1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Laptop slowly dying with viruses...

Discussion in 'Virus & Other Malware Removal' started by LegoBlocks, Feb 13, 2010.

Thread Status:
Not open for further replies.
  1. LegoBlocks

    LegoBlocks Thread Starter

    Joined:
    Feb 13, 2010
    Messages:
    1
    Hi guys,

    I have a HP TC4400 Tablet laptop that is dying because of (I think) viruses.

    I first noticed a problem with google searches being hijacked and redirected to other sites, usually search sites or sketchy looking shopping sites. I read up on this online and found that the problem seems to be fairly common. Anyways, I tried running AVG, Symantec, MalwareBytes, Spybot SD, and none of them could find the hijack virus on my computer (though they found plenty of other stuff). I then tried out StopZilla, and it at least detected the hijacker, so I bought StopZilla and ran it (they make you buy the full version to remove threats- the freeware just detects threats) and StopZilla froze at 97% of threats removed. I don't know why or how. Anyways, my google searches are still being hijacked. Also, I often get messages from Symantec saying that it has found a trojan. The message goes "Action taken: Clean Succeeded, Access allowed."

    Furthermore, my computer is now slowing to a crawl. It takes literally 10-15 minutes to boot up, it is constantly indexing, and programs crash all the time (especially Word, Adobe Reader, and Mozilla/IE). Also, every time I boot up I get a message or two like this:

    AXWIN Frame Window: svchost.exe-Application Error
    The Instruction at "0x027ef7a0" referenced memory at "0x027ef7a0". The memory could not be "written". Click on OK to terminate the program. Click on Cancel to debug.


    If I click on OK, the message goes away and my computer continues booting up. If I click on 'cancel', the computer shuts down.

    Also, when I get these messages I also get a windows message saying that an exe process has been shut down to protect my computer, then it asks me to either file a report or not file the report to microsoft.

    When my computer freezes, I try to shut off the applications that are running and I always get the 'application not responding' message. I have tried just leaving the computer alone after trying to quit the application but the application stays frozen for at least an hour. I can't shut off the computer normally, so I have to do a hard reset (I think that's the right term? I mean I just hold the power button til it shuts off.) When I turn it on again, I get a black screen with white letters saying there was a problem starting XP, and it asks me if I want to start Windows in the normal mode or if I want to start Windows in the last known configuration that worked. I have tried either and I can't tell the difference- windows seems to start up OK.

    Also, I can't access my task manager to see what's going on. When I start it up, the icon appears in the tray but I can't blow it up to look at the applications that are running.

    One more thing that might be helpful- at one point early on Symantec gave me a message about a trojan or virus being found, and I figured I'd try to manually remove it. IIRC it was found in one of the hidden temporary internet folders, so I went in there to try and find the virus and delete the file. (My thinking was that the virus that symantec had found was probably the virus that was hijacking my google searches, and that Symantec was just somehow not taking care of the virus on its own i.e. the file hadn't actually been cleaned.) Anyways, I erased a bunch of stuff in there and then when I restarted my computer I got this weird blue screen and some kind of error messages and it looked like it was one of those old computers that you had to use a dos prompt for and I never learned about and it was running through a bunch of processes or something (it would say like 'doing such and such' and then a little % number would come up and it would shoot up to 100 and then the next line would say 'doing something else now' and the same thing etc.). When my computer came back on in and I got the desktop, there was a .txt file on my desktop that I don't understand.

    Please find below the .txt that I didn't understand (which I think might have something to do with the error messages that I'm getting on startup), and below that my HijackThis .txt


    .txt THAT I DON'T UNDERSTAND
    #
    # A fatal error has been detected by the Java Runtime Environment:
    #
    # EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x6d95f7b6, pid=3520, tid=3736
    #
    # JRE version: 6.0_15-b03
    # Java VM: Java HotSpot(TM) Client VM (14.1-b02 mixed mode, sharing windows-x86 )
    # Problematic frame:
    # V [jvm.dll+0x15f7b6]
    #
    # If you would like to submit a bug report, please visit:
    # http://java.sun.com/webapps/bugreport/crash.jsp
    #

    --------------- T H R E A D ---------------

    Current thread (0x02a6b400): VMThread [stack: 0x02b50000,0x02ba0000] [id=3736]

    siginfo: ExceptionCode=0xc0000005, reading address 0x41416b49

    Registers:
    EAX=0x49494949, EBX=0x02a6bd9c, ECX=0x41416b41, EDX=0x02a6ba50
    ESP=0x02b9f9dc, EBP=0x02b9f9dc, ESI=0x41416b41, EDI=0x02b9fa8c
    EIP=0x6d95f7b6, EFLAGS=0x00010212

    Top of Stack: (sp=0x02b9f9dc)
    0x02b9f9dc: 02b9fa3c 6d8b1f87 49494949 03152400
    0x02b9f9ec: 02b9fa8c 00000001 0000001a 02b9fa40
    0x02b9f9fc: 00919e15 02b9fa14 6d87b504 6d87b524
    0x02b9fa0c: 03152400 02b9fa40 02b9fa24 6d859b00
    0x02b9fa1c: 6d859b18 02b9fa8c 02a6b400 6d8b25af
    0x02b9fa2c: 0405f760 0405f794 00919e15 02a6ba4c
    0x02b9fa3c: 02b9fa54 6d8b2302 02b9fc88 02b9faa4
    0x02b9fa4c: 00000001 02b9fc88 02b9fb6c 6d9ce075

    Instructions: (pc=0x6d95f7b6)
    0x6d95f7a6: 40 10 5d c3 cc cc cc cc cc cc 55 8b ec 8b 45 08
    0x6d95f7b6: 2b 41 08 83 e8 30 5d c2 04 00 55 8b ec 53 56 8b


    Stack: [0x02b50000,0x02ba0000], sp=0x02b9f9dc, free space=318k
    Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
    V [jvm.dll+0x15f7b6]
    V [jvm.dll+0xb1f87]
    V [jvm.dll+0xb2302]
    V [jvm.dll+0x1ce075]
    V [jvm.dll+0x1ce44a]
    V [jvm.dll+0x1962f4]
    V [jvm.dll+0xc692f]
    V [jvm.dll+0xa333c]
    V [jvm.dll+0xc790c]
    V [jvm.dll+0x7d50b]
    V [jvm.dll+0x1e6a9b]
    V [jvm.dll+0x1e9263]
    V [jvm.dll+0x1e84fe]
    V [jvm.dll+0x1e884c]
    V [jvm.dll+0x1e8c72]
    V [jvm.dll+0x173e4c]
    C [msvcr71.dll+0x9565]
    C [kernel32.dll+0xb729]

    VM_Operation (0x041df980): GenCollectForAllocation, mode: safepoint, requested by thread 0x03192800


    --------------- P R O C E S S ---------------

    Java Threads: ( => current thread )
    0x03195800 JavaThread "Java Sound Event Dispatcher" daemon [_thread_blocked, id=2568, stack(0x04060000,0x040b0000)]
    0x03192800 JavaThread "Thread-11" [_thread_blocked, id=1580, stack(0x04190000,0x041e0000)]
    0x03157c00 JavaThread "Keep-Alive-Timer" daemon [_thread_blocked, id=4620, stack(0x04140000,0x04190000)]
    0x03152400 JavaThread "thread applet-Main.class-1" [_thread_in_native, id=5000, stack(0x04010000,0x04060000)]
    0x0314d800 JavaThread "AWT-EventQueue-2" [_thread_blocked, id=5108, stack(0x03fc0000,0x04010000)]
    0x0313c400 JavaThread "Applet 1 LiveConnect Worker Thread" [_thread_blocked, id=3716, stack(0x03060000,0x030b0000)]
    0x03121000 JavaThread "Browser Side Object Cleanup Thread" [_thread_blocked, id=2736, stack(0x03580000,0x035d0000)]
    0x03138400 JavaThread "Image Fetcher 3" daemon [_thread_blocked, id=4952, stack(0x036c0000,0x03710000)]
    0x03134400 JavaThread "AWT-Shutdown" [_thread_blocked, id=5040, stack(0x03670000,0x036c0000)]
    0x03131800 JavaThread "Windows Tray Icon Thread" [_thread_in_native, id=716, stack(0x034e0000,0x03530000)]
    0x03131000 JavaThread "CacheCleanUpThread" daemon [_thread_blocked, id=4392, stack(0x03360000,0x033b0000)]
    0x03122c00 JavaThread "CacheMemoryCleanUpThread" daemon [_thread_blocked, id=596, stack(0x03620000,0x03670000)]
    0x03119000 JavaThread "Java Plug-In Heartbeat Thread" [_thread_blocked, id=4216, stack(0x03530000,0x03580000)]
    0x03115c00 JavaThread "AWT-Windows" daemon [_thread_in_native, id=4356, stack(0x033b0000,0x03400000)]
    0x03113800 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=4068, stack(0x03310000,0x03360000)]
    0x02b4d400 JavaThread "Java Plug-In Pipe Worker Thread (Client-Side)" daemon [_thread_in_native, id=188, stack(0x030c0000,0x03110000)]
    0x02b47800 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=4336, stack(0x02fd0000,0x03020000)]
    0x02ad5400 JavaThread "Timer-0" [_thread_blocked, id=4996, stack(0x02f80000,0x02fd0000)]
    0x02ab9000 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=4628, stack(0x02d30000,0x02d80000)]
    0x02ab2c00 JavaThread "CompilerThread0" daemon [_thread_blocked, id=5404, stack(0x02ce0000,0x02d30000)]
    0x02ab1400 JavaThread "Attach Listener" daemon [_thread_blocked, id=3524, stack(0x02c90000,0x02ce0000)]
    0x02ab0000 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=1668, stack(0x02c40000,0x02c90000)]
    0x02a71800 JavaThread "Finalizer" daemon [_thread_blocked, id=3812, stack(0x02bf0000,0x02c40000)]
    0x02a6cc00 JavaThread "Reference Handler" daemon [_thread_blocked, id=5052, stack(0x02ba0000,0x02bf0000)]
    0x002b6800 JavaThread "main" [_thread_blocked, id=3848, stack(0x008c0000,0x00910000)]

    Other Threads:
    =>0x02a6b400 VMThread [stack: 0x02b50000,0x02ba0000] [id=3736]
    0x02abb400 WatcherThread [stack: 0x02d80000,0x02dd0000] [id=1332]

    VM state:at safepoint (normal execution)

    VM Mutex/Monitor currently owned by a thread: ([mutex/lock_event])
    [0x002b57c0] Threads_lock - owner thread: 0x02a6b400
    [0x002b5bd0] Heap_lock - owner thread: 0x03192800

    Heap
    def new generation total 960K, used 959K [0x22990000, 0x22a90000, 0x22e70000)
    eden space 896K, 99% used [0x22990000, 0x22a6fff8, 0x22a70000)
    from space 64K, 100% used [0x22a70000, 0x22a80000, 0x22a80000)
    to space 64K, 1% used [0x22a80000, 0x22a803c0, 0x22a90000)
    tenured generation total 4096K, used 562K [0x22e70000, 0x23270000, 0x26990000)
    the space 4096K, 13% used [0x22e70000, 0x22efcac8, 0x22efcc00, 0x23270000)
    compacting perm gen total 12288K, used 2465K [0x26990000, 0x27590000, 0x2a990000)
    the space 12288K, 20% used [0x26990000, 0x26bf86a8, 0x26bf8800, 0x27590000)
    ro space 8192K, 63% used [0x2a990000, 0x2aea9920, 0x2aea9a00, 0x2b190000)
    rw space 12288K, 53% used [0x2b190000, 0x2b804dd0, 0x2b804e00, 0x2bd90000)

    Dynamic libraries:
    0x00400000 - 0x00424000 C:\Program Files\Java\jre6\bin\java.exe
    0x7c900000 - 0x7c9b2000 C:\WINDOWS\system32\ntdll.dll
    0x7c800000 - 0x7c8f6000 C:\WINDOWS\system32\kernel32.dll
    0x77dd0000 - 0x77e6b000 C:\WINDOWS\system32\ADVAPI32.dll
    0x77e70000 - 0x77f02000 C:\WINDOWS\system32\RPCRT4.dll
    0x77fe0000 - 0x77ff1000 C:\WINDOWS\system32\Secur32.dll
    0x7c340000 - 0x7c396000 C:\Program Files\Java\jre6\bin\msvcr71.dll
    0x6d800000 - 0x6da8b000 C:\Program Files\Java\jre6\bin\client\jvm.dll
    0x7e410000 - 0x7e4a1000 C:\WINDOWS\system32\USER32.dll
    0x77f10000 - 0x77f59000 C:\WINDOWS\system32\GDI32.dll
    0x76b40000 - 0x76b6d000 C:\WINDOWS\system32\WINMM.dll
    0x76390000 - 0x763ad000 C:\WINDOWS\system32\IMM32.DLL
    0x629c0000 - 0x629c9000 C:\WINDOWS\system32\LPK.DLL
    0x74d90000 - 0x74dfb000 C:\WINDOWS\system32\USP10.dll
    0x6d7b0000 - 0x6d7bc000 C:\Program Files\Java\jre6\bin\verify.dll
    0x6d330000 - 0x6d34f000 C:\Program Files\Java\jre6\bin\java.dll
    0x6d290000 - 0x6d298000 C:\Program Files\Java\jre6\bin\hpi.dll
    0x76bf0000 - 0x76bfb000 C:\WINDOWS\system32\PSAPI.DLL
    0x6d7f0000 - 0x6d7ff000 C:\Program Files\Java\jre6\bin\zip.dll
    0x6d430000 - 0x6d436000 C:\Program Files\Java\jre6\bin\jp2native.dll
    0x6d1d0000 - 0x6d1e3000 C:\Program Files\Java\jre6\bin\deploy.dll
    0x77a80000 - 0x77b15000 C:\WINDOWS\system32\CRYPT32.dll
    0x77b20000 - 0x77b32000 C:\WINDOWS\system32\MSASN1.dll
    0x77c10000 - 0x77c68000 C:\WINDOWS\system32\msvcrt.dll
    0x7c9c0000 - 0x7d1d7000 C:\WINDOWS\system32\SHELL32.dll
    0x77f60000 - 0x77fd6000 C:\WINDOWS\system32\SHLWAPI.dll
    0x774e0000 - 0x7761d000 C:\WINDOWS\system32\ole32.dll
    0x77120000 - 0x771ab000 C:\WINDOWS\system32\OLEAUT32.dll
    0x3d930000 - 0x3da16000 C:\WINDOWS\system32\WININET.dll
    0x02dd0000 - 0x02dd9000 C:\WINDOWS\system32\Normaliz.dll
    0x78130000 - 0x78262000 C:\WINDOWS\system32\urlmon.dll
    0x3dfd0000 - 0x3e1b8000 C:\WINDOWS\system32\iertutil.dll
    0x773d0000 - 0x774d3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
    0x6d6b0000 - 0x6d6f3000 C:\Program Files\Java\jre6\bin\regutils.dll
    0x77c00000 - 0x77c08000 C:\WINDOWS\system32\VERSION.dll
    0x7d1e0000 - 0x7d49c000 C:\WINDOWS\system32\msi.dll
    0x6d610000 - 0x6d623000 C:\Program Files\Java\jre6\bin\net.dll
    0x71ab0000 - 0x71ac7000 C:\WINDOWS\system32\WS2_32.dll
    0x71aa0000 - 0x71aa8000 C:\WINDOWS\system32\WS2HELP.dll
    0x6d630000 - 0x6d639000 C:\Program Files\Java\jre6\bin\nio.dll
    0x6d000000 - 0x6d14a000 C:\Program Files\Java\jre6\bin\awt.dll
    0x73000000 - 0x73026000 C:\WINDOWS\system32\WINSPOOL.DRV
    0x74720000 - 0x7476c000 C:\WINDOWS\system32\MSCTF.dll
    0x77b40000 - 0x77b62000 C:\WINDOWS\system32\apphelp.dll
    0x755c0000 - 0x755ee000 C:\WINDOWS\system32\msctfime.ime
    0x47fb0000 - 0x47fe6000 C:\Program Files\Common Files\Microsoft Shared\Ink\tiptsf.dll
    0x74c80000 - 0x74cac000 C:\WINDOWS\system32\OLEACC.dll
    0x76080000 - 0x760e5000 C:\WINDOWS\system32\MSVCP60.dll
    0x76fd0000 - 0x7704f000 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77050000 - 0x77115000 C:\WINDOWS\system32\COMRes.dll
    0x605d0000 - 0x605d9000 C:\WINDOWS\system32\mslbui.dll
    0x6d230000 - 0x6d284000 C:\Program Files\Java\jre6\bin\fontmanager.dll
    0x71a50000 - 0x71a8f000 C:\WINDOWS\System32\mswsock.dll
    0x76f20000 - 0x76f47000 C:\WINDOWS\system32\DNSAPI.dll
    0x76fb0000 - 0x76fb8000 C:\WINDOWS\System32\winrnr.dll
    0x76f60000 - 0x76f8c000 C:\WINDOWS\system32\WLDAP32.dll
    0x76fc0000 - 0x76fc6000 C:\WINDOWS\system32\rasadhlp.dll
    0x662b0000 - 0x66308000 C:\WINDOWS\system32\hnetcfg.dll
    0x71a90000 - 0x71a98000 C:\WINDOWS\System32\wshtcpip.dll
    0x68000000 - 0x68036000 C:\WINDOWS\system32\rsaenh.dll
    0x769c0000 - 0x76a74000 C:\WINDOWS\system32\USERENV.dll
    0x5b860000 - 0x5b8b5000 C:\WINDOWS\system32\netapi32.dll
    0x6d520000 - 0x6d544000 C:\Program Files\Java\jre6\bin\jsound.dll
    0x6d550000 - 0x6d558000 C:\Program Files\Java\jre6\bin\jsoundds.dll
    0x73f10000 - 0x73f6c000 C:\WINDOWS\system32\DSOUND.dll
    0x76c30000 - 0x76c5e000 C:\WINDOWS\system32\WINTRUST.dll
    0x76c90000 - 0x76cb8000 C:\WINDOWS\system32\IMAGEHLP.dll
    0x72d20000 - 0x72d29000 C:\WINDOWS\system32\wdmaud.drv
    0x72d10000 - 0x72d18000 C:\WINDOWS\system32\msacm32.drv
    0x77be0000 - 0x77bf5000 C:\WINDOWS\system32\MSACM32.dll
    0x77bd0000 - 0x77bd7000 C:\WINDOWS\system32\midimap.dll
    0x76ee0000 - 0x76f1c000 C:\WINDOWS\system32\RASAPI32.dll
    0x76e90000 - 0x76ea2000 C:\WINDOWS\system32\rasman.dll
    0x76eb0000 - 0x76edf000 C:\WINDOWS\system32\TAPI32.dll
    0x76e80000 - 0x76e8e000 C:\WINDOWS\system32\rtutils.dll
    0x77c70000 - 0x77c95000 C:\WINDOWS\system32\msv1_0.dll
    0x76790000 - 0x7679c000 C:\WINDOWS\system32\cryptdll.dll
    0x76d60000 - 0x76d79000 C:\WINDOWS\system32\iphlpapi.dll
    0x722b0000 - 0x722b5000 C:\WINDOWS\system32\sensapi.dll

    VM Arguments:
    jvm_args: -D__jvm_launched=1092573795 -Xbootclasspath/a:C:\PROGRA~1\Java\jre6\lib\deploy.jar;C:\PROGRA~1\Java\jre6\lib\javaws.jar;C:\PROGRA~1\Java\jre6\lib\plugin.jar
    java_command: sun.plugin2.main.client.PluginMain write_pipe_name=jpi2_pid4940_pipe3,read_pipe_name=jpi2_pid4940_pipe2
    Launcher Type: SUN_STANDARD

    Environment Variables:
    PATH=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
    USERNAME=TABLETPC
    OS=Windows_NT
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel



    --------------- S Y S T E M ---------------

    OS: Windows XP Build 2600 Service Pack 3

    CPU:total 2 (2 cores per cpu, 1 threads per core) family 6 model 15 stepping 6, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ssse3

    Memory: 4k page, physical 1039724k(89532k free), swap 1712760k(672352k free)

    vm_info: Java HotSpot(TM) Client VM (14.1-b02) for windows-x86 JRE (1.6.0_15-b03), built on Jul 25 2009 01:22:46 by "java_re" with MS VC++ 7.1

    time: Fri Dec 18 09:32:31 2009
    elapsed time: 9 seconds



    MY HIJACK THIS LOG

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:58:29 PM, on 2/11/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
    C:\WINDOWS\SYSTEM32\WISPTIS.EXE
    C:\WINDOWS\System32\tabbtnu.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\PROGRA~1\NavNT\DefWatch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\NavNT\Rtvscan.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\UltraVNC\winvnc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\AccelerometerSt.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Novatel Wireless\SprintPort\SprintPortA.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\STOPzilla!\STOPzilla.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
    O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll
    O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
    O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SprintPort] "C:\Program Files\Novatel Wireless\SprintPort\SprintPortA.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User '?')
    O4 - HKUS\S-1-5-21-3538877286-3783471612-1777589304-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - S-1-5-21-3538877286-3783471612-1777589304-1008 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User '?')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
    O4 - Global Startup: VPN Client.lnk = ?
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/oculottawa/support/plugins/ebraryRdr.cab
    O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1191354081267
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1191354056530
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\Rtvscan.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
    O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\winvnc.exe

    --
    End of file - 12768 bytes





    Thanks in advance for any help you can provide. I really hope I haven't noobed my computer broken beyond repair.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/902636

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice