| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 94098 | 2008-10-14 07:07:00 | HJT log advice | samnorr (13776) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 712234 | 2008-10-14 07:07:00 | My PC has been having some massive problems lately, and I would be very grateful for any help. A week ago, my XP computer suddenly started coming up with various blue screen error messages (usually saying files and drivers were corrupt) and was unable to load Windows. It was a very windy day and there had recently been a power cut while the PC was running, so I thought that maybe it had corrupted certain files. I used the recovery disk to run the repair console and perform a disk check. It stated that it had found multiple errors, and when I restarted the computer, it managed to load Windows, but only after about 15 minutes of loading. I have since tried to run a disk check within Windows, which usually results in either a blue screen error message, or a sudden restart. I have performed a virus scan with Avast!, which detected and deleted multiple trojan horses, but made no difference to the PC's performance. The computer still takes ages to load on Windows, locks up when it attempts to hibernate and suddenly restarts without warning. It has a generous 2GB of RAM, and it used to run speedy and fine when I bought it about two and a half years ago. Over time it's performance has slowly deteriorated, but it has never been as bad as this. Below is the HiijackThis log for my PC. Once again, I would really appreciate any help. :) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:20:48 p.m., on 14/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS2\System32\smss.exe C:\WINDOWS2\system32\winlogon.exe C:\WINDOWS2\system32\services.exe C:\WINDOWS2\system32\lsass.exe C:\WINDOWS2\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS2\System32\svchost.exe C:\WINDOWS2\system32\ZoneLabs\vsmon.exe C:\WINDOWS2\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS2\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Firebird\Firebird_2_0\Bin\FBGuard.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS2\System32\svchost.exe C:\Program Files\Maxtor\Sync\SyncServices.exe C:\Nexon\Mabinogi\npkcmsvc.exe C:\WINDOWS2\system32\nvsvc32.exe C:\WINDOWS2\system32\IoctlSvc.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Firebird\Firebird_2_0\Bin\fbserver.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS2\SOUNDMAN.EXE C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\PeerGuardian2\pg2.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Documents and Settings\OEM.COMPUTER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS2\system32\ctfmon.exe C:\Program Files\AnVir Task Manager\AnVir.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Amaze\AzLaunch.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS2\system32\svchost.exe C:\Program Files\Opera\opera.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.co.nz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R3 - URLSearchHook: _URLHandler - {23A6F4C1-32EA-40AF-B42B-E0A99E2A74A6} - C:\PROGRA~1\Romeo\ROMEOS~1.DLL O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\sw g.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [PathNvidiaTV] C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe O4 - HKLM\..\Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [UMT0032] C:\UMT0032\RunApp.EXE O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS2\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS2\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\OEM.COMPUTER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\ctfmon.exe O4 - HKCU\..\Run: [AnVir Task Manager] "C:\Program Files\AnVir Task Manager\AnVir.exe" Minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'Default user') O4 - .DEFAULT User Startup: OpenOffice.org 1.1.0.lnk = C:\Program Files\OpenOffice.org1.1.0\program\quickstart.exe (User 'Default user') O4 - Startup: Amaze.lnk = C:\Program Files\Amaze\AzLaunch.exe O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - www.update.microsoft.com O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - gameadvisor.futuremark.com O17 - HKLM\System\CCS\Services\Tcpip\..\{7A59ADD7-92E0-4318-A225-C8F430A25A50}: NameServer = 202.49.233.1 202.49.233.2 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: McAfee Application Installer Cleanup (0161391205914337) (0161391205914337mcinstcleanup) - Unknown owner - C:\WINDOWS2\TEMP\016139~1.EXE (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FirebirdGuardianDefaultInstance - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\Bin\FBGuard.EXE O23 - Service: FirebirdServerDefaultInstance - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\Bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing) O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing) O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS2\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS2\system32\IoctlSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS2\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS2\system32\ZoneLabs\vsmon.exe -- End of file - 14948 bytes StartupList report, 14/10/2008, 8:21:00 p.m. StartupList version: 1.52.2 Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE Detected: Windows XP SP3 (WinNT 5.01.2600) Detected: Internet Explorer v7.00 (7.00.6000.16705) * Using default options ================================================== Running processes: C:\WINDOWS2\System32\smss.exe C:\WINDOWS2\system32\winlogon.exe C:\WINDOWS2\system32\services.exe C:\WINDOWS2\system32\lsass.exe C:\WINDOWS2\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS2\System32\svchost.exe C:\WINDOWS2\system32\ZoneLabs\vsmon.exe C:\WINDOWS2\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS2\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Firebird\Firebird_2_0\Bin\FBGuard.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS2\System32\svchost.exe C:\Program Files\Maxtor\Sync\SyncServices.exe C:\Nexon\Mabinogi\npkcmsvc.exe C:\WINDOWS2\system32\nvsvc32.exe C:\WINDOWS2\system32\IoctlSvc.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Firebird\Firebird_2_0\Bin\fbserver.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS2\SOUNDMAN.EXE C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\PeerGuardian2\pg2.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Documents and Settings\OEM.COMPUTER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS2\system32\ctfmon.exe C:\Program Files\AnVir Task Manager\AnVir.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Amaze\AzLaunch.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS2\system32\svchost.exe C:\Program Files\Opera\opera.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\OEM.COMPUTER\Start Menu\Programs\Startup] Amaze.lnk = C:\Program Files\Amaze\AzLaunch.exe Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE Shell folders Common Startup: [C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\Startup] HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS2\SYSTEM32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run PathNvidiaTV = C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe ZoneAlarm Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide UnlockerAssistant = "C:\Program Files\Unlocker\UnlockerAssistant.exe" UMT0032 = C:\UMT0032\RunApp.EXE type32 = "C:\Program Files\Microsoft IntelliType Pro\type32.exe" SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" SoundMan = SOUNDMAN.EXE Sony Ericsson PC Suite = "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime nwiz = nwiz.exe /install NvMediaCenter = RUNDLL32.EXE C:\WINDOWS2\system32\NvMcTray.dll,NvTaskbarInit NvCplDaemon = RUNDLL32.EXE C:\WINDOWS2\system32\NvCpl.dll,NvStartup mxomssmenu = "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" Kernel and Hardware Abstraction Layer = KHALMNPR.EXE iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" ISUSPM Startup = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup IntelliPoint = "C:\Program Files\Microsoft IntelliPoint\point32.exe" HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe AppleSyncNotifier = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe PeerGuardian = C:\Program Files\PeerGuardian2\pg2.exe ISUSScheduler = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start ISUSPM = "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler Google Update = "C:\Documents and Settings\OEM.COMPUTER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c CTFMON.EXE = C:\WINDOWS2\system32\ctfmon.exe AnVir Task Manager = "C:\Program Files\AnVir Task Manager\AnVir.exe" Minimized -------------------------------------------------- Shell & screensaver key from C:\WINDOWS2\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS2\Amaze.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: btorbit.com - C:\Program Files\Orbitdownloader\orbitcth.dll - {000123B4-9B42-4900-B3F7-F4B073EFC214} BitComet ClickCapture - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (no name) - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045} (no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} (no name) - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\sw g.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (no name) - C:\Program Files\Windows Live Toolbar\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -------------------------------------------------- Enumerating Task Scheduler jobs: AppleSoftwareUpdate.job AWC AutoCare.job AWC AutoSweep.job AWC Update.job Check Updates for Windows Live Toolbar.job GoogleUpdateTaskUser.job MP Scheduled Scan.job -------------------------------------------------- Enumerating Download Program Files: [MUWebControl Class] InProcServer32 = C:\WINDOWS2\system32\muweb.dll CODEBASE = www.update.microsoft.com [Measurement Services Client v.3.12] InProcServer32 = C:\WINDOWS2\system32\FUTURE~1\MSC\MSC3.ocx CODEBASE = gameadvisor.futuremark.com [Shockwave Flash Object] InProcServer32 = C:\WINDOWS2\system32\Macromed\Flash\Flash9f.ocx CODEBASE = download.macromedia.com -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS2\system32\SHELL32.dll CDBurn: C:\WINDOWS2\system32\SHELL32.dll WebCheck: C:\WINDOWS2\system32\webcheck.dll SysTray: C:\WINDOWS2\system32\stobject.dll WPDShServiceObj: C:\WINDOWS2\system32\WPDShServiceObj.dll -------------------------------------------------- End of report, 9,910 bytes Report generated in 0.063 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only |
samnorr (13776) | ||
| 712235 | 2008-10-14 07:39:00 | Tick these then tick fix checked Close browsers Whats this do? C:\Program Files\Amaze\AzLaunch.exe O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Uninstall all versions of Java, yours is out of date. Link below O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler Uninstall Anvir or Avast, you dont need 2 AV programs O4 - HKCU\..\Run: [AnVir Task Manager] "C:\Program Files\AnVir Task Manager\AnVir.exe" Minimized 04 - Startup: Amaze.lnk = C:\Program Files\Amaze\AzLaunch.exe O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O23 - Service: McAfee Application Installer Cleanup (0161391205914337) (0161391205914337mcinstcleanup) - Unknown owner - C:\WINDOWS2\TEMP\016139~1.EXE (file missing) Uninstall Mywebsearch Get malwarebytes below, install update then scan What have you got by Symantec?? O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE |
Speedy Gonzales (78) | ||
| 712236 | 2008-10-14 07:49:00 | 2 things speedy:thumbs: The anvir task manager thing wasn't an AV, its like an advanced task manager And he probably doesn't have any norton products installed-the hjt entry is one of the leftover files. Norton's uninstaller SUCKS! Cheers Blam |
Blam (54) | ||
| 712237 | 2008-10-14 07:53:00 | Hmm ok then Blam, guess Anvir can stay then :) | Speedy Gonzales (78) | ||
| 712238 | 2008-10-14 07:55:00 | In response to the reply above, Amaze is just a photo slidshow screensaver, and AnVir is AnVir Task Manager, not an anti-virus program. And why should I remove Windows Defender? | samnorr (13776) | ||
| 712239 | 2008-10-14 07:56:00 | I quite like actually its kinda like Process Explorer-but better:D Oh, and BTW Samnorr, what processor do you have? |
Blam (54) | ||
| 712240 | 2008-10-14 07:57:00 | Well you can leave windows defender if you want but IMO its hopeless Avast is good enough And having too many AV programs / anti-spyware programs running, they'll probably conflict with each other. Sooner or later |
Speedy Gonzales (78) | ||
| 712241 | 2008-10-14 07:58:00 | And why should I remove Windows Defender? To express it bluntly, because its sh1t:groan: And you've already got spyware terminator |
Blam (54) | ||
| 712242 | 2008-10-14 08:05:00 | OK, guess I'll remove Defender then. But something tells me that this isn't even going to begin to fix my PCs problems. | samnorr (13776) | ||
| 712243 | 2008-10-14 08:08:00 | And what were the trojans? Get trojan remover below update it then scan, then select all options under utilities. See if it picks anything else up If you had a lot of trojans, disable system restore, then turn it back on It'll clear the SR folder Have you ticked the entries above / uninstalled mywebsearch,then rebooted?? |
Speedy Gonzales (78) | ||
| 1 2 | |||||