Solved My CPU is [slow], need some help pls

Magman · 2007/12/14

[Resolved] My CPU is [slow], need some help pls

My CPU was recently attacked with Spyware and I believe I have it all quarantined or removed now but using the cpu is very, very slow and freezes all the time. I ran the Hijack this in hopes someone here can help me find the problems. If more info is needed let me know. Thanks in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:18 AM, on 12/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn1\YTBSDK.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe "
O4 - HKLM\..\Run: [Windows Generic Proc] procmsg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe "
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [Windows Generic Proc] procmsg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Generic Proc] procmsg.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vwurn] "C:\Documents and Settings\Maria Maguire\My Documents\?ystem\n?tepad.exe "
O4 - HKCU\..\Run: [Mvh] "C:\Program Files\Common Files\?dobe\l?ass.exe "
O4 - HKCU\..\Run: [Cqtzasab] "C:\Program Files\Common Files\??sembly\w?nspool.exe "
O4 - HKCU\..\Run: [Xilt] "C:\Documents and Settings\Maria Maguire\Application Data\a?sembly\d?dplay.exe "
O4 - HKCU\..\Run: [Abtnozv] "C:\Program Files\W?nSxS\j?vaw.exe "
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Uniblue ProcessQuickLink 2] "C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe" /autostart
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\RunServices: [Windows Generic Proc] procmsg.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk572DHUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137545603221
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Client Firewall Configuration (CfgWzSvc) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O24 - Desktop Component 0: (no name) - http://www.ringtones-direct.com/colour-gifs/130x98/27312.gif

--
End of file - 12313 bytes

Magman · 2007/12/14

So I was talking to a friend, he thinks my problem is a lack of memory but I have a 512MB RAM so I don't think it's that and everything was working way better than this a month ago. Obviously 1MB wouldn't hurt but, I believe something else is bogging it down.

On Task Manager, CPU usage ranges from 2-10-4-11-35% with 43 processes running. It takes approx. 45 seconds between each click of a mouse when navigating. When I have everything closed and click "MY Computer ", I get a rolling flashlight for about 20-30 seconds, then it opens. The computer is generally slow with everything I try to do and locks up quite a bit.

Appreciate any advice I can get from some pro's. Do these look suspicious?

O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)

O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)

broni · 2007/12/14

You have more problems, then those O2 entries. I'll analyze your log, and I'll post back shortly.

broni · 2007/12/14

1. I can't see any firewall running, unless you're using Windows firewall.

2. You have out dated Java, which is a security threat. Install the newest version: http://www.java.com/en/download/index.jsp

3. Run free online scan at: http://housecall.trendmicro.com/
Post HouseCall log.

4. Download and scan with SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Print this instructions out.

SUPERAntiSpyware should be run in Safe Mode.

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Under "Configuration and Preferences ", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan ", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK ".
* Make sure everything has a checkmark next to it and click "Next ".
* A notification will appear that "Quarantine and Removal is Complete ". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes ".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply with a new HijackThis log.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

5. Download the newest HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post new HijackThis log.

Magman · 2007/12/15

Firewall? I thought the OS along with Antivirus had that covered. Well I did some reading, guess I'll download Comodo firewall after running these scans and see if I can get that working. Did I mention my computer experience/knowledge was lacking? Thanks for the help, I'm working on the scans now.

broni · 2007/12/15

I thought the OS along with Antivirus had that covered.
Click to expand...

You may have your Windows built-in firewall on. Normally XP comes with it turned on by default. You have to check. You don't want to have TWO firewalls running at the same time.
To check...
Click Start, click Run, type Firewall.cpl, and then click OK.
You'll see then, if it's on, or off.

noahdfear · 2007/12/15

O23 - Service: Symantec Client Firewall Configuration (CfgWzSvc) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

broni · 2007/12/15

Yeah, I can see that. We'll have to sort it out, because I can see Norton firewall service running, but not firewall itself.
I can also see Norton antivirus service running, but not antivirus itself.
There is AVG antivirus running, though.
Norton firewall, and AV may be just disabled, but we won't know until OP will let us know.

Magman · 2007/12/15

Finally finished it all. Here's where I'm at now:
1. Installed new version of Java
2. Scanned using Housecall (twice) since the first time it found seven different threats. The second scan resulted in one more, deleted all.
* I could not find where to create a log file so I don't have one to post here.
3. Scanned using SuperAntispyware, No threats detected.

Below are the new SuperAntispyware log and HJT log.

From the latest posts, should I be concerned if I have different Firewalls installed? And, since I'm now using so many different variations of Spyware/Malware and Antivirus should I be concerned with conflicting software creating problems for each other? Thanks!!!

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/15/2007 at 11:28 AM

Application Version : 3.9.1008

Core Rules Database Version : 3143
Trace Rules Database Version: 1159

Scan type : Complete Scan
Total Scan Time : 00:17:56

Memory items scanned : 521
Memory threats detected : 0
Registry items scanned : 5790
Registry threats detected : 0
File items scanned : 7409
File threats detected : 0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:36 AM, on 12/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [Windows Generic Proc] procmsg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe "
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [Windows Generic Proc] procmsg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Generic Proc] procmsg.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vwurn] "C:\Documents and Settings\Maria Maguire\My Documents\?ystem\n?tepad.exe "
O4 - HKCU\..\Run: [Mvh] "C:\Program Files\Common Files\?dobe\l?ass.exe "
O4 - HKCU\..\Run: [Cqtzasab] "C:\Program Files\Common Files\??sembly\w?nspool.exe "
O4 - HKCU\..\Run: [Xilt] "C:\Documents and Settings\Maria Maguire\Application Data\a?sembly\d?dplay.exe "
O4 - HKCU\..\Run: [Abtnozv] "C:\Program Files\W?nSxS\j?vaw.exe "
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Uniblue ProcessQuickLink 2] "C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe" /autostart
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunServices: [Windows Generic Proc] procmsg.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137545603221
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Client Firewall Configuration (CfgWzSvc) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O24 - Desktop Component 0: (no name) - http://www.ringtones-direct.com/colour-gifs/130x98/27312.gif

--
End of file - 11781 bytes

broni · 2007/12/15

Just to answer couple of questions, first...

From the latest posts, should I be concerned if I have different Firewalls installed?
Click to expand...

You didn't tell me, if you checked, if Windows firewall is on, or off.
You can run only ONE firewall. What is Symantec status? Is it paid for, subscription expired, you disabled it? Let me know.

And, since I'm now using so many different variations of Spyware/Malware and Antivirus should I be concerned with conflicting software creating problems for each other?
Click to expand...

No. You just have to make sure, you run only ONE antivirus, and ONE firewall at the same time.

Now, I'm gonna check your HJT log.

broni · 2007/12/15

1. Print this post out, since you won't have an access to it, at some point.

2. Close all windows, except for HijackThis.

3. Put a checkmark next to the following HijackThis entries:

- O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)

- O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)

- O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)

- O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)

- O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

- O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)

- O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)

- O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)

- O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)

- O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)

- O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)

- O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)

- O4 - HKLM\..\Run: [Windows Generic Proc] procmsg.exe

- O4 - HKLM\..\RunServices: [Windows Generic Proc] procmsg.exe

- O4 - HKCU\..\Run: [Windows Generic Proc] procmsg.exe

- O4 - HKCU\..\Run: [Mvh] "C:\Program Files\Common Files\?dobe\l?ass.exe "

- O4 - HKCU\..\Run: [Cqtzasab] "C:\Program Files\Common Files\??sembly\w?nspool.exe "

- O4 - HKCU\..\Run: [Xilt] "C:\Documents and Settings\Maria Maguire\Application Data\a?sembly\d?dplay.exe "

- O4 - HKCU\..\Run: [Abtnozv] "C:\Program Files\W?nSxS\j?vaw.exe "

- O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe

- O4 - HKCU\..\RunServices: [Windows Generic Proc] procmsg.exe

- O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

- O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

4. Click on "Fix It" button.

5. Restart your computer in Safe Mode (keep tapping F8 key, when your computer starts)

6. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to "Show hidden files, and folders ".

7. Delete following files/folders (if present):

- PartyPoker folder from C:\Program Files

8. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore ".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

9. Restart in Normal Mode.

10. Turn System Restore on.

11. Run HijackThis again, and post back its log back here.

Magman · 2007/12/15

broni,

Windows Firewall is on. Symantec is a free antivirus given to military members as I understand it and is currently running. I got a copy of it from my IT rep at work and have been running that alone for 3-4 years now. It doesn't appear to have a firewall with it.

I'm going to work through your directions now, back in a bit...

broni · 2007/12/15

It doesn't appear to have a firewall with it.
Click to expand...

It's little bit confusing, since I can see:
O23 - Service: Symantec Client Firewall Configuration (CfgWzSvc) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
but we'll sort it out, when you're done with HJT.

Magman · 2007/12/15

broni,
Just double checked and Windows firewall is on. I cant find anything in the Symantec program regarding "Firewall ". I did a search and it was unable to find "Firewall ".

Here's my latest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:44 PM, on 12/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe "
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vwurn] "C:\Documents and Settings\Maria Maguire\My Documents\?ystem\n?tepad.exe "
O4 - HKCU\..\Run: [Uniblue ProcessQuickLink 2] "C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe" /autostart
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137545603221
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Client Firewall Configuration (CfgWzSvc) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O24 - Desktop Component 0: (no name) - http://www.ringtones-direct.com/colour-gifs/130x98/27312.gif

--
End of file - 10020 bytes

Magman · 2007/12/15

Double posted

Magman · 2007/12/18

This is frustrating. On 16 Dec my CPU was clean (no threats), 17 Dec I performed a scan (again) with SuperAntispyware and it detected 164 threats! I'm running AVG, Symantec, Spyware Doctor and using the Windows firewall, what am I doing wrong?

Why isn't my antivirus/spyware preventing all these threats?

I have two teenagers that use this all the time and I know that is one of my problems but, can't I protect my computer a little better than what I have right now? Thanks for any advice/help.

noahdfear · 2007/12/18

Hi Magman,

Lets get you cleaned up now. Download Deckard's System Scanner (dss.exe) and save it to your desktop.

Close all applications and windows.

Double click on dss.exe to run it and follow the prompts.

When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt only for now.

Magman · 2007/12/18

Thanks, I certainly appreciate you guys helping me out! Here's the DSS main.txt log:

Deckard's System Scanner v20071014.68
Run by Maria Maguire on 2007-12-18 17:37:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 4 Restore Point(s) --
4: 2007-12-19 01:38:08 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2007-12-18 18:58:44 UTC - RP3 - System Checkpoint
2: 2007-12-17 05:39:56 UTC - RP2 - System Checkpoint
1: 2007-12-15 23:56:53 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Maria Maguire.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:35 PM, on 12/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Documents and Settings\Maria Maguire\Local Settings\Temporary Internet Files\Content.IE5\F3AZF8SX\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Maria Maguire.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe "
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vwurn] "C:\Documents and Settings\Maria Maguire\My Documents\?ystem\n?tepad.exe "
O4 - HKCU\..\Run: [Uniblue ProcessQuickLink 2] "C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe" /autostart
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137545603221
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Client Firewall Configuration (CfgWzSvc) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O24 - Desktop Component 0: (no name) - http://www.ringtones-direct.com/colour-gifs/130x98/27312.gif

--
End of file - 10180 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071215-154326-100 O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
backup-20071215-154326-205 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20071215-154326-215 O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
backup-20071215-154326-232 O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
backup-20071215-154326-361 O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
backup-20071215-154326-390 O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
backup-20071215-154326-413 O4 - HKLM\..\Run: [Windows Generic Proc] procmsg.exe
backup-20071215-154326-431 O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
backup-20071215-154326-504 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
backup-20071215-154326-511 O4 - HKCU\..\Run: [Mvh] "C:\Program Files\Common Files\?dobe\l?ass.exe "
backup-20071215-154326-513 O4 - HKCU\..\Run: [Xilt] "C:\Documents and Settings\Maria Maguire\Application Data\a?sembly\d?dplay.exe "
backup-20071215-154326-522 O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
backup-20071215-154326-526 O4 - HKCU\..\Run: [Abtnozv] "C:\Program Files\W?nSxS\j?vaw.exe "
backup-20071215-154326-655 O4 - HKLM\..\RunServices: [Windows Generic Proc] procmsg.exe
backup-20071215-154326-684 O4 - HKCU\..\RunServices: [Windows Generic Proc] procmsg.exe
backup-20071215-154326-785 O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
backup-20071215-154326-796 O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
backup-20071215-154326-846 O4 - HKCU\..\Run: [Cqtzasab] "C:\Program Files\Common Files\??sembly\w?nspool.exe "
backup-20071215-154326-867 O4 - HKCU\..\Run: [Windows Generic Proc] procmsg.exe
backup-20071215-154326-965 O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
backup-20071215-154326-983 O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
backup-20071215-154326-995 O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
backup-20071215-154327-869 O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "%1 "

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ANVIOCTL - c:\windows\system32\drivers\anvioctl.sys <Not Verified; ASUSTeK; ASUS VGA Driver for Windows 2000/XP>
R1 asuskbnt - c:\windows\system32\drivers\asuskbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Hot-Key filter driver.>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
R2 LxrJD31d - c:\windows\system32\drivers\lxrjd31d.sys
R3 aeaudio - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
R3 SaiClass - c:\windows\system32\drivers\saintbus.sys <Not Verified; Saitek; Configuration Software>
R3 SaiMini - c:\windows\system32\drivers\saimini.sys <Not Verified; Saitek; Configuration Software>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>

S3 CA561 (ICatch VI PC CAMERA) - c:\windows\system32\drivers\spca561.sys <Not Verified; SP; Microsoft(R) Windows NT(R) Operating System>
S3 FETNDIS (VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver) - c:\windows\system32\drivers\fetnd5.sys (file missing)
S3 hidgame (Microsoft Hid to Joystick Port Enabler) - c:\windows\system32\drivers\hidgame.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 SABProcEnum - c:\program files\internet explorer\sabprocenum.sys (file missing)
S3 SaiNtHid (%SAINTHID_NAME%) - c:\windows\system32\drivers\sainthid.sys <Not Verified; Saitek; Configuration Software>
S3 USB_RNDIS_XP (Westell WireSpeed Dual Connect Modem) - c:\windows\system32\drivers\usb8023.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 EpsonBidirectionalService - c:\program files\common files\epson\ebapi\eebsvc.exe
R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
R2 LxrJD31s (Lexar JD31) - lxrjd31s.exe

S2 SNMP (SNMP Service) - c:\windows\system32\snmp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2007-12-14 15:00:00 424 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2007-12-12 12:28:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-12-12 02:20:00 276 --a------ C:\WINDOWS\Tasks\Disk Cleanup.job

-- Files created between 2007-11-18 and 2007-12-18 -----------------------------

2008-05-28 06:29:16 0 d-------- C:\Documents and Settings\Maria Maguire\Application Data\AdobeAUM
2008-05-28 06:28:01 0 d-------- C:\WINDOWS\Downloaded Installations
2008-04-29 09:03:49 3744 --a------ C:\WINDOWS\system32\drivers\smsens.sys <Not Verified; Analog Devices, Inc.; >
2008-04-29 09:03:49 4816 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
2008-04-29 09:03:48 30208 --a------ C:\WINDOWS\system32\wdmioctl.dll <Not Verified; Analog Devices Inc.; Analog Devices Inc. wdmioctl>
2008-04-29 09:03:48 1285632 --a------ C:\WINDOWS\system32\SMMedia.dll <Not Verified; Analog Devices; SoundMAX Integrated Digital Audio>
2008-04-29 09:03:46 978944 --a------ C:\WINDOWS\SynthCoreA.Dll <Not Verified; Analog Devices, Inc.; SoundMAX Wavetable>
2008-04-29 09:03:46 380928 --a------ C:\WINDOWS\SynCor.exe <Not Verified; Analog Devices, Inc.; SynthCore>
2008-04-29 09:03:44 45056 --a------ C:\WINDOWS\system32\SynthCore11Resources.dll <Not Verified; Analog Devices, Inc.; Analog Devices, Inc. SynthCore11Resources>
2008-04-29 09:03:44 40820 --a------ C:\WINDOWS\system32\Syncor11.dll <Not Verified; SoundMAX; Staccato Systems SynthCore R2.0 Synthesizer>
2008-04-29 09:03:44 49152 --a------ C:\WINDOWS\system32\S11thk32.dll <Not Verified; SoundMAX; Staccato Systems SynthCore R2.0 Synthesizer>
2008-04-29 09:03:42 765952 --a------ C:\WINDOWS\system\crlds3d.dll <Not Verified; Sensaura Ltd; Sensaura 3DPA>
2008-04-29 09:03:41 0 d-------- C:\WINDOWS\VirtualEar
2008-04-29 09:03:41 720896 --a------ C:\WINDOWS\system32\Audio3d.dll <Not Verified; Sensaura Ltd; Sensaura>
2008-04-29 09:03:39 578368 --a------ C:\WINDOWS\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>
2008-04-29 09:03:37 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2008-04-29 09:03:37 45056 --a------ C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2008-04-21 19:02:18 0 d-------- C:\Program Files\MSN Apps
2007-12-18 09:04:55 0 d-------- C:\Documents and Settings\Maria Maguire\Application Data\HouseCall 6.6
2007-12-15 15:47:06 0 d------c- C:\Documents and Settings\Administrator\Favorites
2007-12-15 15:47:06 0 d------c- C:\Documents and Settings\Administrator\Desktop
2007-12-15 15:47:06 0 d--hs--c- C:\Documents and Settings\Administrator\Cookies
2007-12-15 15:47:06 0 dr-h---c- C:\Documents and Settings\Administrator\Application Data
2007-12-15 15:47:06 0 d---s--c- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-12-15 15:47:05 0 dr-h---c- C:\Documents and Settings\Administrator\SendTo
2007-12-15 15:47:05 0 d--h---c- C:\Documents and Settings\Administrator\Recent
2007-12-15 15:47:05 0 d--h---c- C:\Documents and Settings\Administrator\PrintHood
2007-12-15 15:47:05 0 d--h---c- C:\Documents and Settings\Administrator\NetHood
2007-12-15 15:47:05 0 d------c- C:\Documents and Settings\Administrator\My Documents
2007-12-15 15:47:05 0 d--h---c- C:\Documents and Settings\Administrator\Local Settings
2007-12-15 15:47:04 0 d--h---c- C:\Documents and Settings\Administrator\Templates
2007-12-15 15:47:04 0 dr-----c- C:\Documents and Settings\Administrator\Start Menu
2007-12-15 15:47:04 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-12-15 11:07:00 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2007-12-15 11:05:03 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-15 11:05:02 0 d-------- C:\Documents and Settings\Maria Maguire\Application Data\SUPERAntiSpyware.com
2007-12-15 11:00:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-15 03:27:45 0 d-------- C:\Program Files\MSXML 6.0
2007-12-15 01:37:24 0 d-------- C:\Documents and Settings\Maria Maguire\.housecall6.6
2007-12-14 08:53:34 0 d-------- C:\Program Files\Trend Micro
2007-12-14 00:14:19 0 d-------- C:\Documents and Settings\Maria Maguire\Application Data\Uniblue
2007-12-14 00:11:53 0 d-------- C:\Program Files\Uniblue
2007-12-13 23:20:56 0 d-------- C:\Program Files\MSBuild
2007-12-13 23:13:48 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-12-13 23:12:06 0 d-------- C:\Program Files\Reference Assemblies
2007-12-13 23:07:17 0 d-------- C:\Program Files\Windows Media Connect 2
2007-12-13 23:02:34 0 d-------- C:\WINDOWS\system32\LogFiles
2007-12-13 23:02:34 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-10 13:53:49 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Tenebril
2007-12-10 13:50:57 0 d-------- C:\WINDOWS\system32\tenarchlib
2007-12-10 13:50:56 180224 --a-s---- C:\WINDOWS\system32\archlib.dll <Not Verified; Tenebril Incorporated; Tenebril architecture technology>

-- Find3M Report ---------------------------------------------------------------

2008-05-28 06:29:06 0 d-------- C:\Documents and Settings\Maria Maguire\Application Data\Adobe
2008-04-29 09:03:36 44 --a----c- C:\WINDOWS\system32\msssc.dll
2008-04-26 14:29:03 0 d-------- C:\Documents and Settings\Maria Maguire\Application Data\Macromedia
2007-12-18 08:00:50 0 d-------- C:\Documents and Settings\Maria Maguire\Application Data\AVG7
2007-12-17 18:28:13 0 d-------- C:\Program Files\Spyware Doctor
2007-12-15 11:00:43 0 d-------- C:\Program Files\Common Files
2007-12-15 01:19:34 0 d-------- C:\Program Files\Java
2007-12-14 15:25:43 0 d-------- C:\Program Files\IrfanView
2007-12-07 06:04:13 0 d-------- C:\Program Files\?dobe
2007-12-06 23:07:21 0 d-------- C:\Program Files\Yahoo!
2007-12-06 23:07:19 0 dr-h----- C:\Documents and Settings\Maria Maguire\Application Data\yahoo!
2007-12-06 23:05:40 0 d-------- C:\Program Files\Thirdgen F-Body VIN and RPO Decoder
2007-11-07 18:35:42 0 d-------- C:\Program Files\CCleaner
2007-11-04 09:50:57 0 d-------- C:\Program Files\e-zshopper
2007-11-04 09:50:55 0 d-------- C:\Program Files\Accoona
2007-11-04 09:49:50 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-11-04 09:49:50 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-11-03 11:27:37 0 d-------- C:\Documents and Settings\Maria Maguire\Application Data\PC Tools
2007-11-03 09:04:00 0 d-------- C:\Program Files\W?nSxS
2007-11-02 16:08:26 20992 --a------ C:\WINDOWS\eventlowg.dll
2007-11-02 16:08:26 30208 --a------ C:\WINDOWS\daxtime.dll
2007-11-02 16:08:25 32256 --a------ C:\WINDOWS\liqui-Uninstaller.exe
2007-11-02 16:08:24 23808 --a------ C:\WINDOWS\fhfmm-Uninstaller.exe
2007-11-02 16:08:23 24832 --a------ C:\WINDOWS\xadbrk_.exe
2007-11-02 16:08:22 23552 --a------ C:\WINDOWS\liqad$.exe
2007-11-02 16:08:22 11520 --a------ C:\WINDOWS\kkcomp$.exe
2007-11-02 16:08:20 16896 --a------ C:\WINDOWS\wbeInst$.exe
2007-11-02 16:08:20 32000 --a------ C:\WINDOWS\adbar.dll
2007-11-02 16:08:19 17152 --a------ C:\WINDOWS\spredirect.dll
2007-11-02 16:08:19 18432 --a------ C:\WINDOWS\jd2002.dll
2007-11-02 16:08:17 28928 --a------ C:\WINDOWS\ie_32.exe
2007-11-02 16:08:15 11520 --a------ C:\WINDOWS\xxxvideo.exe
2007-11-02 16:08:15 12800 --a------ C:\WINDOWS\ngd.dll
2007-11-02 16:08:15 27136 --a------ C:\WINDOWS\dp0.dll
2007-11-01 22:38:25 0 d-------- C:\Documents and Settings\Maria Maguire\Application Data\?racle
2007-10-31 22:25:23 0 d-------- C:\Program Files\S?mantec
2007-10-28 21:38:37 0 d-------- C:\Program Files\Insider

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray "= "C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [12/30/2004 02:19 PM]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [01/28/2004 08:45 AM]
"anvshell "= "anvshell.exe" [07/22/2003 08:00 AM C:\WINDOWS\anvshell.exe]
"LiveNote "= "livenote.exe" [07/10/2002 08:00 AM C:\WINDOWS\livenote.exe]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [10/25/2006 06:58 PM]
"Microsoft Works Update Detection "= "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [09/13/2003 08:36 PM]
"Adobe Photo Downloader "= "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 10:46 PM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 09:36 AM]
"MimBoot "= "C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [01/19/2006 11:06 AM]
"SDTray "= "C:\Program Files\Spyware Doctor\SDTrayApp.exe" [11/11/2007 06:19 PM]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [11/07/2007 04:40 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 08:24 AM]
"msnmsgr "= "C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 11:54 AM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]
"Vwurn "= "C:\Documents and Settings\Maria Maguire\My Documents\?ystem\n?tepad.exe" []
"Uniblue ProcessQuickLink 2 "= "C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe" [11/02/2007 05:46 PM]
"SUPERAntiSpyware "= "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg "=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr "=0 (0x0)
"NoAdminPage "=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1.WIN^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
backup=C:\WINDOWS\pss\Microsoft Find Fast.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1.WIN^Start Menu^Programs^Startup^Microsoft Office Shortcut Bar.lnk]
path=C:\DOCUME~1\ALLUSE~1.WIN\Start Menu\Programs\Startup\Microsoft Office Shortcut Bar.lnk
backup=C:\WINDOWS\pss\Microsoft Office Shortcut Bar.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1.WIN^Start Menu^Programs^Startup^Office Startup.lnk]
backup=C:\WINDOWS\pss\Office Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1.WIN^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
backup=C:\WINDOWS\pss\Verizon Online Support Center.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3200]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SFP]
C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{272b54d5-fe79-11da-8dc4-0011d83f1ac6}]
AutoRun\command- E:\JDSecure\Windows\JDSecure31.exe

*Newly Created Service* - TMCOMM

-- Hosts -----------------------------------------------------------------------

127.0.0.1 fastclick.net
127.0.0.1 www.awaps.net
127.0.0.1 www.fastclick.net
127.0.0.1 antivir.com
127.0.0.1 antivir.de
127.0.0.1 ewido.net
127.0.0.1 www.ewido.net
127.0.0.1 sysinternals.com
127.0.0.1 www.sysinternals.com
127.0.0.1 onguardonline.gov

4 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2007-12-18 17:42:29 ------------

broni · 2007/12/18

I apologize for the delay. Most likely, I didn't receive an email notification about your reply.

Now...your HJT log is clean, so you're fine here.

Your AVG antivirus is running, so, you have protection here.
As for firewall, you say, you have Windows firewall is up, and running.

One question, then.
In your taskbar, can you see any Norton/Symantec icon?

noahdfear · 2007/12/18

You did not save dss.exe to your desktop. Please click the download link above again and select Save. When prompted for a location, select Desktop from the left pane and click Save. When complete, you should have a new green icon with a big white plus sign named dss.exe

Post back and let me know once you've done that.

Log in or Sign up

Solved My CPU is [slow], need some help pls

Magman Inactive Thread Starter

Magman Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Magman Inactive Thread Starter

broni Moderator Malware Analyst

noahdfear Inactive

broni Moderator Malware Analyst

Magman Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Magman Inactive Thread Starter

broni Moderator Malware Analyst

Magman Inactive Thread Starter

Magman Inactive Thread Starter

Magman Inactive Thread Starter

noahdfear Inactive

Magman Inactive Thread Starter

broni Moderator Malware Analyst

noahdfear Inactive

Share This Page

Log in or Sign up

Solved My CPU is [slow], need some help pls

Magman Inactive Thread Starter

Magman Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Magman Inactive Thread Starter

broni Moderator Malware Analyst

noahdfear Inactive

broni Moderator Malware Analyst

Magman Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Magman Inactive Thread Starter

broni Moderator Malware Analyst

Magman Inactive Thread Starter

Magman Inactive Thread Starter

Magman Inactive Thread Starter

noahdfear Inactive

Magman Inactive Thread Starter

broni Moderator Malware Analyst

noahdfear Inactive

Share This Page

Useful Searches