it may cause it to stall. Best Regards
ComboFix 08-10-19.04 - HP_Administrator 2008-10-21 16:26:47.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1471 [GMT -5:00] Running from: D:\Combo-Fix.exe.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Documents and Settings\HP_Administrator\Application Data\inst.exe C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\temp\tn3 C:\WINDOWS\IE4 Error Log.txt C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\wanpacket.dll C:\WINDOWS\system32\wpcap.dll E:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-09-21 to 2008-10-21 ))))))))))))))))))))))))))))))) . 2008-10-21 16:04 . 2008-10-21 16:04 <DIR> d-------- C:\Program Files\VS Revo Group 2008-10-20 15:58 . 2008-10-20 15:58 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes 2008-10-20 15:57 . 2008-10-20 15:58 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-20 15:57 . 2008-10-20 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-20 15:57 . 2008-10-20 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8 2008-10-20 15:57 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-20 15:57 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-19 01:23 . 2008-10-19 01:23 10,520 --------- C:\WINDOWS\system32\avgrsstx.dll.install_backup 2008-10-19 01:22 . 2008-10-19 01:22 <DIR> d-------- C:\Program Files\AVG 2008-10-18 18:05 . 2008-10-18 18:05 90,915 --a------ C:\WINDOWS\system32\ofdetjenflebtwk.dll-uninst.exe 2008-10-18 16:39 . 2008-10-19 04:16 <DIR> d-------- C:\WINDOWS\system32\WS 2008-10-18 16:39 . 2008-10-18 17:58 <DIR> d-------- C:\WINDOWS\system32\pi 2008-10-18 16:39 . 2008-10-19 04:15 <DIR> d-------- C:\WINDOWS\system32\nys3 2008-10-18 16:39 . 2008-10-18 17:58 <DIR> d-------- C:\WINDOWS\system32\mco2 2008-10-18 16:39 . 2008-10-18 16:39 <DIR> d-------- C:\WINDOWS\system32\EV02 2008-10-18 16:39 . 2008-10-18 16:39 <DIR> d-------- C:\temp\xp34 2008-10-18 16:39 . 2008-10-18 16:39 64,859 --a------ C:\WINDOWS\system32\zelbervupmarrjwp.exe 2008-10-18 16:38 . 2008-10-18 16:38 45,568 --a------ C:\Documents and Settings\HP_Administrator\index.exe 2008-10-18 16:38 . 2008-10-18 16:38 68 --a------ C:\Documents and Settings\HP_Administrator\z.bat 2008-10-18 16:33 . 2008-10-18 16:33 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\ImgBurn 2008-10-18 15:44 . 2008-10-18 15:45 <DIR> d-------- C:\Program Files\ImgBurn 2008-10-14 16:39 . 2008-10-14 16:44 <DIR> d-------- C:\WINDOWS\NV3264952.TMP 2008-10-14 16:39 . 2008-09-17 09:55 201,050 --a------ C:\WINDOWS\system32\nvapps.nvb 2008-10-10 19:03 . 2008-10-10 19:03 <DIR> d-------- C:\WINDOWS\Logs 2008-10-10 12:52 . 2008-10-10 12:52 <DIR> d-------- C:\Program Files\Common Files\BioWare 2008-10-09 20:23 . 2008-10-09 20:23 <DIR> d-------- C:\Program Files\Activision 2008-10-04 22:48 . 2008-10-04 22:48 <DIR> d-------- C:\Program Files\gBurner 2008-10-01 03:00 . 2008-10-01 03:00 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-09-29 22:09 . 2008-09-29 22:09 <DIR> d-------- C:\Program Files\Microsoft Student 2008-09-29 22:07 . 2008-09-29 22:07 <DIR> d-------- C:\Program Files\Learning Essentials 2008-09-26 18:15 . 2008-09-26 18:15 268 --ah----- C:\sqmdata15.sqm 2008-09-26 18:15 . 2008-09-26 18:15 244 --ah----- C:\sqmnoopt15.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-21 02:24 --------- d-----w C:\Program Files\SoftPerfect Traffic Meter 2008-10-18 23:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-10-18 20:43 --------- d-----w C:\Program Files\DVDFab 5 2008-10-18 20:43 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Vso 2008-10-18 01:05 137,480 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-10-15 22:16 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-15 22:16 --------- d-----w C:\Program Files\SpeedFan 2008-10-15 03:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-10-14 21:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-10-14 21:40 --------- d-----w C:\Program Files\AGEIA Technologies 2008-10-10 00:33 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-08 18:15 --------- d-----w C:\Program Files\FrostWire 2008-10-01 01:26 --------- d-----w C:\Program Files\World of Warcraft 2008-10-01 00:58 --------- d-----w C:\Program Files\MagicISO 2008-09-30 02:36 --------- d-----w C:\Program Files\BitComet 2008-09-20 10:44 99,648 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys 2008-09-17 20:52 --------- d-----w C:\Program Files\IrfanView 2008-09-17 14:55 6,132,576 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-06-09 23:02 47,360 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.sys 2007-12-28 05:45 22,328 -c--a-w C:\Documents and Settings\HP_Administrator\Application Data\PnkBstrK.sys 2007-12-04 03:30 158 -c--a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat 2007-05-31 20:16 1 -c--a-w C:\Documents and Settings\HP_Administrator\SI.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-09-17 13574144] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=opuvwc.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Deewoo.lnk] path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Deewoo.lnk backup=C:\WINDOWS\pss\Deewoo.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^DW_Start.lnk] path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\DW_Start.lnk backup=C:\WINDOWS\pss\DW_Start.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Folding@Home 5.03.lnk] path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Folding@Home 5.03.lnk backup=C:\WINDOWS\pss\Folding@Home 5.03.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Xfire.lnk] path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Xfire.lnk backup=C:\WINDOWS\pss\Xfire.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] --a------ 2007-05-10 23:46 624248 G:\Programs\Acrobat 8.0\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2007-10-02 15:45 67488 G:\Programs\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM] --a------ 2007-03-20 17:40 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray] --a--c--- 2006-03-20 14:43 331776 C:\Program Files\AGEIA Technologies\TrayIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt] --a--c--- 2006-11-17 16:49 77824 C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] --a------ 2008-09-20 05:45 2177984 C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2006-11-16 19:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a--c--- 2005-09-17 02:27 52848 c:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-09 16:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient] --a------ 2008-05-19 09:57 1400832 C:\Program Files\Curse\CurseClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2007-04-03 17:29 165784 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover] --a--c--- 2006-03-15 21:12 1077248 C:\Program Files\DISC\DISCover.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager] --a--c--- 2006-03-15 21:11 61440 C:\Program Files\DISC\DISCUpdMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler] --a--c--- 2006-03-20 04:05 90112 c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator] --a------ 2008-02-14 23:37 3057152 C:\Program Files\DAP\DAP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter] --a------ 2006-11-27 15:18 1582616 C:\Program Files\DU Meter\DUMeter.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] --a------ 2005-08-05 15:56 64512 C:\WINDOWS\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a--c--- 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a--c--- 2005-12-15 13:18 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp] --a--c--- 2006-02-15 17:34 249856 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08] --a--c--- 2005-06-02 01:35 49152 c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz] --a--c--- 2005-09-30 00:33 120464 c:\Program Files\Norton Internet Security\CfgWiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISPMonitor] --a------ 2008-02-23 11:59 442704 C:\Program Files\ISP Monitor\isp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-07-10 10:51 289064 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] --a--c--- 2005-02-02 16:44 61440 C:\hp\KBD\kbd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a--c--- 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2008-09-17 09:55 13574144 C:\WINDOWS\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune] --a------ 2007-04-04 14:20 81920 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2008-09-17 09:55 86016 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager] --a--c--- 2004-11-11 20:50 212992 C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2008-03-14 18:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] --a--c--- 2005-07-22 17:14 237568 C:\WINDOWS\SMINST\Recguard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] --a--c--- 2004-12-13 21:23 663552 C:\WINDOWS\CREATOR\Remind_XP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt] --a--c--- 2004-11-02 17:59 218240 c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a--c--- 2007-12-24 02:03 1266936 C:\Valve\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-06-19 03:15 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat] --a--c--- 2007-02-12 17:21 734624 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-07-16 15:17 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP] --a--c--- 2005-08-02 18:19 77312 C:\WINDOWS\arpwrmsg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] --a------ 2004-08-04 01:56 110592 C:\WINDOWS\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2008-09-17 09:55 1657376 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --a--c--- 2006-03-08 06:54 16010240 C:\WINDOWS\RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "OpUtils Service"=2 (0x2) "netflowanalyzer"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Program Files\\DISC\\DISCover.exe"= "C:\\Program Files\\DISC\\DiscStreamHub.exe"= "C:\\Program Files\\DISC\\myFTP.exe"= "C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\BearFlix\\bearflix.exe"= "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Program Files\\DAP\\DAP.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "C:\\Valve\\Steam\\steamapps\\spenman91\\condition zero\\hl.exe"= "C:\\Program Files\\Microsoft Games\\Shadowrun\\Shadowrun.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\FlashFXP\\FlashFXP.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"= "C:\\Program Files\\Signal\\Signal.exe"= "C:\\Program Files\\Common Files\\InstallShield\\Engine\\6\\Intel 32\\IKernel.exe"= "C:\\Program Files\\PRTG Traffic Grapher\\PRTG Traffic Grapher.exe"= "C:\\Valve\\Steam\\Steam.exe"= "C:\\Program Files\\Xfire\\xfire.exe"= "C:\\Program Files\\XBC\\neXBC.exe"= "G:\\Games\\BF2142.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "D:\\Games Installed\\Orange Box\\team fortress 2\\hl2.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\UT2004\\System\\UT2004.exe"= "D:\\Games Installed\\Unreal Tournament 3\\Binaries\\UT3.exe"= "G:\\Programs\\AdobePhotoshopElementsMediaServer.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\FrostWire\\FrostWire.exe"= "D:\\Games Installed\\Call Of Duty 4\\iw3mp.exe"= "D:\\Games Installed\\Mass Effect\\Binaries\\MassEffect.exe"= "D:\\Games Installed\\Mass Effect\\MassEffectLauncher.exe"= "D:\\Games Installed\\Crysis\\Bin32\\Crysis.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "21906:TCP"= 21906:TCP:BitComet 21906 TCP "21906:UDP"= 21906:UDP:BitComet 21906 UDP "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;G:\Programs\PhotoshopElementsFileAgent.exe [2007-10-02 124832] R2 PRTGService;PRTG Service;C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe [2008-01-14 3814728] R2 prtgwatchservice;PRTG Watchdog;C:\Program Files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe [2006-07-26 443904] R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);C:\WINDOWS\system32\DRIVERS\evsbc.sys [2007-06-22 25120] S1 imagedrvv;imagedrvv;C:\WINDOWS\system32\drivers\imagedrvv.sys [ ] S2 ISPMonitorSrv;ISP Monitor;C:\Program Files\ISP Monitor\ISPMonitorSrv.exe [2007-07-05 36864] S2 StmSvc;Softperfect Traffic Meter service process;C:\Program Files\SoftPerfect Traffic Meter\stmsvc.exe [2005-07-18 1077248] S3 cpuz;cpuz;C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\cpuz.sys [ ] S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);C:\WINDOWS\system32\DRIVERS\evserial.sys [2007-06-22 51616] S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv [ ] S3 xbreader;ActionReplay XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-02 19677] S3 XDva025;XDva025;C:\WINDOWS\system32\XDva025.sys [ ] S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;C:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 50048] S4 netflowanalyzer;ManageEngine NetFlow Analyzer 6;C:\ADVENT~1\ME\NetFlow\bin\wrapper.exe [2007-08-20 126976] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9671ce66-f2e2-11dc-a24f-001731b05535}] \Shell\Auto\command - J:\Start.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5b15151-4972-11dd-9278-806d6172696f}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb803bd5-107b-11dc-8b92-001731b05535}] \Shell\Auto\command - O:\Start.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder 2008-10-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2008-10-18 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job - c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2005-12-31 00:42] 2008-07-04 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2005-09-09 16:21] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-704d7525 - C:\WINDOWS\system32\axgjyhsy.dll MSConfigStartUp-ExploreUpdSched - C:\WINDOWS\system32\scntrtdl.exe MSConfigStartUp-LSA Shellu - C:\Documents and Settings\HP_Administrator\lsass.exe MSConfigStartUp-{0db84872-8f97-71dc-47e7-01f962d35210} - C:\WINDOWS\system32\mgmqzcwpiyuiup.dll MSConfigStartUp-{D7-75-58-8A-DW} - C:\windows\system32\dwwnw64r.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tlmvz68r.default\ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-21 16:33:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk23] "ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk30] "ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\arservice.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\TVersity\Media Server\MediaServer.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\WINDOWS\system32\dllhost.exe . ************************************************************************** . Completion time: 2008-10-21 16:41:23 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-21 21:40:59 Pre-Run: 1,190,211,584 bytes free Post-Run: 1,433,051,136 bytes free 386 --- E O F --- 2008-10-15 08:01:45
Hey Spenman91 Post a new HijackThis log and tell me what problems you have left. Also upload this file: C:\WINDOWS\system32\ofdetjenflebtwk.dll-uninst.exe to Virustotal.com, that is, if your internet is back. Best Regards
Here is the HijackThis log you requested, as for uploading the file, I would but the PC is still without internet. Do you think that it was one of the infections I had that caused this or something else I need to look for? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:01:11 PM, on 10/22/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe G:\Programs\PhotoshopElementsFileAgent.exe C:\WINDOWS\arservice.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe C:\Program Files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TVersity\Media Server\MediaServer.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\HP_Administrator\Desktop\scanner.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Knight Online Toolbar Helper - {9D006D63-579B-4D77-9C12-15623661ADDA} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Knight Online Toolbar - {E7D38ED4-2933-43B8-B0B9-52D11CE9CA10} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - G:\Programs\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Append to existing PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.trymedia.com (HKLM) O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O20 - AppInit_DLLs: opuvwc.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - G:\Programs\PhotoshopElementsFileAgent.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PRTG Service (PRTGService) - Paessler GmbH - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe O23 - Service: PRTG Watchdog (prtgwatchservice) - Unknown owner - C:\Program Files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Softperfect Traffic Meter service process (StmSvc) - Unknown owner - C:\Program Files\SoftPerfect Traffic Meter\stmsvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe -- End of file - 13552 bytes
Hey Spenman91 1. Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection. Open Notepad and copy/paste the text in the code box below into it: Code: File:: C:\Windows\system32\opuvwc.dll • Save this as CFScript.txt in the same folder as ComboFix. • Then drag the CFScript.txt into Combo-Fix.exe. • This will start ComboFix again. After reboot, (in case it asks to reboot), post the ComboFix log here. The log will be located at C:\ComboFix(.txt). Do not click on the ComoboFix window, as it may cause it to stall. 2. Please run HijackThis. • Click on the button which says Main Menu, then Do a system scan only. • Please wait for the scan to be completed. • After the scan has completed, check the following entries. Code: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O20 - AppInit_DLLs: opuvwc.dll Click on the button Fix checked NOTE:: Close all browsers before fixing anything. 3. Download Advanced Windowscare Personal and install it on a different computer. Update it, and then transfer the program files (C:\Program Files\Iobit) to the computer with no internet. Run Awcl.exe in the program files, do a scan, and fix everything except Startup Manage. After that, reboot. Is your internet back yet? Best Regards
Here is the ComboFix log, I haven't had time to do anything else from your last post. I really appreciate all of the help too, by the way. ComboFix 08-10-19.04 - HP_Administrator 2008-10-22 23:17:06.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1462 [GMT -5:00] Running from: D:\Combo-Fix.exe.exe Command switches used :: D:\CFscript.txt * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-09-23 to 2008-10-23 ))))))))))))))))))))))))))))))) . 2008-10-22 16:54 . 2008-10-22 16:54 <DIR> d-------- C:\ERDNT 2008-10-21 16:04 . 2008-10-21 16:04 <DIR> d-------- C:\Program Files\VS Revo Group 2008-10-20 15:58 . 2008-10-20 15:58 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes 2008-10-20 15:57 . 2008-10-20 15:58 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-20 15:57 . 2008-10-20 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-20 15:57 . 2008-10-20 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8 2008-10-20 15:57 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-20 15:57 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-19 01:23 . 2008-10-19 01:23 10,520 --------- C:\WINDOWS\system32\avgrsstx.dll.install_backup 2008-10-19 01:22 . 2008-10-19 01:22 <DIR> d-------- C:\Program Files\AVG 2008-10-18 18:05 . 2008-10-18 18:05 90,915 --a------ C:\WINDOWS\system32\ofdetjenflebtwk.dll-uninst.exe 2008-10-18 16:39 . 2008-10-19 04:16 <DIR> d-------- C:\WINDOWS\system32\WS 2008-10-18 16:39 . 2008-10-18 17:58 <DIR> d-------- C:\WINDOWS\system32\pi 2008-10-18 16:39 . 2008-10-19 04:15 <DIR> d-------- C:\WINDOWS\system32\nys3 2008-10-18 16:39 . 2008-10-18 17:58 <DIR> d-------- C:\WINDOWS\system32\mco2 2008-10-18 16:39 . 2008-10-18 16:39 <DIR> d-------- C:\WINDOWS\system32\EV02 2008-10-18 16:39 . 2008-10-18 16:39 <DIR> d-------- C:\temp\xp34 2008-10-18 16:39 . 2008-10-18 16:39 64,859 --a------ C:\WINDOWS\system32\zelbervupmarrjwp.exe 2008-10-18 16:38 . 2008-10-18 16:38 45,568 --a------ C:\Documents and Settings\HP_Administrator\index.exe 2008-10-18 16:38 . 2008-10-18 16:38 68 --a------ C:\Documents and Settings\HP_Administrator\z.bat 2008-10-18 16:33 . 2008-10-18 16:33 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\ImgBurn 2008-10-18 15:44 . 2008-10-18 15:45 <DIR> d-------- C:\Program Files\ImgBurn 2008-10-14 16:39 . 2008-10-14 16:44 <DIR> d-------- C:\WINDOWS\NV3264952.TMP 2008-10-14 16:39 . 2008-09-17 09:55 201,050 --a------ C:\WINDOWS\system32\nvapps.nvb 2008-10-10 19:03 . 2008-10-10 19:03 <DIR> d-------- C:\WINDOWS\Logs 2008-10-10 12:52 . 2008-10-10 12:52 <DIR> d-------- C:\Program Files\Common Files\BioWare 2008-10-09 20:23 . 2008-10-09 20:23 <DIR> d-------- C:\Program Files\Activision 2008-10-04 22:48 . 2008-10-04 22:48 <DIR> d-------- C:\Program Files\gBurner 2008-10-01 03:00 . 2008-10-01 03:00 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-09-29 22:09 . 2008-09-29 22:09 <DIR> d-------- C:\Program Files\Microsoft Student 2008-09-29 22:07 . 2008-09-29 22:07 <DIR> d-------- C:\Program Files\Learning Essentials 2008-09-26 18:15 . 2008-09-26 18:15 268 --ah----- C:\sqmdata15.sqm 2008-09-26 18:15 . 2008-09-26 18:15 244 --ah----- C:\sqmnoopt15.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-23 00:02 --------- d-----w C:\Program Files\SoftPerfect Traffic Meter 2008-10-18 23:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-10-18 20:43 --------- d-----w C:\Program Files\DVDFab 5 2008-10-18 20:43 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Vso 2008-10-18 01:05 183,120 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-10-18 01:05 137,480 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-10-15 22:16 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-15 22:16 --------- d-----w C:\Program Files\SpeedFan 2008-10-15 03:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-10-14 21:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-10-14 21:40 --------- d-----w C:\Program Files\AGEIA Technologies 2008-10-10 00:33 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-08 18:15 --------- d-----w C:\Program Files\FrostWire 2008-10-01 01:26 --------- d-----w C:\Program Files\World of Warcraft 2008-10-01 00:58 --------- d-----w C:\Program Files\MagicISO 2008-09-30 02:36 --------- d-----w C:\Program Files\BitComet 2008-09-20 10:44 99,648 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys 2008-09-17 20:52 --------- d-----w C:\Program Files\IrfanView 2008-09-17 02:27 453,152 -c--a-w C:\WINDOWS\system32\NVUNINST.EXE 2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys 2008-09-04 14:31 288,024 ----a-w C:\WINDOWS\system32\PhysXCplUI.exe 2008-08-29 13:57 70,936 ----a-w C:\WINDOWS\system32\PhysXLoader.dll 2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\dllcache\srv.sys 2008-08-19 09:38 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe 2008-08-14 10:00 2,180,352 ------w C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-08-14 09:58 2,136,064 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 09:58 2,136,064 ------w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-08-14 09:51 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys 2008-08-14 09:22 2,057,728 ------w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-08-14 09:22 2,015,744 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-08-14 09:22 2,015,744 ------w C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-07-31 15:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll 2008-07-31 15:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll 2008-07-31 15:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll 2008-06-09 23:02 47,360 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.sys 2007-12-28 05:45 22,328 -c--a-w C:\Documents and Settings\HP_Administrator\Application Data\PnkBstrK.sys 2007-12-04 03:30 158 -c--a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat 2007-05-31 20:16 1 -c--a-w C:\Documents and Settings\HP_Administrator\SI.bin . ((((((((((((((((((((((((((((( snapshot@2008-10-21_16.40.36.65 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-25 08:04:06 65,248 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-10-23 00:06:59 65,248 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-04-25 08:04:06 410,904 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-10-23 00:06:59 410,904 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-10-23 00:02:17 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_8f4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-09-17 13574144] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=opuvwc.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Deewoo.lnk] path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Deewoo.lnk backup=C:\WINDOWS\pss\Deewoo.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^DW_Start.lnk] path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\DW_Start.lnk backup=C:\WINDOWS\pss\DW_Start.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Folding@Home 5.03.lnk] path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Folding@Home 5.03.lnk backup=C:\WINDOWS\pss\Folding@Home 5.03.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Xfire.lnk] path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Xfire.lnk backup=C:\WINDOWS\pss\Xfire.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] --a------ 2007-05-10 23:46 624248 G:\Programs\Acrobat 8.0\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2007-10-02 15:45 67488 G:\Programs\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM] --a------ 2007-03-20 17:40 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray] --a--c--- 2006-03-20 14:43 331776 C:\Program Files\AGEIA Technologies\TrayIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt] --a--c--- 2006-11-17 16:49 77824 C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] --a------ 2008-09-20 05:45 2177984 C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2006-11-16 19:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a--c--- 2005-09-17 02:27 52848 c:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-09 16:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient] --a------ 2008-05-19 09:57 1400832 C:\Program Files\Curse\CurseClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2007-04-03 17:29 165784 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover] --a--c--- 2006-03-15 21:12 1077248 C:\Program Files\DISC\DISCover.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager] --a--c--- 2006-03-15 21:11 61440 C:\Program Files\DISC\DISCUpdMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler] --a--c--- 2006-03-20 04:05 90112 c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator] --a------ 2008-02-14 23:37 3057152 C:\Program Files\DAP\DAP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter] --a------ 2006-11-27 15:18 1582616 C:\Program Files\DU Meter\DUMeter.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] --a------ 2005-08-05 15:56 64512 C:\WINDOWS\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a--c--- 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a--c--- 2005-12-15 13:18 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp] --a--c--- 2006-02-15 17:34 249856 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08] --a--c--- 2005-06-02 01:35 49152 c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz] --a--c--- 2005-09-30 00:33 120464 c:\Program Files\Norton Internet Security\CfgWiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISPMonitor] --a------ 2008-02-23 11:59 442704 C:\Program Files\ISP Monitor\isp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-07-10 10:51 289064 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] --a--c--- 2005-02-02 16:44 61440 C:\hp\KBD\kbd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a--c--- 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2008-09-17 09:55 13574144 C:\WINDOWS\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune] --a------ 2007-04-04 14:20 81920 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2008-09-17 09:55 86016 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager] --a--c--- 2004-11-11 20:50 212992 C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2008-03-14 18:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] --a--c--- 2005-07-22 17:14 237568 C:\WINDOWS\SMINST\Recguard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] --a--c--- 2004-12-13 21:23 663552 C:\WINDOWS\CREATOR\Remind_XP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt] --a--c--- 2004-11-02 17:59 218240 c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a--c--- 2007-12-24 02:03 1266936 C:\Valve\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-06-19 03:15 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat] --a--c--- 2007-02-12 17:21 734624 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-07-16 15:17 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP] --a--c--- 2005-08-02 18:19 77312 C:\WINDOWS\arpwrmsg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] --a------ 2004-08-04 01:56 110592 C:\WINDOWS\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2008-09-17 09:55 1657376 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --a--c--- 2006-03-08 06:54 16010240 C:\WINDOWS\RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "OpUtils Service"=2 (0x2) "netflowanalyzer"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Program Files\\DISC\\DISCover.exe"= "C:\\Program Files\\DISC\\DiscStreamHub.exe"= "C:\\Program Files\\DISC\\myFTP.exe"= "C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\BearFlix\\bearflix.exe"= "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Program Files\\DAP\\DAP.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "C:\\Valve\\Steam\\steamapps\\spenman91\\condition zero\\hl.exe"= "C:\\Program Files\\Microsoft Games\\Shadowrun\\Shadowrun.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\FlashFXP\\FlashFXP.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"= "C:\\Program Files\\Signal\\Signal.exe"= "C:\\Program Files\\Common Files\\InstallShield\\Engine\\6\\Intel 32\\IKernel.exe"= "C:\\Program Files\\PRTG Traffic Grapher\\PRTG Traffic Grapher.exe"= "C:\\Valve\\Steam\\Steam.exe"= "C:\\Program Files\\Xfire\\xfire.exe"= "C:\\Program Files\\XBC\\neXBC.exe"= "G:\\Games\\BF2142.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "D:\\Games Installed\\Orange Box\\team fortress 2\\hl2.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\UT2004\\System\\UT2004.exe"= "D:\\Games Installed\\Unreal Tournament 3\\Binaries\\UT3.exe"= "G:\\Programs\\AdobePhotoshopElementsMediaServer.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\FrostWire\\FrostWire.exe"= "D:\\Games Installed\\Call Of Duty 4\\iw3mp.exe"= "D:\\Games Installed\\Mass Effect\\Binaries\\MassEffect.exe"= "D:\\Games Installed\\Mass Effect\\MassEffectLauncher.exe"= "D:\\Games Installed\\Crysis\\Bin32\\Crysis.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "21906:TCP"= 21906:TCP:BitComet 21906 TCP "21906:UDP"= 21906:UDP:BitComet 21906 UDP "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;G:\Programs\PhotoshopElementsFileAgent.exe [2007-10-02 124832] R2 ISPMonitorSrv;ISP Monitor;C:\Program Files\ISP Monitor\ISPMonitorSrv.exe [2007-07-05 36864] R2 PRTGService;PRTG Service;C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe [2008-01-14 3814728] R2 prtgwatchservice;PRTG Watchdog;C:\Program Files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe [2006-07-26 443904] R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);C:\WINDOWS\system32\DRIVERS\evsbc.sys [2007-06-22 25120] S1 imagedrvv;imagedrvv;C:\WINDOWS\system32\drivers\imagedrvv.sys [ ] S2 StmSvc;Softperfect Traffic Meter service process;C:\Program Files\SoftPerfect Traffic Meter\stmsvc.exe [2005-07-18 1077248] S3 cpuz;cpuz;C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\cpuz.sys [ ] S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);C:\WINDOWS\system32\DRIVERS\evserial.sys [2007-06-22 51616] S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv [ ] S3 xbreader;ActionReplay XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-02 19677] S3 XDva025;XDva025;C:\WINDOWS\system32\XDva025.sys [ ] S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;C:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 50048] S4 netflowanalyzer;ManageEngine NetFlow Analyzer 6;C:\ADVENT~1\ME\NetFlow\bin\wrapper.exe [2007-08-20 126976] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9671ce66-f2e2-11dc-a24f-001731b05535}] \Shell\Auto\command - J:\Start.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5b15151-4972-11dd-9278-806d6172696f}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb803bd5-107b-11dc-8b92-001731b05535}] \Shell\Auto\command - O:\Start.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe *Newly Created Service* - 6TO4 *Newly Created Service* - COMHOST *Newly Created Service* - IP6FW *Newly Created Service* - TCPIP6 . Contents of the 'Scheduled Tasks' folder 2008-10-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2008-10-18 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job - c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2005-12-31 00:42] 2008-07-04 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2005-09-09 16:21] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-22 23:21:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSSdk23] "ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PsSdk30] "ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv" . Completion time: 2008-10-22 23:22:44 ComboFix-quarantined-files.txt 2008-10-23 04:22:19 ComboFix2.txt 2008-10-21 21:41:24 Pre-Run: 1,392,930,816 bytes free Post-Run: 1,375,182,848 bytes free 362 --- E O F --- 2008-10-15 08:01:45
I ran everything you suggested. Advanced Windowscare found quite a few errors but repaired them all with the exception of the ones you told me to exclude. My internet is still not back yet. I am beginning to wonder if this is a Spyware/Virus issue or not concerning the internet.
Hey Spenman91 I see that Norton is still on your system. Could Symantec be the one blocking your internet? To find out, do this: Please then reboot your computer into Safe Mode With Networking by doing the following: • Restart your computer • After pressing the power button, repeatedly tap the F8 key. • Instead of Windows loading as normal, the Advanced Options Menu should appear; • Select the option to run Windows in Safe Mode With Networking, then press Enter. • Choose the administrator's account. See if your internet works here. Best Regards
I'll try that when I get home, I thought that could be the issue. I used the program you recommend to attempt to remove Nortons but it said something about no being able to uninstall it, and needed to open Nortons and do something involving administrative privileges, so I was still unable to remove Nortons. However, I may have been doing something incorrectly during the uninstall process using the software. I will give it another attempt once I am home. Edit: I just got home and was able to get internet to work in safe mode. I then uninstalled Nortons using the Nortons Removal Tool which I acquired from a website other than Nortons because I didn't have the key code. I just rebooted and I now have internet. Is all of my spware and infection gone? My computer runs much better than it did even before the viruses and spyware. If my computer is clean, thank you for all of your help, it is much appreciated.
Hey Spenman91 Wonderful! So Symantec was the problem! I recommend Antivir as an antivirus, as it has better detection than any other antivirus. Post a new HijackThis log so that I can see if there's anything left to clean up. Best Regards
I am very happy to have my computer back up and running as it should. I should have thought to uninstall Nortons when the internet issue began, I had to correct a problem for someone just the other day becuase Zone Alarm was blocking their internet connection. I just never would have thought Nortons would have blocked anything because it was not even configured. Anyway, Here is the HijackThis log that you requested. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:07:27 PM, on 10/25/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\spoolsv.exe G:\Programs\PhotoshopElementsFileAgent.exe C:\WINDOWS\arservice.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ISP Monitor\ISPMonitorSrv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TVersity\Media Server\MediaServer.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\HP_Administrator\Desktop\scanner.exe.exe C:\WINDOWS\system32\taskmgr.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Knight Online Toolbar Helper - {9D006D63-579B-4D77-9C12-15623661ADDA} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Knight Online Toolbar - {E7D38ED4-2933-43B8-B0B9-52D11CE9CA10} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - G:\Programs\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Append to existing PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://G:\Programs\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://*.trymedia.com (HKLM) O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - G:\Programs\PhotoshopElementsFileAgent.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PRTG Service (PRTGService) - Paessler GmbH - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe O23 - Service: PRTG Watchdog (prtgwatchservice) - Unknown owner - C:\Program Files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Softperfect Traffic Meter service process (StmSvc) - Unknown owner - C:\Program Files\SoftPerfect Traffic Meter\stmsvc.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe -- End of file - 11416 bytes
Hey Spenman91 Update Java using JavaRa Please download JavaRa and unzip it to your desktop. • Double-click on JavaRa.exe to start the program. • Click on Remove Older Versions to remove the older versions of Java installed on your computer. • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK. • A logfile will pop up. Please save it to a convenient location. Then download and install Java Runtime Environment (JRE) 6 Update 7. After that. you should be good. Cheers
