|
|
smith261
new user
Reg'd: Sun
Posts: 9
|
|
Hello firstly may i say what a great and useful site,i only found it yesterday and already my computer has quickened up with all your easy to follow tips,i'm just not sure how to resolve my biggest issue,what happens is- my computer freezes when im on the internet,if ive got my headphones on it drums a continuing noise like a stuck record down the phones, i get no response from my mouse or keyboard and the only thing i can do is flick it off on the front of my computer, im a big fan of online games and it's really tough when u have to reboot during a game,before i found this site i tried system restore but it wouldnt work so i reinstalled windows xp last week but it still hasnt helped.my systems a dell 8250 its 5 years old my other option is to use the resource cd but im not sure if this would stop it freezing, thanks 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:23:01, on 10/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\AOL\1201445547\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1201445547\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Backgammon by pogo - http://game3.pogo.com/v/8.1.7.44/applet/backgammon/backgammon-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game1.pogo.com/v/8.1.6.21/applet/freebingo/freebingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game3.pogo.com/v/8.1.7.44/applet/blackjack/blackjack-en_US.cab
O16 - DPF: Bowling by pogo - http://game3.pogo.com/v/8.1.7.44/applet/bowling/bowling-en_US.cab
O16 - DPF: Checkers by pogo - http://game3.pogo.com/v/8.1.6.3/applet/checkers2/checkers-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/v/8.1.6.3/applet/checkeredflag/checkeredflag-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/v/8.1.6.23/applet/firstclass2/firstclass2-en_US.cab
O16 - DPF: KenoPop! by pogo - http://game3.pogo.com/v/8.1.7.44/applet/speedkeno/speedkeno-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/v/8.1.7.44/applet/mahjong2/mahjong2-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game3.pogo.com/v/8.1.7.44/applet/shoes/shoes-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.com/v/8.1.7.44/applet/freecell2/freecell2-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/v/8.1.7.44/applet/pinochle/pinochle-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/v/8.1.7.44/applet/hotstreak/hotstreak-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/v/8.1.7.44/applet/stax/stax-en_US.cab
O16 - DPF: Super Dominoes by pogo - http://game1.pogo.com/v/8.1.6.3/applet/superdomino/superdomino-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/v/8.1.7.44/applet/peaks/peaks-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game1.pogo.com/v/8.1.6.37/applet/wordsearch/wordsearch-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/v/8.1.6.21/applet/wordwhomp2/whomp2-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/v/8.1.6.21/applet/worldclass/worldclass-en_US.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1200596171531
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://D:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 6221 bytes
|
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28276
Loc: belfast
|
|
Welcome to the Webuser forum. 
can i ask you why you have no anti virus or firewall installed ?
Please download ComboFix from either of these two locations
BleepingComputerComboFix
geeks to go combofix
* Double click combofix.exe & follow the prompts.
* When finished, it shall produce a log for you. Post that log in your next reply
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Post back with the log from ComboFix and a new HJT log please.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
 
A computer once beat me at chess, but it was no match for me at kick boxing.
|
smith261
new user
Reg'd: Sun
Posts: 9
|
|
Hello - i do have anti virus and firewall running, i use nortons 360, 2007 - it also says on my computer i have windows firewall running  thanks
|
smith261
new user
Reg'd: Sun
Posts: 9
|
|
Hello Bricat, ty for your help
i hope this is what your after
many thanks
ComboFix 08-02-11.2 - m smith 2008-02-11 17:39:13.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.543 [GMT 0:00]
Running from: C:\Documents and Settings\m smith\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\_000027_.tmp.dll
.
((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 )))))))))))))))))))))))))))))))
.
2008-02-10 16:19 . 2008-02-10 16:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-09 11:37 . 2008-02-09 11:37 77,624 --a------ C:\Documents and Settings\m smith\Application Data\GDIPFONTCACHEV1.DAT
2008-02-08 19:45 . 2008-02-08 19:45 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-02-08 11:49 . 2008-02-08 11:49 <DIR> d-------- C:\Program Files\iTunes
2008-02-08 11:49 . 2008-02-08 11:49 <DIR> d-------- C:\Program Files\iPod
2008-02-08 11:49 . 2008-02-08 15:13 <DIR> d-------- C:\Documents and Settings\m smith\Application Data\Apple Computer
2008-02-08 11:48 . 2008-02-08 11:48 <DIR> d-------- C:\Program Files\QuickTime
2008-02-08 11:48 . 2008-02-08 11:48 <DIR> d-------- C:\Program Files\Bonjour
2008-02-08 11:47 . 2008-02-08 11:47 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-02-08 11:47 . 2008-02-08 11:47 <DIR> d-------- C:\Program Files\Apple Software Update
2008-02-08 11:47 . 2008-02-08 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-08 11:46 . 2008-02-08 11:46 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-02-08 11:46 . 2008-02-08 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-30 11:47 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-30 11:47 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-30 11:47 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-27 14:53 . 2003-08-27 10:29 65,536 --a------ C:\WINDOWS\wanmpsvc.exe
2008-01-19 14:20 . 2008-01-19 14:20 <DIR> d--h----- C:\Documents and Settings\m smith\Application Data\GTek
2008-01-19 14:20 . 2008-01-19 14:20 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\GTek
2008-01-19 14:04 . 2007-10-10 23:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-19 14:04 . 2007-07-01 03:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-19 14:04 . 2007-07-01 03:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-19 14:04 . 2007-10-10 23:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-19 14:04 . 2007-10-10 23:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-19 14:04 . 2007-10-10 23:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-19 14:04 . 2007-10-10 23:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-19 14:04 . 2007-10-10 23:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-19 14:04 . 2007-10-10 10:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-19 13:58 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-01-19 13:26 . 2006-08-21 09:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-01-19 13:26 . 2006-08-21 09:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-01-19 13:26 . 2006-08-21 12:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-01-19 13:19 . 2008-01-19 13:19 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-19 13:05 . 2007-07-09 13:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-18 17:53 . 2008-01-18 17:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-18 17:48 . 2008-01-18 17:49 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-18 13:35 . 2008-01-18 13:35 <DIR> d-------- C:\WINDOWS\provisioning
2008-01-18 13:35 . 2008-01-18 13:35 <DIR> d-------- C:\WINDOWS\peernet
2008-01-18 13:32 . 2008-01-18 13:32 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-01-18 13:25 . 2008-01-18 13:25 <DIR> d-------- C:\WINDOWS\EHome
2008-01-18 13:12 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-01-18 13:12 . 2004-08-04 00:56 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-01-18 13:12 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-01-18 13:12 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-01-18 12:37 . 2004-08-04 07:56 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2008-01-18 12:37 . 2004-09-01 23:34 330,752 --a------ C:\WINDOWS\system32\ipnathlp.dll
2008-01-18 12:37 . 2004-08-04 07:56 265,728 --a------ C:\WINDOWS\system32\h323.tsp
2008-01-18 12:37 . 2004-03-30 01:48 40,960 -----c--- C:\WINDOWS\system32\dllcache\evtgprov.dll
2008-01-18 12:37 . 2004-01-10 05:11 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2008-01-18 12:15 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-18 12:15 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-17 18:55 . 2008-01-17 18:55 <DIR> d-------- C:\WINDOWS\nview
2008-01-17 18:55 . 2008-01-17 18:55 <DIR> d--hs---- C:\Documents and Settings\m smith\UserData
2008-01-17 18:55 . 2003-10-06 14:16 98,304 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-01-17 18:55 . 2003-10-06 14:16 9,801 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-01-17 18:33 . 2008-01-17 18:33 <DIR> d-------- C:\Documents and Settings\m smith\Application Data\Symantec
2008-01-17 18:17 . 2005-10-20 22:20 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2008-01-17 18:16 . 2008-02-08 19:58 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-17 17:52 . 2008-01-17 17:52 <DIR> d-------- C:\Documents and Settings\m smith\Application Data\Ahead
2008-01-17 10:53 . 2008-01-17 10:53 <DIR> d-------- C:\WINDOWS\system32\bits
2008-01-17 10:53 . 2008-01-20 11:33 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-17 10:53 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-17 10:52 . 2004-08-04 07:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-01-17 10:52 . 2004-08-04 07:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-01-17 10:52 . 2004-08-04 07:56 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-01-17 10:52 . 2004-08-04 07:56 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-01-17 10:46 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-01-17 10:46 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-01-17 10:46 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-01-17 10:46 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-01-17 10:46 . 2004-08-03 14:03 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-01-17 10:46 . 2004-08-03 14:01 167,704 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-01-17 10:46 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-01-17 10:41 . 2004-08-04 06:07 59,264 --a------ C:\WINDOWS\system32\drivers\usbaudio.sys
2008-01-17 10:41 . 2004-08-04 07:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-01-16 22:57 . 2007-03-21 20:39 1,060,864 --a------ C:\WINDOWS\system32\MFC71.DLL
2008-01-16 22:57 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DLL
2008-01-16 22:57 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DLL
2008-01-16 22:55 . 2007-07-17 12:21 186,256 --a------ C:\WINDOWS\system32\SymNPPWA.dll
2008-01-16 22:44 . 2008-01-16 22:44 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-01-16 22:44 . 2008-01-16 22:44 <DIR> d-------- C:\Program Files\NETGEAR
2008-01-16 22:44 . 2006-04-10 18:41 200,704 --a------ C:\WINDOWS\system32\WG1v2Lib.dll
2008-01-16 22:44 . 2003-11-18 09:27 155,648 --a------ C:\WINDOWS\system32\IpLib.dll
2008-01-16 22:44 . 2005-12-29 00:16 114,688 -ra------ C:\WINDOWS\system32\EnumDev111.dll
2008-01-16 22:44 . 2005-04-01 11:43 66,048 --a------ C:\WINDOWS\system32\drivers\EAPPkt.sys
2008-01-16 22:44 . 2002-10-02 08:57 13,532 --a------ C:\WINDOWS\system32\drivers\SjyPkt.sys
2008-01-16 22:27 . 2008-01-16 22:27 <DIR> d-------- C:\Documents and Settings\m smith\Application Data\AOL
2008-01-16 22:26 . 2008-01-16 22:26 <DIR> d-------- C:\Program Files\Viewpoint
2008-01-16 22:26 . 2008-01-16 22:26 <DIR> d-------- C:\Program Files\Real
2008-01-16 22:26 . 2008-01-16 22:26 <DIR> d-------- C:\Program Files\Learn2.com
2008-01-16 22:26 . 2008-01-16 22:26 <DIR> d-------- C:\Program Files\Common Files\Real
2008-01-16 22:26 . 2008-01-16 22:26 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2008-01-16 22:26 . 2008-01-16 22:26 <DIR> d-------- C:\Program Files\Common Files\aolback
2008-01-16 22:26 . 2008-01-17 18:59 <DIR> d-------- C:\Program Files\AOL Companion
2008-01-16 22:26 . 2008-01-16 22:26 <DIR> d-------- C:\Documents and Settings\m smith\Application Data\You've Got Pictures Screensaver
2008-01-16 22:26 . 2008-01-16 22:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-16 22:26 . 2008-01-16 22:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-01-16 22:25 . 2008-01-16 22:26 <DIR> d-------- C:\Program Files\Common Files\aolshare
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 15:38 1,474,478 ----a-w C:\WINDOWS\java\Packages\I5FZDBNV.ZIP
2008-02-09 18:30 2,412,125 ----a-w C:\WINDOWS\java\Packages\8I02V9NB.ZIP
2008-02-09 12:59 2,685,352 ----a-w C:\WINDOWS\java\Packages\KOJPNXJ7.ZIP
2008-02-06 16:13 2,521,568 ----a-w C:\WINDOWS\java\Packages\8WBVHJL3.ZIP
2008-02-06 14:57 2,193,315 ----a-w C:\WINDOWS\java\Packages\B1FXVT3J.ZIP
2008-01-30 17:54 1,953,179 ----a-w C:\WINDOWS\java\Packages\XJJ7JTBP.ZIP
2008-01-30 17:29 2,170,449 ----a-w C:\WINDOWS\java\Packages\0YG179ZZ.ZIP
2008-01-30 12:31 2,879,648 ----a-w C:\WINDOWS\java\Packages\VPBJ7PBB.ZIP
2008-01-29 19:20 2,631,274 ----a-w C:\WINDOWS\java\Packages\HZN7J7PN.ZIP
2008-01-29 17:39 1,276,185 ----a-w C:\WINDOWS\java\Packages\WDBXB37N.ZIP
2008-01-29 15:06 1,481,556 ----a-w C:\WINDOWS\java\Packages\2YMNRH3T.ZIP
2008-01-26 18:38 1,647,969 ----a-w C:\WINDOWS\java\Packages\YN3B1ZD7.ZIP
2008-01-23 19:23 1,717,751 ----a-w C:\WINDOWS\java\Packages\1B5N7LB7.ZIP
2008-01-23 15:49 1,749,502 ----a-w C:\WINDOWS\java\Packages\KK1ZZVXR.ZIP
2008-01-20 15:06 2,776,135 ----a-w C:\WINDOWS\java\Packages\VHF7LZV1.ZIP
2008-01-20 14:51 3,003,838 ----a-w C:\WINDOWS\java\Packages\QP7LVBDV.ZIP
2008-01-17 20:55 1,446,576 ----a-w C:\WINDOWS\java\Packages\PN1JJ9V7.ZIP
2008-01-17 20:34 2,672,108 ----a-w C:\WINDOWS\java\Packages\13BJVZZ1.ZIP
2008-01-17 17:59 2,206,619 ----a-w C:\WINDOWS\java\Packages\XVVRLRDR.ZIP
2008-01-16 22:26 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2008-01-16 20:59 558,142 ----a-w C:\WINDOWS\java\Packages\DFJHVPBH.ZIP
2008-01-16 20:59 155,995 ----a-w C:\WINDOWS\java\Packages\6C8FHZ31.ZIP
2007-12-07 15:30 103,776 ----a-w C:\WINDOWS\system32\AOLDial.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 14:16 5058560]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"HostManager"="C:\Program Files\Common Files\AOL\1201445547\ee\AOLSoftware.exe" [2006-09-26 00:52 50736]
"nwiz"="nwiz.exe" [2003-10-06 14:16 741376 C:\WINDOWS\system32\nwiz.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 05:59 115816]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 01:01 135264]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 07:56 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk
backup=C:\WINDOWS\pss\WG111v2 Smart Wizard Wireless Setting.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2002-10-02 17:41 684032 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2007-12-07 15:30 71008 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
--a------ 2002-07-09 09:50 28672 C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-06-26 18:50 212992 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-06-25 11:24 49152 C:\Program Files\HP\HP Software Update\HPWuSchd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-04 14:18 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--------- 2004-06-01 10:46 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--------- 2004-06-01 11:09 458752 C:\Program Files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--------- 2004-06-01 11:03 217088 C:\Program Files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2004-05-21 19:11 221184 C:\WINDOWS\System32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-01-16 22:26 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 C:\WINDOWS\UpdReg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
--a------ 2002-07-22 02:10 577602 C:\Program Files\Logitech\iTouch\iTouch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate"=3 (0x3)
"iPod Service"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"comHost"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"WANMiniportService"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"Pml Driver HPZ12"=3 (0x3)
"NVSvc"=2 (0x2)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Belkin Wireless USB Network Adapter Service"=2 (0x2)
"AOL ACS"=2 (0x2)
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 11:43]
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 11:47:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-16 21:52:09 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#hp psc 2400 series#1200520154.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe0/#Hewlett-Packard#hp psc 2400 series#1200520154
"2008-01-16 22:24:35 C:\WINDOWS\Tasks\WebReg 20080116222435.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exeX/TaskName 20080116222435 /N
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 17:41:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-11 17:41:42
ComboFix-quarantined-files.txt 2008-02-11 17:41:19
.
2008-01-20 12:27:22 --- E O F ---
|
smith261
new user
Reg'd: Sun
Posts: 9
|
|
the log is
i hope this is what you need
thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:01:04, on 11/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\AOL\1201445547\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1201445547\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Backgammon by pogo - http://game3.pogo.com/v/8.1.7.44/applet/backgammon/backgammon-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game1.pogo.com/v/8.1.6.21/applet/freebingo/freebingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game3.pogo.com/v/8.1.7.44/applet/blackjack/blackjack-en_US.cab
O16 - DPF: Bowling by pogo - http://game3.pogo.com/v/8.1.7.44/applet/bowling/bowling-en_US.cab
O16 - DPF: Checkers by pogo - http://game3.pogo.com/v/8.1.6.3/applet/checkers2/checkers-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/v/8.1.6.3/applet/checkeredflag/checkeredflag-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/v/8.1.6.23/applet/firstclass2/firstclass2-en_US.cab
O16 - DPF: KenoPop! by pogo - http://game3.pogo.com/v/8.1.7.44/applet/speedkeno/speedkeno-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/v/8.1.7.44/applet/mahjong2/mahjong2-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game3.pogo.com/v/8.1.7.44/applet/shoes/shoes-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.com/v/8.1.7.44/applet/freecell2/freecell2-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/v/8.1.7.44/applet/pinochle/pinochle-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/v/8.1.7.44/applet/hotstreak/hotstreak-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/v/8.1.7.44/applet/stax/stax-en_US.cab
O16 - DPF: Super Dominoes by pogo - http://game1.pogo.com/v/8.1.6.3/applet/superdomino/superdomino-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/v/8.1.7.44/applet/peaks/peaks-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game1.pogo.com/v/8.1.6.37/applet/wordsearch/wordsearch-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/v/8.1.6.21/applet/wordwhomp2/whomp2-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/v/8.1.6.21/applet/worldclass/worldclass-en_US.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1200596171531
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://D:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 6111 bytes
|
smith261
new user
Reg'd: Sun
Posts: 9
|
|
Just checked norton - couldnt find it then realised i think i may have turned it off on the msconfig - do i know what im doing? not yet...just something i turned off when my computer was running slow - its back on again now so here is another scan
thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:11, on 11/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\AOL\1201445547\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1201445547\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Backgammon by pogo - http://game3.pogo.com/v/8.1.7.44/applet/backgammon/backgammon-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game1.pogo.com/v/8.1.6.21/applet/freebingo/freebingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game3.pogo.com/v/8.1.7.44/applet/blackjack/blackjack-en_US.cab
O16 - DPF: Bowling by pogo - http://game3.pogo.com/v/8.1.7.44/applet/bowling/bowling-en_US.cab
O16 - DPF: Checkers by pogo - http://game3.pogo.com/v/8.1.6.3/applet/checkers2/checkers-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/v/8.1.6.3/applet/checkeredflag/checkeredflag-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/v/8.1.6.23/applet/firstclass2/firstclass2-en_US.cab
O16 - DPF: KenoPop! by pogo - http://game3.pogo.com/v/8.1.7.44/applet/speedkeno/speedkeno-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/v/8.1.7.44/applet/mahjong2/mahjong2-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game3.pogo.com/v/8.1.7.44/applet/shoes/shoes-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.com/v/8.1.7.44/applet/freecell2/freecell2-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/v/8.1.7.44/applet/pinochle/pinochle-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/v/8.1.7.44/applet/hotstreak/hotstreak-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/v/8.1.7.44/applet/stax/stax-en_US.cab
O16 - DPF: Super Dominoes by pogo - http://game1.pogo.com/v/8.1.6.3/applet/superdomino/superdomino-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/v/8.1.7.44/applet/peaks/peaks-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game1.pogo.com/v/8.1.6.37/applet/wordsearch/wordsearch-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/v/8.1.6.21/applet/wordwhomp2/whomp2-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/v/8.1.6.21/applet/worldclass/worldclass-en_US.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1200596171531
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://D:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 6578 bytes
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28276
Loc: belfast
|
|
the windows firewall is a waste of space, it only monitors traffic in one direction.
go HERE. scroll down to the firewall section
and get one of the free ones installed (zonealarm or comodo). then disable the windows firewall.
Then :-
Download and scan with CCleaner - Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
- Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
Then select "Cookies"
Move any cookies you wish to retain, e.g. login cookies, in the left-hand window to the right-hand window by highlighting them and clicking the right arrow in the centre.
- Then select the items you wish to clean up.
In the Windows Tab:
• Clean all entries in the "Internet Explorer" section.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.
In the Applications Tab:
• Clean all entries in the Mozilla Firefox Section.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.
- Click the "Run Cleaner" button.
- A pop up box will appear advising this process will permanently delete files from your system.
- Click "OK" and it will scan and clean your system.
- Click "exit" when done.
then DEFRAG your C:\ drive.
to help speed up your system.
then let us know how the computer is running.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
A computer once beat me at chess, but it was no match for me at kick boxing.
|
smith261
new user
Reg'd: Sun
Posts: 9
|
|
hello Bricat - just checked my nortons i saw that was list on that firewall list - isnt my personal firewall on there a suitable one - or is it best to download one of those freebies like zone alarm?
Many thanks for your help so far
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28276
Loc: belfast
|
|
the microsoft firewall is useless, it only monitors traffic in one direction.
it is not a good idea to rely on it alone.
you would be far better off with something like zonealarm.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
A computer once beat me at chess, but it was no match for me at kick boxing.
|
smith261
new user
Reg'd: Sun
Posts: 9
|
|
Hello Bricat , sorry not sure if my last post was misleading, i have nortons 360,2007 running on my computer - included in it is a nortons personal firewall, i'd presumme that would cover me with incoming and outgoing use on my pc,but apart from the firewall issue - was there anything which stood out saying my pc needed looking at? Ive heard that nortons is a load of rubbish but ive always found it ok - ive been recommended avg? it's free and in my eyes you dont get ought for nought
many thanks
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28276
Loc: belfast
|
|
the norton firewall is adequate, sorry i misread and thought you only had the windows firewall running.
if you have the norton firewall running disable the windows firewall, running 2 can cause conflicts.
my main problem with norton is that it is very resource heavy and slows the computer down too much.
in your combofix log there are a lot of files like this :-
C:\WINDOWS\java\Packages\I5FZDBNV.ZIP
do you know what this is ? did you d/load them.
if not can you navigate to that directory (C:\WINDOWS\java\Packages) and see what info you can find on them.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
A computer once beat me at chess, but it was no match for me at kick boxing.
|
smith261
new user
Reg'd: Sun
Posts: 9
|
|
hiya bricat, thanx for that , the java issue, yeah the java is for the online games that i play, pogo games wont load without it unfortunately - many thanks for your help
|
|
1 registered and 67 anonymous users are browsing this forum.
Moderator: putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate
Print Topic
|
Forum Permissions
You cannot start new topics
You cannot reply to topics
HTML is disabled
Mark-up is enabled
|
Rating:
Topic views: 0
|
|
|
|
|
Previous
Index
Next
Threaded
Edit
Reply
Quote
