another Hijack This report.

Thanks for your help. I don't know if anything will turn up, but I've had a few problems with the computer recently and I've tried pretty much everything else I can think of, so I thought I'd check using HijackThis to see if anything showed up.

Logfile of HijackThis v1.99.1
Scan saved at 14:11:48, on 06/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Documents and Settings\Peter\Desktop\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\unzipped\hijackthis[1]\HijackThis.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.morningbymorning.blogspot.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [IW_Drop_Icon] "C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" /dropdisc
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\Peter\Desktop\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.learndirect.co.uk/pr...2000_hybrid/module05/aware_player/awswaxf.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140257017218
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\system\intralaunch.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streamingfaith.com/common/mbrowser/MINIBrowser.CAB
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

 

HijackThis log is clean too. What problems are you having?

 

That's great to know, thanks.

Well, I seem to have started having problems after going on YouTube.com last week - which might be telling in itself. Are there any well-known problems associated with the site?

Firstly the computer monitor switched itself off and on again and the picture went extremely large and then returned back to normal. The computer then restarted on its own - could be a power surge?

But a few minutes later when I tried to open a bbc webpage to view a film in realplayer, realplayer crashed and so did internet explorer. This has never happened before, as I use realplayer a great deal. The error report said I should try http://service.real.com/realplayer/ which advised me to Lower the hardware acceleration. Which I did. And realplayer started playing fine but from then on every time I switch on the computer I get an error message from Hydravision. And the computer can run rather slow when I have more than one application open at once, which never used to be a problem.

I've run AVG, Spysweeper, Adaware, CCleaner, HijackThis, WindowsDefender. And can't find a problem anywhere. Am I missing something obvious?

Thanks for your help. Hope that's enough info.

 

Download F-Secure Blacklight (blbeta.exe) to the desktop from here.

Open it and click [bold]Accept Agreement[/bold].
Click "[bold]Scan[/bold]".
After the scan is complete, click "[bold]Next[/bold]", then "[bold]Exit[/bold]".
It will create a log on the desktop named "[bold]fsbl-xxxxxxx.log[/bold]" (the xxxxxxx will be the date and time of the scan)
Post that log in your next reply.

Go here to run [bold]ActiveScan[/bold].
After downloading, click [bold]My Computer[/bold] to scan.
When it finishes, click "[bold]See Report[/bold]".
Click "[bold]Save report[/bold]" and post it along with the BL log.

 

I haven't run a spysweeper scan today so I think the panda scan only threw up the usual. We'll see.

Google Earth is having trouble opening too. It says it is having trouble with DivX. Do you think the problem is just a 2 year old graphics driver?

11/08/06 18:27:29 [Info]: BlackLight Engine 1.0.47 initialized
11/08/06 18:27:29 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/08/06 18:27:29 [Note]: 7019 4
11/08/06 18:27:29 [Note]: 7005 0
11/08/06 18:27:33 [Note]: 7006 0
11/08/06 18:27:33 [Note]: 7011 1532
11/08/06 18:27:33 [Note]: 7026 0
11/08/06 18:27:33 [Note]: 7026 0
11/08/06 18:27:42 [Note]: FSRAW library version 1.7.1020
11/08/06 18:34:36 [Note]: 2000 1012
11/08/06 18:34:36 [Note]: 2000 1012
11/08/06 18:34:52 [Note]: 7007 0


Incident Status Location

Adware:adware/ncase Not disinfected Windows Registry
Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/ist.yoursitebar Not disinfected Windows Registry
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\1blq7ppz.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\1blq7ppz.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\1blq7ppz.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\1blq7ppz.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\1blq7ppz.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\1blq7ppz.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\1blq7ppz.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Peter\Cookies\peter@247realmedia[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Peter\Cookies\peter@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Peter\Cookies\peter@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Peter\Cookies\peter@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Peter\Cookies\peter@doubleclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Peter\Cookies\peter@mediaplex[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Peter\Local Settings\Temp\Cookies\peter@casalemedia[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Peter\Local Settings\Temp\Cookies\peter@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Peter\Local Settings\Temp\Cookies\peter@mediaplex[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Peter\Local Settings\Temp\Cookies\peter@tribalfusion[1].txt

 

Blacklight came out clean. Panda didn't find the usual. There a few adware registry entries, but Panda isn't showing the location so we can remove them manually. You'll need to let Ad-aware delete them. SpySweeper may remove them too, so run a scan with either or both.

About the first problem: try uninstalling then re-installing Real Player to see if that helps.

For the second problem, do the same for DivX.