1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Slow computer / Adware - HJT Log PLEASE!!!

Discussion in 'Virus & Other Malware Removal' started by Leafs567, Feb 16, 2007.

Thread Status:
Not open for further replies.
  1. Leafs567

    Leafs567 Thread Starter

    Joined:
    Feb 14, 2007
    Messages:
    3
    Hi, my computer has been really slow lately and I've noticed some adware popping up a few times a day. It is especially slow when using the internet but I don't believe that is a result of any internet connection problems but rather due to some virus/spyware.

    One thing that I thought was suspicious was a program called IpWins in the add/remove program list. I tried removing it but it was back at restart. However, I wasn't sure what to do so I wanted to post a log for an expert to check. Please help!!!

    Log:

    ComboScan v20070212.14 run by Owner on 2007-02-16 at 23:42:59
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    Successfully created restore point.
    Performed disk cleanup.


    -- HijackThis log (run as Owner.com) --------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 11:43:33 PM, on 2/16/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\LG Software\Battery Miser 2005\batterymiser.exe
    C:\Program Files\LG Software\On Screen Display\Hotkey.exe
    C:\Program Files\LG Software\IP Operator 2005\IP Operator 2005.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Softwin\BitDefender8\bdnagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\lg_swupdate\Gilautouc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Owner\Desktop\comboscan.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\~ygnphwh.tmp\Owner.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{30725~1\Bar888.dll (file missing)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{30725~1\Bar888.dll (file missing)
    O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\autoupdate.exe" Gilautouc
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [batterymiser] "C:\Program Files\LG Software\Battery Miser 2005\batterymiser.exe"
    O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\LG Software\On Screen Display\Hotkey.exe"
    O4 - HKLM\..\Run: [IPO3] "C:\Program Files\LG Software\IP Operator 2005\IP Operator 2005.exe" -aUtOsTaRtFrOmReG
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [{E0725A95-06C1-1033-0729-050607200001}] "C:\Program Files\Common Files\{E0725A95-06C1-1033-0729-050607200001}\Update.exe" te-110-12-0000245
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147284110937
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.72.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000245 (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe


    -- File Associations ------------------------------------------------------------

    .bat - batfile - "%1" %*
    .chm - chm.file - "C:\WINDOWS\hh.exe" %1
    .com - comfile - "%1" %*
    .exe - exefile - "%1" %*
    .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
    .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
    .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
    .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
    .lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
    .pif - piffile - "%1" %*
    .reg - regfile - regedit.exe "%1"
    .scr - scrfile - "%1" /S
    .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
    .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

    0 ACPIEC (Microsoft Embedded Controller Driver) - system32\DRIVERS\ACPIEC.sys
    3 AgereSoftModem (Agere Systems Soft Modem) - system32\DRIVERS\AGRSM.sys
    ? Antispy - \??\C:\Program Files\SpyBro\Antispy.sys
    3 Arp1394 (1394 ARP Client Protocol) - system32\DRIVERS\arp1394.sys
    3 cmudax (C-Media High Definition Audio Interface) - system32\drivers\cmudax.sys
    3 dtscsi - \SystemRoot\System32\Drivers\dtscsi.sys
    3 HdAudAddService (Microsoft UAA Function Driver for High Definition Audio Service) - system32\drivers\HdAudio.sys
    3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - system32\DRIVERS\HDAudBus.sys
    3 HidUsb (Microsoft HID Class Driver) - system32\DRIVERS\hidusb.sys
    3 ialm - system32\DRIVERS\ialmnt5.sys
    1 ikhlayer (Kernel Anti-Spyware Driver) - \??\C:\WINDOWS\system32\drivers\ikhlayer.sys
    1 InCDPass - System32\DRIVERS\InCDPass.sys
    1 intelppm (Intel Processor Driver) - system32\DRIVERS\intelppm.sys
    2 irda (IrDA Protocol) - system32\DRIVERS\irda.sys
    3 Jukebox - system32\DRIVERS\ctpdusb2.sys
    3 lgsnd_filter - system32\drivers\lgsnd_filter.sys
    3 mouhid (Mouse HID Driver) - system32\DRIVERS\mouhid.sys
    3 NAVENG - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060809.018\NAVENG.Sys
    3 NAVEX15 - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060809.018\NavEx15.Sys
    1 Ndisipo (NDIS Protocol Driver for IPO3) - system32\DRIVERS\ndisipo.sys
    3 NIC1394 (1394 Net Driver) - system32\DRIVERS\nic1394.sys
    0 ohci1394 (Texas Instruments OHCI Compliant IEEE 1394 Host Controller) - system32\DRIVERS\ohci1394.sys
    0 PCIIde - system32\DRIVERS\pciide.sys
    0 Pcmcia - system32\DRIVERS\pcmcia.sys
    3 Pcouffin (Low level access layer for CD devices) - System32\Drivers\Pcouffin.sys
    0 PxHelp20 - System32\Drivers\PxHelp20.sys
    3 Rasirda (WAN Miniport (IrDA)) - system32\DRIVERS\rasirda.sys
    3 SAVRT - \??\C:\Program Files\Norton AntiVirus\SAVRT.SYS
    1 SAVRTPEL - \??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS
    3 SMCIRDA (SMC IrCC Miniport Device Driver) - system32\DRIVERS\smcirda.sys
    3 SONYPVU1 (Sony USB Filter Driver (SONYPVU1)) - system32\DRIVERS\SONYPVU1.SYS
    1 SPBBCDrv - \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    0 sptd - System32\Drivers\sptd.sys
    3 SYMDNS - \SystemRoot\System32\Drivers\SYMDNS.SYS
    3 SymEvent - \??\C:\Program Files\Symantec\SYMEVENT.SYS
    3 SYMFW - \SystemRoot\System32\Drivers\SYMFW.SYS
    3 SYMIDS - \SystemRoot\System32\Drivers\SYMIDS.SYS
    3 SYMIDSCO - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20070214.003\symidsco.sys
    3 SYMNDIS - \SystemRoot\System32\Drivers\SYMNDIS.SYS
    3 SYMREDRV - \SystemRoot\System32\Drivers\SYMREDRV.SYS
    1 SYMTDI - \SystemRoot\System32\Drivers\SYMTDI.SYS
    3 SynTP (Synaptics TouchPad Driver) - system32\DRIVERS\SynTP.sys
    3 tifm - system32\drivers\tifm.sys
    3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - system32\DRIVERS\usbehci.sys
    3 usbprint (Microsoft USB PRINTER Class) - system32\DRIVERS\usbprint.sys
    3 USBSTOR (USB Mass Storage Driver) - system32\DRIVERS\USBSTOR.SYS
    3 w29n51 (Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP) - system32\DRIVERS\w29n51.sys
    1 WmiAcpi (Microsoft Windows Management Interface for ACPI) - system32\DRIVERS\wmiacpi.sys
    1 WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - \SystemRoot\System32\drivers\ws2ifsl.sys
    3 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - system32\DRIVERS\WudfPf.sys
    3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - system32\DRIVERS\wudfrd.sys
    3 yukonwxp (NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller) - system32\DRIVERS\yk51x86.sys


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    2 Automatic LiveUpdate Scheduler - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
    2 ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    3 ccPwdSvc (Symantec Password Validation) - "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
    2 ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    2 COM+ Messages - "C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000245
    3 IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
    2 InCDsrv (InCD Helper) - C:\Program Files\Ahead\InCD\InCDsrv.exe
    2 Irmon (Infrared Monitor) - %SystemRoot%\system32\svchost.exe -k netsvcs
    3 LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
    2 navapsvc (Norton AntiVirus Auto-Protect Service) - "C:\Program Files\Norton AntiVirus\navapsvc.exe"
    2 NPFMntor (Norton AntiVirus Firewall Monitor Service) - "C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"
    3 SAVScan - "C:\Program Files\Norton AntiVirus\SAVScan.exe"
    2 SBService (ScriptBlocking Service) - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    2 SDhelper (PC Tools Spyware Doctor) - C:\Program Files\Spyware Doctor\sdhelp.exe
    3 SNDSrvc (Symantec Network Drivers Service) - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
    2 SPBBCSvc (Symantec SPBBCSvc) - "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
    3 usnjsvc (Messenger Sharing Folders USN Journal Reader service) - "C:\Program Files\MSN Messenger\usnsvc.exe"
    3 WMPNetworkSvc (Windows Media Player Network Sharing Service) - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
    3 WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - %SystemRoot%\system32\svchost.exe -k WudfServiceGroup


    -- Scheduled Tasks --------------------------------------------------------------

    2007-02-10 00:14:05 530 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Owner.job<NORTON~1.JOB>
    2006-05-05 20:03:48 106 --a------ C:\WINDOWS\Tasks\Low Battery Alarm Program.job<LOWBAT~1.JOB>
    2006-05-05 20:03:48 106 --a------ C:\WINDOWS\Tasks\Critical Battery Alarm Program.job<CRITIC~1.JOB>


    -- Files created between 2007-01-16 and 2007-02-16 ------------------------------

    2007-02-16 22:14:47 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
    2007-02-16 22:14:43 0 d-------- C:\WINDOWS\LastGood
    2007-02-16 21:28:03 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
    2007-02-16 21:23:45 0 d-------- C:\Program Files\Lavasoft
    2007-02-16 21:23:29 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
    2007-02-16 20:58:38 0 d-------- C:\Hijack This<HIJACK~1>
    2007-02-16 12:01:40 0 d-------- C:\Program Files\BitLord
    2007-02-16 11:40:05 0 d--h----- C:\Documents and Settings\Owner\Application Data\Move Networks<MOVENE~1>
    2007-02-14 07:48:03 14 --a------ C:\Documents and Settings\Owner\getfile.dat
    2007-02-14 00:51:30 14 --a------ C:\WINDOWS\system32\getfile.dat
    2007-02-04 16:25:21 0 d-------- C:\Documents and Settings\Owner\Application Data\BearShare<BEARSH~1>
    2007-02-04 16:24:54 0 d-------- C:\Program Files\BearShare Applications<BEARSH~1>
    2007-02-02 21:35:29 0 d-------- C:\Documents and Settings\Owner\Application Data\3M
    2007-01-21 19:25:57 6444066 --a------ C:\Program Files\drjava-stable-20061025-1556.exe<DRJAVA~1.EXE><Unsigned: n/a>
    2007-01-21 18:40:20 0 d-------- C:\Documents and Settings\Owner\.SunDownloadManager<SUNDOW~1>
    2007-01-21 15:43:32 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
    2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll<Signed: Microsoft Corp.>
    2007-01-16 15:48:36 0 d--h----- C:\Program Files\Common Files\Uninstall Information<UNINST~1>
    2007-01-16 02:45:32 0 d-------- C:\Program Files\PeDevice


    -- Find3M Report ----------------------------------------------------------------

    2007-02-16 22:55:05 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~1>
    2007-02-16 22:54:46 0 d-------- C:\Program Files\lg_swupdate<LG_SWU~1>
    2007-02-16 22:54:40 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
    2007-02-16 22:54:20 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
    2007-02-16 22:53:52 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
    2007-02-16 22:53:37 0 d-------- C:\Program Files\Norton AntiVirus<NORTON~1>
    2007-02-16 22:53:22 0 d-------- C:\Program Files\Messenger<MESSEN~1>
    2007-02-16 22:12:08 0 d-------- C:\Program Files\Common Files\{E0725A95-06C1-1033-0729-050607200001}<{E0725~1>
    2007-02-16 22:12:07 0 d-------- C:\Program Files\Common Files\{30725A95-06C1-1033-0729-050607200001}<{30725~1>
    2007-02-16 12:24:21 0 d-------- C:\Documents and Settings\Owner\Application Data\Azureus
    2007-02-14 16:17:16 0 d-------- C:\Program Files\Azureus
    2007-02-13 23:24:52 0 d-------- C:\Program Files\Steam
    2007-02-11 20:08:27 0 d-------- C:\Program Files\PokerStars<POKERS~1>
    2007-01-29 00:11:01 0 d-------- C:\Program Files\DC++<DC__~1>
    2007-01-28 21:25:31 0 d-------- C:\Program Files\Java
    2007-01-28 21:14:25 0 d-------- C:\Program Files\InetGet2
    2007-01-15 23:04:00 0 d-------- C:\Program Files\??stem32
    2007-01-15 12:49:59 32177 ---hs---- C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe<YAZZLE~2.EXE>
    2007-01-15 10:06:16 0 d-------- C:\Program Files\Roguescanfix<ROGUES~1>
    2007-01-15 09:55:22 0 d-------- C:\Program Files\AntiVerminser<ANTIVE~1>
    2007-01-15 09:48:15 4688 --a------ C:\WINDOWS\system32\tmp.reg
    2007-01-15 09:16:19 92485 --a------ C:\tdd.exe<Unsigned: n/a>
    2007-01-15 00:49:27 0 d-------- C:\Program Files\Morpheus
    2007-01-13 01:18:27 0 d-------- C:\Program Files\MorpheusBar<MORPHE~1>
    2007-01-06 17:31:40 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype
    2007-01-06 14:31:07 0 d-------- C:\Program Files\Skype
    2007-01-06 14:31:07 0 d-------- C:\Program Files\Common Files\Skype
    2007-01-06 00:14:33 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
    2007-01-06 00:13:09 0 d-------- C:\Program Files\PartyGaming<PARTYG~1>
    2007-01-03 16:19:56 171008 ---hs---- C:\Program Files\Common Files\Yazzle1122OinAdmin.exe<YAZZLE~1.EXE>
    2006-12-26 20:39:26 0 d-------- C:\Program Files\TVUPlayer<TVUPLA~1>
    2006-12-19 21:15:01 0 d-------- C:\Program Files\PPMate
    2006-12-19 21:13:47 0 d-------- C:\Documents and Settings\Owner\Application Data\PPMate
    2006-12-19 21:13:33 0 d-------- C:\Program Files\Common Files\Synacast
    2006-12-11 22:30:44 183808 --a-s---- C:\WINDOWS\NDNuninstall7_48.exe<NDNUNI~2.EXE><Unsigned: n/a>
    2006-11-25 20:55:57 17 --a------ C:\WINDOWS\popcinfo.dat


    -- Registry Dump ----------------------------------------------------------------


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "Steam"=""
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "LG Intelligent Update"="\"C:\\Program Files\\lg_swupdate\\autoupdate.exe\" Gilautouc"
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe"
    "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
    "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "AGRSMMSG"="AGRSMMSG.exe"
    "batterymiser"="\"C:\\Program Files\\LG Software\\Battery Miser 2005\\batterymiser.exe\""
    "KeybdUtility"="\"C:\\Program Files\\LG Software\\On Screen Display\\Hotkey.exe\""
    "IPO3"="\"C:\\Program Files\\LG Software\\IP Operator 2005\\IP Operator 2005.exe\" -aUtOsTaRtFrOmReG"
    "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
    "Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
    "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
    "InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "mmtask"="\"C:\\Program Files\\MUSICMATCH\\Musicmatch Jukebox\\mmtask.exe\""
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
    "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
    "{E0725A95-06C1-1033-0729-050607200001}"="\"C:\\Program Files\\Common Files\\{E0725A95-06C1-1033-0729-050607200001}\\Update.exe\" te-110-12-0000245"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"="BatteryMiser Psap Shl Ext"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"=""

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoCDBurning"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "none"="C:\\Program Files\\Video ActiveX Object\\pmsngr.exe"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



    -- End of ComboScan: finished at 2007-02-16 at 23:44:19 -------------------------




    Let me know if you require any further information. I look forward to hearing from someone soon.
     
  2. Leafs567

    Leafs567 Thread Starter

    Joined:
    Feb 14, 2007
    Messages:
    3
    ComboScan v20070212.14 run by Owner on 2007-02-16 at 23:42:59
    Supplementary logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information -----------------------------------------------------------

    Microsoft Windows XP Home Edition (build 2600) SP 2.0
    Architecture: X86; Language: English

    CPU 0: Intel(R) Pentium(R) M processor 1.73GHz
    Percentage of Memory in Use: 52%
    Physical Memory (total/avail): 1014.11 MiB / 480.22 MiB
    Pagefile Memory (total/avail): 2440.81 MiB / 2081.86 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1993.68 MiB

    C: is Fixed (NTFS) - 55.88 GiB total, 24.23 GiB free.
    D: is CDROM (No Media)
    E: is CDROM (CDFS)


    -- Security Center --------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.

    FirstRunDisabled is set.
    AntiVirusDisableNotify is set.
    FirewallDisableNotify is set.

    FW: Norton Internet Worm Protection v2005 (Symantec) Disabled
    AV: Norton AntiVirus 2005 v2005 (Symantec Corporation) Outdated


    -- Environment Variables --------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Owner\Application Data
    CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=OWNER-0D08F8B55
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Owner
    LOGONSERVER=\\OWNER-0D08F8B55
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\Program Files\Mozilla Firefox\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0d08
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
    TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
    USERDOMAIN=OWNER-0D08F8B55
    USERNAME=Owner
    USERPROFILE=C:\Documents and Settings\Owner
    windir=C:\WINDOWS


    -- User Profiles ----------------------------------------------------------------

    Owner (admin)
    Administrator (admin)


    -- Add/Remove Programs ----------------------------------------------------------

    --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    --> C:\WINDOWS\NuNInst.exe /UNINSTALL
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EDA9289-CCA7-11D7-8466-00D0B726B56E}\Setup.exe" -l0x9
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
    Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
    Agere Systems HDA Modem --> agrsmdel
    Battery Miser --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E55C8F84-160B-41FA-9D41-6210801C0C24}\setup.exe"
    C-Media High Definition Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
    ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
    Cheating-Death 4.33.4 --> C:\Program Files\Cheating-Death\UninstCD.exe
    DC++ 0.691 --> "C:\Program Files\DC++\uninstall.exe"
    Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
    Dell DJ Explorer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EDA9289-CCA7-11D7-8466-00D0B726B56E}\Setup.exe" -l0x9 /remove
    DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Ez Troubleshooting Guide --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1D4F6BD-F335-4E60-A56A-3ADCCFF8903B}\setup.exe"
    Ez User's Guide --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E713E222-AF67-47DF-9D59-37A051083630}\setup.exe"
    High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 1.99.1 --> C:\Documents and Settings\Owner\Desktop\HijackThis.exe /uninstall
    hp deskjet 3420 series --> rundll32 hpzcon07.dll,VendorJettison hp deskjet 3420 series
    Intel(R) Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
    Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
    IP Operator 2005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15EC1872-FEAC-4FF6-B2ED-B686BBE183D1}\setup.exe"
    J2SE Development Kit 5.0 Update 4 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150040}
    J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
    J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
    J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
    J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
    Lavasoft VX2 Cleaner --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\INSTALL.LOG
    LG Intelligent Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{81717D01-32F6-449C-85E1-41AFD678E545}\SETUP.EXE"
    LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
    LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    Macromedia Flash Player 8 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
    Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
    Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Move Networks Player for Firefox --> "C:\PROGRA~1\MOZILL~1\plugins\unins000.exe"
    Move Networks Player for Internet Explorer --> "C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\unins000.exe"
    Mozilla Firefox (1.5.0.9) --> C:\PROGRA~1\MOZILL~1\uninstall\uninstall.exe /ua "1.5.0.9 (en-US)"
    MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
    Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
    Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
    Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
    Norton AntiVirus 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
    Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
    Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
    Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
    On Screen Display --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC73C2D7-D10C-40F5-AD67-3E957EE9B6BC}\SETUP.exe"
    Outerinfo --> "C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe"
    Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
    PokerStars --> C:\Program Files\PokerStars\Uninstall.EXE /u:"PokerStars"
    PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
    Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
    QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
    R for Windows 2.3.0 --> "C:\Program Files\R\R-2.3.0\unins000.exe"
    RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
    Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
    Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" UNINSTALL
    SopCast 1.0.1 --> C:\Program Files\SopCast\uninst.exe
    SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
    Spyware Doctor 3.5 --> "C:\Program Files\Spyware Doctor\unins000.exe"
    Starcraft --> C:\WINDOWS\scunin.exe C:\WINDOWS\scunin.dat
    Steam(TM) --> C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
    Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
    Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
    SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
    Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    System Alert Popup --> C:\DOCUME~1\Owner\LOCALS~1\Temp\laf17D.tmp /del
    TVUPlayer 2.2.1.30 Beta --> C:\Program Files\TVUPlayer\uninst.exe
    VideoLAN VLC media player 0.8.5-test4 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
    Virtual Cable Tester --> MsiExec.exe /X{3D654496-9C3D-4565-858C-3E551ECDA4E2}
    WinAVI Video Converter 5.8 --> "C:\Program Files\WinAVI Video Converter\unins000.exe"
    Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
    Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
    XviD 1.1 final uninstall --> "C:\Program Files\XviD\unins000.exe"


    -- End of ComboScan: finished at 2007-02-16 at 23:44:19 -------------------------
     
  3. Leafs567

    Leafs567 Thread Starter

    Joined:
    Feb 14, 2007
    Messages:
    3
    In case the comboScan log isnt' what you need, I have also included a scan log using HJT:


    Logfile of HijackThis v1.99.1
    Scan saved at 11:56:31 PM, on 2/16/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\LG Software\Battery Miser 2005\batterymiser.exe
    C:\Program Files\LG Software\On Screen Display\Hotkey.exe
    C:\Program Files\LG Software\IP Operator 2005\IP Operator 2005.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Softwin\BitDefender8\bdnagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\lg_swupdate\Gilautouc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Hijack This\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{30725~1\Bar888.dll (file missing)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{30725~1\Bar888.dll (file missing)
    O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\autoupdate.exe" Gilautouc
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [batterymiser] "C:\Program Files\LG Software\Battery Miser 2005\batterymiser.exe"
    O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\LG Software\On Screen Display\Hotkey.exe"
    O4 - HKLM\..\Run: [IPO3] "C:\Program Files\LG Software\IP Operator 2005\IP Operator 2005.exe" -aUtOsTaRtFrOmReG
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [{E0725A95-06C1-1033-0729-050607200001}] "C:\Program Files\Common Files\{E0725A95-06C1-1033-0729-050607200001}\Update.exe" te-110-12-0000245
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147284110937
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.72.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000245 (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/544730

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice