1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Extremely slow internet browsing computer sluggish

Discussion in 'Virus & Other Malware Removal' started by kemet3, Dec 3, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. kemet3

    kemet3 Thread Starter

    Joined:
    Oct 9, 2003
    Messages:
    71
    okay I think somethink severly slowed down my internet browsing and my computer runs very glitchy and sluggish. when I browse my mouse sticks loading time is like im on a dial up. Forget about just tryin to do work on my computer it acts retarted can anyone help me find this bug or torjan or virus?

    hijack file is below: THX

    Logfile of HijackThis v1.99.1
    Scan saved at 5:52:21 PM, on 07/12/03
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\Program Files\Saitek\Software\ProfilerU.exe
    C:\Program Files\Saitek\Software\SaiMfd.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Volumouse\volumouse.exe
    C:\Program Files\NLauncher\NLauncher.exe
    C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
    C:\Program Files\Pixoria\Konfabulator\YahooWidgetEngine.exe
    C:\Program Files\Pixoria\Konfabulator\YahooWidgetEngine.exe
    C:\Program Files\Pixoria\Konfabulator\YahooWidgetEngine.exe
    C:\Program Files\Pixoria\Konfabulator\YahooWidgetEngine.exe
    C:\Program Files\Pixoria\Konfabulator\YahooWidgetEngine.exe
    C:\Program Files\Pixoria\Konfabulator\YahooWidgetEngine.exe
    C:\Program Files\Folder View\folderview.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\BXNEWF~1\bxExpHelper.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    D:\Programs\note2\Notepad2.exe
    D:\PROTECTION & TWEEKS\FIXES\hijackthis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.codemasters.com/emails/clickme.php?l=8633
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: bxNewFolder - {51C8BCA8-2524-4523-BF09-738C4EEBFC58} - C:\PROGRA~1\BXNEWF~1\BXNEWF~1.DLL
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {9470E8E6-E19F-4675-9832-5DE295F77E89} - C:\PROGRA~1\FOLDER~1\fvhelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: (no name) - {BB661A3F-4D46-4F7C-821A-C6EDF8C34806} - (no file)
    O2 - BHO: (no name) - {BBE59AF5-EE22-4A3A-AB26-3F774D1B4216} - C:\PROGRA~1\FOLDER~2\FOLDER~1.DLL
    O3 - Toolbar: &Folder View - {DAF2C8C2-1CD1-48F8-A5C6-3B438127A8FD} - C:\PROGRA~1\FOLDER~1\fvband.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Profiler] "C:\Program Files\Saitek\Software\ProfilerU.exe"
    O4 - HKLM\..\Run: [SaiMfd] "C:\Program Files\Saitek\Software\SaiMfd.exe"
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [$Volumouse$] "C:\Program Files\Volumouse\volumouse.exe" /nodlg
    O4 - HKCU\..\Run: [NLauncher] C:\Program Files\NLauncher\NLauncher.exe
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
    O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Pixoria\Konfabulator\YahooWidgetEngine.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: httpobse.silverlock.org
    O15 - Trusted Zone: http://obse.silverlock.org
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1192495135125
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - (no file)
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\kemet3\MYDOCU~1\DownZ\NEWFOL~1\DX9_RE~1\Temp\DX9\SESSIO~1.EXE (file missing)
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
     
  2. kemet3

    kemet3 Thread Starter

    Joined:
    Oct 9, 2003
    Messages:
    71
    I posted this issue about a week in a half is there any body willing to help me guide me
    not to be fussy im just having a very difficult time tryin to work from my computer because my I think my son have may gotting a trojan/virus/rootkit plz plz anybody you help would be well appreciated THX all for ure time.
     
  3. kemet3

    kemet3 Thread Starter

    Joined:
    Oct 9, 2003
    Messages:
    71
    is this site dead? I posted this awhile ago then my computer crashed and i just got it back on i reinstalled xp if no one can help me here i would appreciate a post stating that so i can go some where else i really like this site, its been very helpful in the past not to be a an *** but last time i waited for a reply my computer died on me. with all that said and done:

    after i reinstalled xp it was running smooth right after i did microsuck updates service pak 2 my computer ran very slow after all that head ache its still here..sorry if this should be a new post but im not sure if it should be thanks 4 U time..
     
  4. kemet3

    kemet3 Thread Starter

    Joined:
    Oct 9, 2003
    Messages:
    71
    closing thread for lack of replys...responses..and assistance in my time of need..
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,316
    You've received help several times in the past and the last time you never posted back after cybertech posted instructions for you so please don't complain about not receiving assistance this one time. The volume here is great and we only have so many helpers who are qualified to assist and unfortunately, we can't get to them all. We all do this on a volunteer basis.

    So now if you still need assistance, please post a new HijackThis log and also do this:

    Open HijackThis and click on "Config" and then on the "Misc Tools" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here please.
     
  6. kemet3

    kemet3 Thread Starter

    Joined:
    Oct 9, 2003
    Messages:
    71
    Thanks for the reply but the reason i couldn't respond last time is because my email got infected then my computer completely crashed..sorry for the misunderstanding..

    well here's my hijack file:
    Logfile of HijackThis v1.99.1
    Scan saved at 1:19:24 AM, on 1/23/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Saitek\Software\ProfilerU.exe
    C:\Program Files\Saitek\Software\SaiMfd.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\CursorXP\CursorXP.exe
    C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Folder View\folderview.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    D:\PROTECTION & TWEEKS\UTILITIES\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    F2 - REG:system.ini: Shell=explorer.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

    Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program

    Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
    O2 - BHO: (no name) - {9470E8E6-E19F-4675-9832-5DE295F77E89} - C:\PROGRA~1\FOLDER~1\fvhelper.dll
    O3 - Toolbar: &Folder View - {DAF2C8C2-1CD1-48F8-A5C6-3B438127A8FD} - C:\PROGRA~1\FOLDER~1\fvband.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe"

    /StartupJobs
    O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe
    O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
    O8 - Extra context menu item: Search Current News - file://\program files\powershell-xp3\search5.htm
    O8 - Extra context menu item: Search Encyclopedia - file://\program files\powershell-xp3\search4.htm
    O8 - Extra context menu item: Search for Images - file://\program files\powershell-xp3\search3.htm
    O8 - Extra context menu item: Search Newsgroups - file://\program files\powershell-xp3\search2.htm
    O8 - Extra context menu item: Search the Web - file://\program files\powershell-xp3\search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

    Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program

    Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

    http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1200891239359
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -

    http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common

    Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} -

    C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

    C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware

    2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems

    Shared\Service\Adobelmsvc.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk

    Shared\Service\AdskScSrv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer,

    Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper

    Corporation\Diskeeper\DkService.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32

    Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common

    Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit

    (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max

    2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common

    Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

    C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: perfmons Service (perfmons) - Raxco Software, Inc. - (no file)
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe



    PS im getting this weird pop up with a bounch of squares where the text would be I have a screen shot that im attaching..called weird.jpeg
     

    Attached Files:

  7. kemet3

    kemet3 Thread Starter

    Joined:
    Oct 9, 2003
    Messages:
    71
    oops I forgot to say that i reposted a more updated hijack file because i have reinstalled xp several times after that...THX again...
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,316
    Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix and make sure you are disconnected from the Internet after downloading the program and before scanning.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.

    Download ComboFix and save it to your desktop.

    **Note: In the event you already have ComboFix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

    Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running ComboFix.
    • WARNING: IF you have not already done so ComboFix will disconnect your machine from the Internet when it starts.
    • Please do not re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection when Combofix has completely finished then restart your computer to restore the connection.

    Double-click on combofix.exe and follow the prompts. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

    **Note: Do not mouseclick comboFix's window while it's running. That may cause it to stall**
     
  9. kemet3

    kemet3 Thread Starter

    Joined:
    Oct 9, 2003
    Messages:
    71
    thanks for the help i also notice my clone dvd stopped working and keeps crashing I dont know if this is important for you to know...

    here;s combo fix log:

    ComboFix 08-01-23.2 - ManGod 2008-01-24 1:54:21.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.317 [GMT -5:00]
    Running from: C:\Documents and Settings\ManGod\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\ManGod\Application Data\inst.exe
    C:\WINDOWS\hosts
    C:\WINDOWS\mc\
    C:\WINDOWS\mslagent\
    C:\WINDOWS\system32\avload32.dll
    C:\WINDOWS\system32\axdebugl.dll
    C:\WINDOWS\system32\bt848rom.dll
    C:\WINDOWS\system32\ddirectz.dll
    C:\WINDOWS\system32\directpt.dll
    C:\WINDOWS\system32\directut.dll
    C:\WINDOWS\system32\Dll.dll
    C:\WINDOWS\system32\docent0.dll
    C:\WINDOWS\system32\docent2.dll
    C:\WINDOWS\system32\dvd4free.dll
    C:\WINDOWS\system32\emldvc.dll
    C:\WINDOWS\system32\extfpu.dll
    C:\WINDOWS\system32\extxerox.dll
    C:\WINDOWS\system32\flashdrvr.dll
    C:\WINDOWS\system32\gatexkey.dll
    C:\WINDOWS\system32\gdiwxp.dll
    C:\WINDOWS\system32\gdwxp3.dll
    C:\WINDOWS\system32\hpprintx.dll
    C:\WINDOWS\system32\ideusr50.dll
    C:\WINDOWS\system32\ies4dll.dll
    C:\WINDOWS\system32\iesdl4l.dll
    C:\WINDOWS\system32\logon16x.dll
    C:\WINDOWS\system32\lsd_f3.dll
    C:\WINDOWS\system32\mcfCC4.dll
    C:\WINDOWS\system32\mcfG7A.dll
    C:\WINDOWS\system32\mdfpro.dll
    C:\WINDOWS\system32\mmxeroxk.dll
    C:\WINDOWS\system32\MSplg7.dll
    C:\WINDOWS\system32\nclabydll.dll
    C:\WINDOWS\system32\nkunpack.dll
    C:\WINDOWS\system32\nuclabdll.dll
    C:\WINDOWS\system32\obbn13t.dll
    C:\WINDOWS\system32\openglss.dll
    C:\WINDOWS\system32\printpnp.dll
    C:\WINDOWS\system32\prw76sks.sys
    C:\WINDOWS\system32\prwsks.dll
    C:\WINDOWS\system32\psksds.dll
    C:\WINDOWS\system32\rdrVR2.dll
    C:\WINDOWS\system32\rsdapi.dll
    C:\WINDOWS\system32\satau320.dll
    C:\WINDOWS\system32\satdll.dll
    C:\WINDOWS\system32\satmmc.dll
    C:\WINDOWS\system32\sdcard98.dll
    C:\WINDOWS\system32\se500mdm.dll
    C:\WINDOWS\system32\se633mxx.dll
    C:\WINDOWS\system32\sks2drvr.sys
    C:\WINDOWS\system32\sksdll.dll
    C:\WINDOWS\system32\tcpG4T.dll
    C:\WINDOWS\system32\tcpGDC.dll
    C:\WINDOWS\system32\tcpwrk.dll
    C:\WINDOWS\system32\wincom32.sys
    C:\WINDOWS\system32\wndtx1.dll
    C:\WINDOWS\system32\xcdmfree.dll
    C:\WINDOWS\system32\zopenssl.dll
    C:\WINDOWS\wincomp\
    C:\WINDOWS\winmgts\
    C:\WINDOWS\wintrim\

    .
    ((((((((((((((((((((((((( Files Created from 2007-12-24 to 2008-01-24 )))))))))))))))))))))))))))))))
    .

    2008-01-24 01:53 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-23 18:25 . 2008-01-23 18:25 <DIR> d-------- C:\Program Files\Advanced XP Tweak
    2008-01-23 17:42 . 2008-01-23 17:42 23 --a------ C:\WINDOWS\BlendSettings.ini
    2008-01-23 17:31 . 2008-01-23 17:31 <DIR> d-------- C:\Program Files\The OBSE Launcher
    2008-01-23 16:36 . 2008-01-23 16:36 151,552 --a------ C:\WINDOWS\system32\nvRegDev.dll
    2008-01-23 16:35 . 2008-01-23 16:36 <DIR> d-------- C:\Program Files\NVIDIA Corporation
    2008-01-23 16:35 . 2002-01-05 03:40 487,424 -ra------ C:\WINDOWS\system32\msvcp70.dll
    2008-01-23 16:35 . 2002-08-15 10:11 344,064 -ra------ C:\WINDOWS\system32\msvcr70.dll
    2008-01-23 15:39 . 2008-01-23 15:39 <DIR> d-------- C:\WINDOWS\speech
    2008-01-23 15:39 . 2008-01-23 15:39 <DIR> d-------- C:\Program Files\Subliminal Visualizer Pro
    2008-01-23 15:39 . 2008-01-23 15:39 <DIR> d-------- C:\Program Files\SRS5-1XP
    2008-01-23 15:39 . 2003-08-27 23:13 1,101,824 --a------ C:\WINDOWS\system32\vbskpro.ocx
    2008-01-23 15:39 . 2002-11-29 16:07 503,808 --a------ C:\WINDOWS\system32\DXVUMeter.ocx
    2008-01-23 15:39 . 1998-04-24 20:08 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
    2008-01-23 15:39 . 2001-09-28 17:00 164,864 --a------ C:\WINDOWS\UNWISE.EXE
    2008-01-23 15:39 . 2003-05-21 06:47 49,152 --a------ C:\WINDOWS\system32\mp3enc.dll
    2008-01-23 15:39 . 2000-06-13 16:06 32,768 --a------ C:\WINDOWS\system32\prjKnob.ocx
    2008-01-23 15:35 . 2008-01-23 21:09 <DIR> d-------- C:\Converted Audio Files
    2008-01-23 15:12 . 2008-01-23 16:05 <DIR> d-------- C:\Program Files\RegCure
    2008-01-23 11:30 . 2007-09-05 22:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-01-23 11:30 . 2006-04-27 15:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-01-23 11:30 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-01-23 11:30 . 2003-06-05 19:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-01-23 11:30 . 2004-07-31 16:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-01-23 11:30 . 2007-10-03 22:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-01-23 02:55 . 2008-01-23 10:05 <DIR> d-------- C:\Program Files\Spyware Doctor
    2008-01-23 02:55 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-01-23 02:55 . 2008-01-23 02:59 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-01-23 02:55 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-01-23 02:55 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-01-23 01:22 . 2008-01-23 01:22 <DIR> d-------- C:\Program Files\IrfanView
    2008-01-22 23:41 . 2008-01-22 23:41 <DIR> d--hs---- C:\winstall.exe
    2008-01-22 23:39 . 2008-01-23 12:07 <DIR> d-------- C:\Program Files\Malware Immunizer
    2008-01-22 23:39 . 2008-01-23 14:54 <DIR> d-------- C:\hostjack
    2008-01-22 22:52 . 2008-01-22 22:58 2,470 --a------ C:\WINDOWS\system32\tmp.reg
    2008-01-22 19:40 . 2001-08-17 12:19 747,392 --a--c--- C:\WINDOWS\system32\dllcache\adm8830.sys
    2008-01-22 19:40 . 2001-08-17 12:19 553,984 --a--c--- C:\WINDOWS\system32\dllcache\adm8820.sys
    2008-01-22 19:40 . 2001-08-17 14:07 101,888 --a--c--- C:\WINDOWS\system32\dllcache\adpu160m.sys
    2008-01-22 19:40 . 2001-08-17 12:11 46,112 --a--c--- C:\WINDOWS\system32\dllcache\adptsf50.sys
    2008-01-22 19:40 . 2001-08-17 22:37 24,576 --a--c--- C:\WINDOWS\system32\dllcache\agcgauge.ax
    2008-01-22 19:40 . 2002-08-28 23:00 10,880 --a--c--- C:\WINDOWS\system32\dllcache\admjoy.sys
    2008-01-22 18:51 . 2008-01-23 08:37 172 --a------ C:\WINDOWS\_vmtxp.ini
    2008-01-22 17:06 . 2008-01-22 17:06 <DIR> d-------- C:\Program Files\Lavasoft
    2008-01-22 16:35 . 2008-01-23 11:24 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2008-01-22 16:32 . 2008-01-22 17:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-01-22 16:25 . 2004-08-04 01:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
    2008-01-22 09:22 . 2008-01-23 18:54 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-01-21 23:47 . 2008-01-21 23:47 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
    2008-01-21 23:47 . 2008-01-21 23:47 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
    2008-01-21 23:46 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2008-01-21 23:46 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
    2008-01-21 23:45 . 2004-08-04 00:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
    2008-01-21 23:45 . 2004-08-04 00:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
    2008-01-21 23:43 . 2008-01-21 23:43 <DIR> d-------- C:\Program Files\Saitek
    2008-01-21 23:43 . 2005-11-03 11:27 155,648 --a------ C:\WINDOWS\system32\nY.exe
    2008-01-21 23:43 . 2005-11-03 11:09 57,344 --a------ C:\WINDOWS\system32\SAIGON.dll
    2008-01-21 23:43 . 2005-10-18 14:31 45,056 --a------ C:\WINDOWS\system32\SAIKICK.dll
    2008-01-21 23:42 . 2005-06-24 09:07 34,420 -ra------ C:\WINDOWS\system32\SaiD040C.pr0
    2008-01-21 23:42 . 2005-06-24 09:07 306 -ra------ C:\WINDOWS\system32\SaiC040C.pr0
    2008-01-21 23:37 . 2008-01-21 23:37 <DIR> d-------- C:\Program Files\Microsoft Works
    2008-01-21 23:36 . 2008-01-21 23:36 <DIR> d-------- C:\Program Files\Microsoft.NET
    2008-01-21 23:33 . 2008-01-21 23:36 <DIR> d-------- C:\WINDOWS\SHELLNEW
    2008-01-21 23:31 . 2008-01-21 23:31 <DIR> dr-h----- C:\MSOCache
    2008-01-21 23:07 . 2008-01-21 23:07 <DIR> d-------- C:\Program Files\Eltima Software
    2008-01-21 22:41 . 2008-01-21 22:41 <DIR> d-------- C:\Program Files\[email protected]
    2008-01-21 22:41 . 1996-07-18 13:06 297,472 --a------ C:\WINDOWS\uninst.exe
    2008-01-21 21:16 . 2008-01-21 21:16 <DIR> d-------- C:\Program Files\MSBuild
    2008-01-21 21:12 . 2008-01-21 21:12 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
    2008-01-21 21:11 . 2008-01-21 21:11 <DIR> d-------- C:\Program Files\Reference Assemblies
    2008-01-21 21:10 . 2008-01-21 21:10 <DIR> d-------- C:\Program Files\MSXML 6.0
    2008-01-21 21:10 . 2008-01-21 21:10 <DIR> d-------- C:\f9eed678883caca8907e
    2008-01-21 21:10 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2008-01-21 21:07 . 2008-01-21 21:07 <DIR> d-------- C:\Program Files\Windows Media Connect 2
    2008-01-21 21:05 . 2008-01-21 21:05 <DIR> d-------- C:\WINDOWS\system32\LogFiles
    2008-01-21 21:05 . 2008-01-21 21:06 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
    2008-01-21 20:46 . 2008-01-21 20:46 <DIR> d-------- C:\Program Files\turbo squid tentacles
    2008-01-21 20:42 . 2008-01-21 20:42 231 --a------ C:\WINDOWS\system32\3dsmax.ini
    2008-01-21 20:42 . 2008-01-21 20:42 43 --a------ C:\WINDOWS\system32\InstallSettings.ini
    2008-01-21 20:40 . 2008-01-21 20:42 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
    2008-01-21 20:38 . 2008-01-21 20:42 <DIR> d-------- C:\Program Files\Autodesk
    2008-01-21 20:02 . 2008-01-21 20:02 <DIR> d-------- C:\Program Files\MSXML 4.0
    2008-01-21 19:58 . 2008-01-21 19:58 5,760,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
    2008-01-21 19:58 . 2008-01-21 19:58 65,497 --a------ C:\WINDOWS\BricoPackUninst.cmd
    2008-01-21 19:56 . 2008-01-21 19:58 5,780 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
    2008-01-21 19:55 . 2008-01-21 19:55 <DIR> d-------- C:\WINDOWS\BricoPacks
    2008-01-21 18:47 . 2008-01-21 18:47 4 --a------ C:\WINDOWS\system32\ulfconfig0103.ulf
    2008-01-21 18:46 . 2008-01-21 18:46 <DIR> d-------- C:\Program Files\Pixologic
    2008-01-21 18:43 . 2008-01-21 18:44 <DIR> d-------- C:\Program Files\DAZ
    2008-01-21 18:43 . 2008-01-21 18:43 <DIR> d-------- C:\Program Files\Common Files\DAZ
    2008-01-21 18:41 . 2008-01-21 18:41 <DIR> d-------- C:\Program Files\Service Controller XP
    2008-01-21 18:32 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2008-01-21 18:27 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
    2008-01-21 17:12 . 2008-01-21 17:12 13 --a------ C:\WINDOWS\scode8.cfg
    2008-01-21 16:59 . 2008-01-23 15:52 <DIR> d-------- C:\Program Files\Trojan Remover
    2008-01-21 16:59 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
    2008-01-21 16:59 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
    2008-01-21 16:59 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
    2008-01-21 16:59 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
    2008-01-21 16:59 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
    2008-01-21 16:48 . 2008-01-21 16:48 <DIR> d-------- C:\Program Files\Azureus

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-23 21:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-21 05:06 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-01-21 04:46 --------- d-----w C:\Program Files\SystemRequirementsLab
    2008-01-21 04:40 --------- d-----w C:\Program Files\Diskeeper Corporation
    2008-01-21 04:32 --------- d-----w C:\Program Files\Intel
    2008-01-21 04:18 --------- d--h--w C:\Program Files\Uninstall Information
    2008-01-21 04:14 --------- d-----w C:\Program Files\microsoft frontpage
    2008-01-04 21:58 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-01-04 21:58 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-01-04 21:58 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
    2007-12-21 13:21 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
    2007-12-21 13:20 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
    2007-12-21 13:19 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
    2007-12-05 06:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
    2006-09-13 04:50 108 --sha-r C:\WINDOWS\neoqaz2.dll
    .
    Code:
    <pre>
    ----a-w           229,512 2008-01-21 01:09:01  C:\Program Files\NLauncher\NLauncher .exe
    </pre>

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:44 140288]
    "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 08:08 136136]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
    "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]
    "BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
    "Profiler"="C:\Program Files\Saitek\Software\ProfilerU.exe" [2005-10-18 14:34 163840]
    "SaiMfd"="C:\Program Files\Saitek\Software\SaiMfd.exe" [2005-11-03 11:09 126976]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-12-05 01:41 81920]
    "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

    C:\Documents and Settings\ManGod\Start Menu\Programs\Startup\
    RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 17:05:02 630784]
    Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 12:57:16 2913584]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "SynchronousMachineGroupPolicy"= 0 (0x0)
    "SynchronousUserGroupPolicy"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDesktopCleanupWizard"= 1 (0x1)
    "NoShellSearchButton"= 1 (0x1)
    "NoRecentDocsNetHood"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 15:18 49152]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Absolute StartUp monitor]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a------ 2007-10-23 14:18 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
    --a------ 2007-12-04 20:45 916800 C:\Program Files\RFA\rfagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
    --a------ 2008-01-21 16:57 735824 C:\Program Files\Trojan Remover\Trjscan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    --------- 2000-05-11 01:00 90112 C:\WINDOWS\UpdReg.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
    R2 mi-raysat_3dsMax2008_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit;"C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe" [2007-09-24 17:05]
    R3 SaiH040C;SaiH040C;C:\WINDOWS\system32\DRIVERS\SaiH040C.sys [2005-11-03 10:52]
    R3 SaiU040C;SaiU040C;C:\WINDOWS\system32\DRIVERS\SaiU040C.sys [2005-11-03 10:52]

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-01-24 07:03:21 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2008-01-24 07:00:19 C:\WINDOWS\Tasks\RegCure Program Check.job"
    - C:\Program Files\RegCure\RegCure.exe
    "2008-01-23 21:00:02 C:\WINDOWS\Tasks\RegCure.job"
    - C:\Program Files\RegCure\RegCure.exe
    "2008-01-21 18:16:15 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
    - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
    "2008-01-21 18:16:12 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
    - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-24 02:00:58
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
    -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
    .


    here's the HijackThis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 02:15, on 2008-01-24
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Saitek\Software\ProfilerU.exe
    C:\Program Files\Saitek\Software\SaiMfd.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\CursorXP\CursorXP.exe
    C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Folder View\folderview.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
    O2 - BHO: (no name) - {9470E8E6-E19F-4675-9832-5DE295F77E89} - C:\PROGRA~1\FOLDER~1\fvhelper.dll
    O3 - Toolbar: &Folder View - {DAF2C8C2-1CD1-48F8-A5C6-3B438127A8FD} - C:\PROGRA~1\FOLDER~1\fvband.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe
    O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
    O8 - Extra context menu item: Search Current News - file://\program files\powershell-xp3\search5.htm
    O8 - Extra context menu item: Search Encyclopedia - file://\program files\powershell-xp3\search4.htm
    O8 - Extra context menu item: Search for Images - file://\program files\powershell-xp3\search3.htm
    O8 - Extra context menu item: Search Newsgroups - file://\program files\powershell-xp3\search2.htm
    O8 - Extra context menu item: Search the Web - file://\program files\powershell-xp3\search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1200891239359
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: perfmons Service (perfmons) - Raxco Software, Inc. - (no file)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

    --
    End of file - 8168 bytes


    thanks again for your response and patience with me..
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,316
    Go to Start - Search - All Files and Folders and under More advanced search options.
    Make sure there is a check by Search System Folders and Search hidden files and folders and Search system subfolders.

    Next click on My Computer. Go to Tools - Folder Options. Click on the View tab and make sure that Show hidden files and folders is checked. Also uncheck Hide protected operating system files and Hide extensions for known file types. Now click Apply to all folders. Click Apply then OK.


    Now, go to the following link and upload each of the following files for analysis and let me know what the results are please:

    http://virusscan.jotti.org/

    C:\WINDOWS\system32\prjKnob.ocx


    Open Notepad and copy and paste the text in the code box below into it:

    Code:
    File::
    C:\winstall.exe
    
    Folder::
    C:\Program Files\Malware Immunizer
    
    DirLook::
    C:\WINDOWS\speech
    C:\Program Files\SRS5-1XP
    C:\hostjack
    
    RenV::
    C:\Program Files\NLauncher\NLauncher .exe
    
    Save the file to your desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

    [​IMG]

    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
     
  11. kemet3

    kemet3 Thread Starter

    Joined:
    Oct 9, 2003
    Messages:
    71
    uploaded results:

    Service load:
    0% 100%
    File: prjKnob.ocx
    Status:
    OK
    MD5: 8de9485c7b5ea2a573c0caadbe441ac7
    Packers detected:
    -
    Bit9 reports: File not found
    Scanner results
    Scan taken on 25 Jan 2008 22:31:30 (GMT)
    A-Squared
    Found nothing
    AntiVir
    Found nothing
    ArcaVir
    Found nothing
    Avast
    Found nothing
    AVG Antivirus
    Found nothing
    BitDefender
    Found nothing
    ClamAV
    Found nothing
    CPsecure
    Found nothing
    Dr.Web
    Found nothing
    F-Prot Antivirus
    Found nothing
    F-Secure Anti-Virus
    Found nothing
    Fortinet
    Found nothing
    Ikarus
    Found nothing
    Kaspersky Anti-Virus
    Found nothing
    NOD32
    Found nothing
    Norman Virus Control
    Found nothing
    Panda Antivirus
    Found nothing
    Rising Antivirus
    Found nothing
    Sophos Antivirus
    Found nothing
    VirusBuster
    Found nothing
    VBA32
    Found nothing

    thanks
     
  12. kemet3

    kemet3 Thread Starter

    Joined:
    Oct 9, 2003
    Messages:
    71
    combofix log is attached thanks...
     

    Attached Files:

    • log.txt
      File size:
      42 KB
      Views:
      230
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,316
    I'm not sure why this file didn't get removed. Please delete it manually:

    C:\winstall.exe


    Download and install AVG Anti-Spyware v7.5. Note to AVG Free anti-virus program users only: This is not the same program as the one you already have, this is an anti-spyware program so please proceed with the instructions.
    • After download, double click on the file to launch the install process.
    • Choose a language, click "OK" and then click "Next".
    • Read the "License Agreement" and click "I Agree".
    • Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
    • After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
    • The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. As AVG Anti-Spyware may interfere with some of our other fixes, we are temporarily disabling its active protection features until your system is clean, then you can re-enable them.
    • Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
    • Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update".
      Wait until you see the "Update successful" message. If you are having problems with the updater, manually download and update with the AVG Anti-Spyware Full database installer.
    • Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
    Reboot your computer in SAFE MODE using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". (Note: When run in safe mode, sometimes the GUI is larger than the screen and the buttons at the bottom are partly or completely hidden, making them inaccessible for doing a scan. If this happens press Alt + Spacebar. A menu will come open, make sure you select maximize then run the scan. If that does not help, then you may have to run your scan in normal mode and advise your helper afterwards.)

    Scan with AVG Anti-Spyware as follows:
    • Click on the "Scanner" button and choose the "Settings" tab.
    • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
    • Under "How to Scan? ", "Possibly unwanted software", and What to Scan?" leave all the default settings.
    • Under "Reports" select "Do not automatically generate reports".
    • Click the "Scan" tab to return to scanning options.
    • Click "Complete System Scan" to start.
    • When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.
    • You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
    IMPORTANT! Do not save the report before you have clicked the :Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
    • Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
    • Exit AVG Anti-Spyware when done, reboot normally and post the log report in your next response.
    Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

    AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can continue to use as an on-demand scanner or you may purchase a license to use the full version. We are installing AVG Anti-Spyware with its real-time protection disabled. Once your system is clean you may re-enable it so you can continue using this feature for the remainder of the trial period.


    Please go HERE to run Panda's ActiveScan
    • You need to use IE to run this scan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


    Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.
     
  14. kemet3

    kemet3 Thread Starter

    Joined:
    Oct 9, 2003
    Messages:
    71
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 10:17:20 PM 1/25/2008

    + Scan result:



    C:\WINDOWS\dinst.exe -> Adware.BetterInternet : Ignored.
    C:\WINDOWS\dinst.exe\Readme.txt -> Adware.BetterInternet : Ignored.
    C:\WINDOWS\dsr.dll -> Adware.BetterInternet : Ignored.
    C:\WINDOWS\dsr.dll\Readme.txt -> Adware.BetterInternet : Ignored.
    C:\WINDOWS\nail.exe -> Adware.BetterInternet : Ignored.
    C:\WINDOWS\nail.exe\Readme.txt -> Adware.BetterInternet : Ignored.
    C:\WINDOWS\svcproc.exe -> Adware.BetterInternet : Ignored.
    C:\WINDOWS\svcproc.exe\Readme.txt -> Adware.BetterInternet : Ignored.
    C:\WINDOWS\system32\drpmon.dll -> Adware.BetterInternet : Ignored.
    C:\WINDOWS\system32\drpmon.dll\Readme.txt -> Adware.BetterInternet : Ignored.
    C:\WINDOWS\bde -> Adware.BrilliantDigital : Ignored.
    C:\WINDOWS\ilookup -> Adware.eZula : Ignored.
    C:\WINDOWS\system32\mssearchnet.exe -> Hijacker.SpyAxe : Ignored.
    C:\WINDOWS\system32\mssearchnet.exe\Readme.txt -> Hijacker.SpyAxe : Ignored.
    C:\WINDOWS\system32\nvctrl.exe -> Hijacker.SpyAxe : Ignored.
    C:\WINDOWS\system32\nvctrl.exe\Readme.txt -> Hijacker.SpyAxe : Ignored.
    C:\WINDOWS\system32\dfrgsrv.exe -> Trojan.Small : Ignored.
    C:\WINDOWS\system32\dfrgsrv.exe\Readme.txt -> Trojan.Small : Ignored.
    C:\WINDOWS\system32\dxmpp.dll -> Trojan.Small : Ignored.
    C:\WINDOWS\system32\dxmpp.dll\Readme.txt -> Trojan.Small : Ignored.
    C:\WINDOWS\system32\ginuerep.dll -> Trojan.Small : Ignored.
    C:\WINDOWS\system32\ginuerep.dll\Readme.txt -> Trojan.Small : Ignored.
    Worm.Small.a : Ignored.


    ::Report end

    heres: the other:

    Incident Status Location

    Adware:adware/superspider Not disinfected c:\windows\system32\services
    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\ManGod\Desktop\New Folder\ComboFix.exe[nircmd.com]
    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\ManGod\Desktop\New Folder\ComboFix.exe[nircmd.cfexe]
    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\Nircmd.exe
    Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
    Hacktool:HackTool/WebCracker Not disinfected D:\BACKUP\DOCZ\HACK\hacking - WebSite PassWord Cracker.zip[webcrack.exe]
    Potentially unwanted tool:Application/NirCmd.A Not disinfected D:\BACKUP\GAMES\oblivionMODZ\animations\nircmd.zip[nircmd.exe]
    Adware:Adware/NaviPromo Not disinfected D:\Programs\Oblivion\Data\Textures\faces\oblivion.esm\0001c456_0.dds
    Potentially unwanted tool:Application/NirCmd.A Not disinfected D:\PROTECTION & TWEEKS\UTILITIES\ComboFix.exe[nircmd.com]
    Potentially unwanted tool:Application/NirCmd.A Not disinfected D:\PROTECTION & TWEEKS\UTILITIES\ComboFix.exe[nircmd.cfexe]
    Potentially unwanted tool:Application/NirCmd.A Not disinfected D:\PROTECTION & TWEEKS\UTILITIES\Misc Finders\ComboFix.exe[nircmd.exe]
    Potentially unwanted tool:Application/Processor Not disinfected D:\PROTECTION & TWEEKS\UTILITIES\SmitfraudFix\Process.exe
    Potentially unwanted tool:Application/SuperFast Not disinfected D:\PROTECTION & TWEEKS\UTILITIES\SmitfraudFix\restart.exe
    Potentially unwanted tool:Application/Processor Not disinfected D:\PROTECTION & TWEEKS\UTILITIES\SmitfraudFix\SmitfraudFix.zip[SmitfraudFix/Process.exe]
    Potentially unwanted tool:Application/SuperFast Not disinfected D:\PROTECTION & TWEEKS\UTILITIES\SmitfraudFix\SmitfraudFix.zip[SmitfraudFix/restart.exe]
    Spyware:Cookie/Cd Freaks Not disinfected D:\Temp\Firefox 2.0.0.11 en-US - 2007-12-29.pcv[cookies.txt][.cdfreaks.com/]
    Spyware:Cookie/Cd Freaks Not disinfected D:\Temp\Firefox 2.0.0.11 en-US - 2007-12-29.pcv[cookies.txt][.club.cdfreaks.com/]
    Spyware:Cookie/Cd Freaks Not disinfected D:\Temp\Firefox 2.0.0.11 en-US - 2007-12-29.pcv[cookies.txt][.cdfreaks.com/]

    THX again and again
     
  15. kemet3

    kemet3 Thread Starter

    Joined:
    Oct 9, 2003
    Messages:
    71
    andalso the online scanner said some warning about this fiel:

    C windows system 32SHLWAPI.DLL
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/658746

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice