[u2btrfly]

I'll try to tell you all of the details of the past 1-1/2 weeks as best I can.

My computer was getting slower, and slower to restart or shut down, but I had to do a lot of "boots>" When my screen finally came up, Firefox was missing all extensions, passwords and bookmarks. I've been reading your forum and got involved in some site called "Uniblue," It cleaned the registry all right, no I have no pictures, graphics on my computer. Just pretty much black on white. I was checking out those rogue sites, and damn, my tabs are lining up in rows of 10. Got so lost reading this and that that I had to go back on my history and bring you guys up. I really got confused with all the directions. I know I need a Hijack This log, but where do I start. I imagine I'll have to run a lot of scan, but would you be patient and kind enough to give me directions. I think this is going to take a while, but I really need some concise instructions. It's not that I'm really stupid, it's just that I'm suffering from acute burn-out with all this, almost all day and night since the 3rd or 4thh of this month.

I'm running XP Pro, SP2 and I guess SP3., Pentium 3, 512 Ghz 2, 312 RAM and 40G hard drive, Firefox 3, Avira, Comodo Firewall, Adaware, Spybot Search and Destroy..

Figured I better let you have my HJT log - Figured that out!



Please help!

Sincerely
u2btrfly
(Bev)

[u2btrfly]

Figured you just might need this to help!

Log created by WinPatrol PLUS version 15.5.2008.0:15.5.2008.0
Scan saved at 7:20:39 AM, on 9/05/2008
Platform: Windows XP SP2 Service Pack 2 (Build 2600)
MSIE: Internet Explorer (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAM FILES\Ahead\InCD\InCDsrv.exe
C:\PROGRAM FILES\Lavasoft\Ad-Aware\AAWSERVICE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\Avira\ANTIVIR PERSONALEDITION CLASSIC\sched.exe
C:\PROGRAM FILES\Avira\ANTIVIR PERSONALEDITION CLASSIC\avguard.exe
C:\PROGRAM FILES\Comodo\CBOClean\BOCore.exe
C:\PROGRAM FILES\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\explorer.exe
C:\PROGRAM FILES\Comodo\Firewall\cfp.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\Comodo\CBOClean\BOC426.EXE
C:\PROGRAM FILES\YOURWARE SOLUTIONS\FREERAM XP PRO\FREERAM XP PRO.EXE
C:\PROGRAM FILES\IObit\IOBIT SMARTDEFRAG\IOBIT SMARTDEFRAG.EXE
C:\PROGRAM FILES\IObit\ADVANCED WINDOWSCARE V2 PRO\Awc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\Java\JRE1.6.0_06\bin\jusched.exe
C:\DOCUMENTS AND SETTINGS\new user\APPLICATION DATA\mjusbsp\MAGICJACK.EXE
C:\PROGRAM FILES\Avira\ANTIVIR PERSONALEDITION CLASSIC\avgnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRAM FILES\MOZILLA FIREFOX\firefox.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=1607
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F1 - win.ini: run=
F1 - win.ini: load=
F3 - HKCU Load=
F3 - HKCU Run=
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
O4 - HKLM\..\Run: [COMODO Firewall Pro]C:\Program Files\Comodo\Firewall\cfp.exe -h
O4 - HKLM\..\Run: [avgnt]C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe /min
O4 - HKLM\..\Run: [WinPatrol PLUS]C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [cdloader]C:\Documents and Settings\new user\Application Data\mjusbsp\cdloader2.exe MAGICJACK
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O11 - Options group: [Java (Sun)] Java (Sun) - C:\Program Files\Java\jre1.6.0_07\bin
O14 - IERESET.INF: START_PAGE_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
O14 - IERESET.INF: SEARCH_PAGE_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
O14 - IERESET.INF:HKCU, Start Page = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Page_URL = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Search_URL = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKLM, Search Page = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKCU, Search Page = %SEARCH_PAGE_URL%
O16 - DPF: Microsoft XML Parser for Java (xmldso) - file://C:\WINDOWS\Java\classes\xmldso.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_07) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} (http://fpdownload.macromedia.com/get...rent/ultrashim) - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/sh...,2/mcmysec.cab
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.6.0_06) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCore.exe
O23 - Service: COMODO Firewall Pro Helper Service - - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Human Interface Device Access - - C:\WINDOWS\System32\hidserv.dll
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) - - C:\Program Files\Ahead\InCD\InCDsrv.exe -r
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--- Additional WinPatrol Info ---
Default Browser: Firefox - Firefox version 3.0.1
MSIE: Internet Explorer (7.00.6000.16705)
Firefox 3.0.1 installed in C:\Program Files\Mozilla Firefox.
0 IE Cookies in Folder: C:\Documents and Settings\new user\Cookies\
0 Mozilla Cookies in Folder: C:\Documents and Settings\new user\Application Data\Mozilla\FireFox\Profiles\v4dxw5wa.default

WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS3: BootExecute = autocheck autochk *
WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe

WP03 - Windows Automatic Update = 2:Notify me but don't automatically download or install them.

WP06 - Delayed Start: [Advanced WindowsCare AutoCare]C:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoCare.exe
WP06 - Delayed Start: [BOC-426]C:\PROGRAM FILES\Comodo\CBOClean\BOC426.EXE
WP06 - Delayed Start: [SmartDefrag]C:\PROGRAM FILES\IObit\IOBIT SMARTDEFRAG\IOBIT SMARTDEFRAG.EXE
WP06 - Delayed Start: [Adobe Reader Speed Launcher]C:\PROGRAM FILES\Adobe\Reader 9.0\Reader\READER_SL.EXE
WP06 - Delayed Start: [MRUBlaster]C:\PROGRAM FILES\MRU-BLASTER\INDEXCLEANER.EXE
WP06 - Delayed Start: [Advanced WindowsCare V2 Pro]C:\PROGRAM FILES\IObit\ADVANCED WINDOWSCARE V2 PRO\Awc.exe
WP06 - Delayed Start: [SunJavaUpdateSched]C:\PROGRAM FILES\Java\JRE1.6.0_06\bin\jusched.exe
WP06 - Delayed Start: [ctfmon.exe]C:\WINDOWS\system32\ctfmon.exe
WP06 - Delayed Start: [FreeRAM XP]C:\PROGRAM FILES\YOURWARE SOLUTIONS\FREERAM XP PRO\FREERAM XP PRO.EXE

WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://

WP31 - Scheduled Tasks: [Fulll System Test.job]C:\PROGRA~1\Grisoft\AVG7\avgw.exe Never
WP31 - Scheduled Tasks: [Disk Cleanup.job]C:\WINDOWS\system32\cleanmgr.exe Never
WP31 - Scheduled Tasks: [AwcProUpdate.job]C:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.exe 09/04/2008 8:00 PM
WP31 - Scheduled Tasks: [Advanced WindowsCare V2 Pro.job]C:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoCare.exe 09/04/2008 4:30 PM
WP31 - Scheduled Tasks: [Ad-Aware SE Personal.job]C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft Ad-Aware SE Personal\Ad-Aware SE Personal.lnk Never
WP31 - Scheduled Tasks: [Spybot - Search & Destroy - Scheduled Task.job]C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe Never
WP31 - Scheduled Tasks: [IObit SmartDefrag.job]C:\PROGRA~1\IObit\IOBITS~1\IOBITS~1.EXE Never

WP16 - ActiveX: {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [DHTML Edit Control Safe for Scripting for IE5] C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\Triedit\dhtmled.ocx 6.01.9232
WP16 - ActiveX: {72267F6A-A6F9-11D0-BC94-00C04FB67863} [Active Desktop Mover] C:\WINDOWS\system32\shell32.dll 6.00.2900.3241
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\WINDOWS\system32\ieframe.dll 7.00.6000.16705
WP16 - ActiveX: {F5078F32-C551-11D3-89B9-0000F81FE221} [XML DOM Document 3.0] C:\WINDOWS\system32\msxml3.dll 8.90.1101.0
WP16 - ActiveX: {05589fa1-c356-11ce-bf01-00aa0055595a} [ActiveMovieControl Object] C:\WINDOWS\system32\wmpdxm.dll 9.00.00.3250
WP16 - ActiveX: {0713E8A2-850A-101B-AFC0-4210102A8DA7} [Microsoft TreeView Control, version 5.0 (SP2)] C:\WINDOWS\system32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {0713E8D2-850A-101B-AFC0-4210102A8DA7} [Microsoft ProgressBar Control, version 5.0 (SP2)] C:\WINDOWS\system32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {08B0e5c0-4FCB-11CF-AAA5-00401C608501} [Web Browser Applet Control] C:\WINDOWS\system32\msjava.dll 5.00.3810
WP16 - ActiveX: {1D2B4F40-1F10-11D1-9E88-00C04FDCAB92} [ThumbCtl Class] C:\WINDOWS\system32\webvw.dll 6.00.2900.2180
WP16 - ActiveX: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [Windows Media Player] C:\WINDOWS\system32\wmpdxm.dll 9.00.00.3250
WP16 - ActiveX: {52A2AAAE-085D-4187-97EA-8C30DB990436} [HHCtrl Object] C:\WINDOWS\system32\hhctrl.ocx 5.2.3790.2847
WP16 - ActiveX: {58DA8D8A-9D6A-101B-AFC0-4210102A8DA7} [Microsoft ListView Control, version 5.0 (SP2)] C:\WINDOWS\system32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {58DA8D8F-9D6A-101B-AFC0-4210102A8DA7} [Microsoft ImageList Control, version 5.0 (SP2)] C:\WINDOWS\system32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {6B7E638F-850A-101B-AFC0-4210102A8DA7} [Microsoft StatusBar Control, version 5.0 (SP2)] C:\WINDOWS\system32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\WINDOWS\system32\ieframe.dll 7.00.6000.16705
WP16 - ActiveX: {AE24FDAE-03C6-11D1-8B76-0080C744F389} [Microsoft Scriptlet Component] C:\WINDOWS\system32\mshtml.dll 7.00.6000.16705
WP16 - ActiveX: {CA8A9780-280D-11CF-A24D-444553540000} [Adobe PDF Reader] C:\PROGRAM FILES\COMMON FILES\Adobe\Acrobat\ActiveX\AcroPDF.dll
WP16 - ActiveX: {E5DF9D10-3B52-11D1-83E8-00A0C90DC849} [WebViewFolderIcon Class] C:\WINDOWS\system32\webvw.dll 6.00.2900.2180

WP32 - Hidden File: C:\boot.ini
WP32 - Hidden File: C:\hiberfil.sys
WP32 - Hidden File: C:\IO.SYS
WP32 - Hidden File: C:\MSDOS.SYS
WP32 - Hidden File: C:\NTDETECT.COM
WP32 - Hidden File: C:\ntldr
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\WINDOWS\WindowsShell.Manifest
WP32 - Hidden File: C:\WINDOWS\winnt.bmp
WP32 - Hidden File: C:\WINDOWS\winnt256.bmp
WP32 - Hidden File: C:\WINDOWS\system32\cdplayer.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\config\userdiff.LOG
WP32 - Hidden File: C:\WINDOWS\system32\cpnprt2.cid
WP32 - Hidden File: C:\WINDOWS\system32\logonui.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\ncpa.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\nwc.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\Restore\filelist.xml
WP32 - Hidden File: C:\WINDOWS\system32\sapi.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\WindowsLogon.manifest
WP32 - Hidden File: C:\WINDOWS\system32\wuaucpl.cpl.manifest
WP32 - Hidden File: C:\Documents and Settings\new user\Local Settings\Temp\etilqs_i5jL5Udl1ZavbreZ1Exj

WP33 - File Type .BAT: [MS-DOS Batch File]%1 %*
WP33 - File Type .CAB: [Cabinet File]C:\WINDOWS\Explorer.exe /idlist,%I,%L
WP33 - File Type .CAB: [Firefox]C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url %1 -requestPending
WP33 - File Type .CAT: [Security Catalog]rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Compiled HTML Help file]C:\WINDOWS\hh.exe %1
WP33 - File Type .COM: [MS-DOS Application]%1 %*
WP33 - File Type .CMD: [Windows NT Command Script]%1 %*
WP33 - File Type .DOC: [Microsoft Word Document]C:\Program Files\program\soffice.exe -writer -o %1
WP33 - File Type .EML: [Internet E-Mail Message]C:\Program Files\Outlook Express\msimn.exe /eml:%1
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Setup Information]C:\WINDOWS\System32\NOTEPAD.EXE %1
WP33 - File Type .JS: [JScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Text Document]C:\WINDOWS\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*
WP33 - File Type .MID: [MIDI Sequence]C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe %1
WP33 - File Type .MP3: [MP3 Audio]C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe %1
WP33 - File Type .MP3: [NeroMediaPlayer]C:\Program Files\Ahead\NeroMediaPlayer\NeroMediaPlayer.exe %1
WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
WP33 - File Type .RAM: [RealMedia file]C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe %1
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .RTF: [soffice.exe -writer -]C:\Program Files\program\soffice.exe -writer -o %1
WP33 - File Type .SCR: [Screen Saver]%1 /S
WP33 - File Type .TXT: [Text Document]C:\WINDOWS\NOTEPAD.EXE %1
WP33 - File Type .URL: [Internet Shortcut]rundll32.exe ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [VBScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [VBScript Encoded Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Host Settings File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .XLS: [Microsoft Excel Worksheet]C:\Program Files\program\soffice.exe -calc -o %1

Memory currently in use: 76%
Physical Memory Free: 121,460 KB
Paging File Free: 743,876 KB
Virtual Memory Free: 2,039,996 KB


--
End of file