[Resolved] IE very slow (always) or fails to launch (75% of time)

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

2 Pages

1 2 >

[Resolved] IE very slow (always) or fails to launch (75% of time), My HJT log file is in message...

Options

Gnobility View Member Profile	Jun 21 2008, 10:24 AM Post #1
New Member Group: Authentic Member Posts: 15 Joined: 21-June 08 Member No.: 79,771 Operating System: XP	My ~4 year old Dell bottom-feeder desktop is slowing waaay down. In the past week it has also developed a nasty tendency to fail to launch Internet Explorer about half the time. When I look at the "Applications" tab in the Task Manager after repeated failures to launch the Internet Explorer is not listed. But when I look at the Task Manager "Processes" tab I'll see 4 or 5 individual incidents of iexplorer.exe running. If I doing a Restart I'll be prompted by the 4 or 5 "iexplorer.exe not responding" pop-up windows, and I close them one after the other before Windows shuts down. Upgrading to IE 7.0 worked better, but I thought it was an awful browser, so I removed it. That action restored IE6, which then ran better for just a couple days. Firefox 3.0 runs better, but the PC is still much slower than it was a month ago. I ran Windows Defender, SpyBlaster, and all the apps listed here in sequence (except one that is no longer available): http://www.techsupportalert.com/best-free-...-up-utility.htm Some other fellers suggested I'm infected just the same and referred me to you all. <sally struthers voice>WON'T YOU PLEASE HELP!!!!</sally struthers voice> Gn ------------------------------------------------------------------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 12:13:06 PM, on 6/21/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\DeltTray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\DNA\btdna.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DeltTray] DeltTray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - http://moneycentral.msn.com/cabs/pmupd806.exe O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

ken545 View Member Profile	Jul 1 2008, 12:01 PM Post #2
SuperHelper Group: Malware Expert Posts: 7,523 Joined: 3-December 04 From: Darien, Connecticut Member No.: 19,436 Operating System: Win Xp Home SP2/ Vista Home Premium	Hello Gnobility Welcome to the Whatthetech Malware Removal Forum Sorry for the delay in responding but with the amount of people posting with infected computers there are not enough hours in the day Your HJT program is outdated, drag it to trash and download and install the latest version by Trendmicro and post a new log please Download Trendmicros Hijackthis to your desktop. Double click it to install Follow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exe Open HJT Scan and Save a Log File, it will open in Notepad Go to Format and make sure Wordwrap is Unchecked Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread. DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

Gnobility View Member Profile	Jul 1 2008, 12:55 PM Post #3
New Member Group: Authentic Member Posts: 15 Joined: 21-June 08 Member No.: 79,771 Operating System: XP	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:53:28 PM, on 7/1/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\DeltTray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DeltTray] DeltTray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - http://moneycentral.msn.com/cabs/pmupd806.exe O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 8056 bytes

ken545 View Member Profile	Jul 1 2008, 05:52 PM Post #4
SuperHelper Group: Malware Expert Posts: 7,523 Joined: 3-December 04 From: Darien, Connecticut Member No.: 19,436 Operating System: Win Xp Home SP2/ Vista Home Premium	Hello, No malware that I can see on your log, lets do a few things. Uniblue RegistryBooster 2 <-- This is a legit program but unless your a windows expert you do not ever want to fool around with any registry programs, remove the wrong entries ( and sometimes they do ) and your looking at a borked system that may leave you with reinstalling windows as your only option. I strongly suggest that you uninstall this program via the Add Remove Programs in the Control Panel. Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = Please download ATF Cleaner by Atribune to your desktop. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up Run this free online scan using Internet Explorer: Kaspersky Online Virus Scanner Next Click on Launch Kaspersky Online Scanner You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Standard Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Post the log along with a New HJT Log into your next reply.

Gnobility View Member Profile	Jul 1 2008, 06:16 PM Post #5
New Member Group: Authentic Member Posts: 15 Joined: 21-June 08 Member No.: 79,771 Operating System: XP	Ken, thanks for your help! You wrote: "No malware that I can see on your log, lets do a few things. Uniblue RegistryBooster 2 <-- This is a legit program but unless your a windows expert you do not ever want to fool around with any registry programs, remove the wrong entries ( and sometimes they do ) and your looking at a borked system that may leave you with reinstalling windows as your only option. I strongly suggest that you uninstall this program via the Add Remove Programs in the Control Panel." I looked in the Add/Remove Programs from the Control Panel and neither Uniblue nor Registry Booster is listed. I looked through my Programs next, hoping to find an Uninstall associated with Uniblue, but it's not listred in the Program list either. A search on "Uniblue" found it in a Uniblue folder titled "Applications Data" Any recommendation on how to remove it? Should I start with the HiJack This System scan and the rest of your instructions before we get Uniblue out of there? thanks, Gn

ken545 View Member Profile	Jul 1 2008, 06:52 PM Post #6
SuperHelper Group: Malware Expert Posts: 7,523 Joined: 3-December 04 From: Darien, Connecticut Member No.: 19,436 Operating System: Win Xp Home SP2/ Vista Home Premium	No, lets not worry about it right now, its not malicious, I just wanted to protect you from possibly disabling your system. First run the cleaner. Then run Kaspersky, it won't remove anything but if your infected with anything it most likely will show up on the log. Then do this. Open Hijackthis Go to Misc Tools> Open Uninstall Manager. Click on Save List. The list will open in Notepad. Copy and Paste the List into this thread So let me see the Kaspersky log and the uninstall log

Gnobility View Member Profile	Jul 2 2008, 09:07 AM Post #7
New Member Group: Authentic Member Posts: 15 Joined: 21-June 08 Member No.: 79,771 Operating System: XP	Ken, here's the Kapersky scan report: (the online scan options and layout are slightly different than you described) -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Wednesday, July 2, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Wednesday, July 02, 2008 03:37:37 Records in database: 903932 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ Scan statistics: Files scanned: 101258 Threat name: 1 Infected objects: 2 Suspicious objects: 0 Duration of the scan: 02:19:58 File name / Threat name / Threats count C:\Documents and Settings\The Kellers\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Infected: Trojan-Spy.HTML.Bayfraud.ib 2 The selected area was scanned.

ken545 View Member Profile	Jul 2 2008, 10:40 AM Post #8
SuperHelper Group: Malware Expert Posts: 7,523 Joined: 3-December 04 From: Darien, Connecticut Member No.: 19,436 Operating System: Win Xp Home SP2/ Vista Home Premium	What Kaspersky found may be a bad link in your Outlook mail, I would suggest deleting them all if you can. Run this program please Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges. Close all applications and windows. Double-click on dss.exe to run it, and follow the prompts. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply

Gnobility View Member Profile	Jul 2 2008, 10:43 AM Post #9
New Member Group: Authentic Member Posts: 15 Joined: 21-June 08 Member No.: 79,771 Operating System: XP	Are you saying I should delate all my Outlook email? Inbox, Sent, Deleted, AND everything in my folders?

ken545 View Member Profile	Jul 2 2008, 11:04 AM Post #10
SuperHelper Group: Malware Expert Posts: 7,523 Joined: 3-December 04 From: Darien, Connecticut Member No.: 19,436 Operating System: Win Xp Home SP2/ Vista Home Premium	I would unless its something important you need to keep that you know has no bad links in them. Sometimes people send jokes and it may have flagged that as bad...don't know. I would just get rid of emails that you don't need, I don't believe your system is infected by this but it may just be flagging a bad email that could infect you. DDS will tell us more

Gnobility

Jul 2 2008, 11:43 AM

Post #11

New Member

Group: Authentic Member
Posts: 15
Joined: 21-June 08
Member No.: 79,771
Operating System: XP

OK Ken, here is the Main followed by the Extra file text from the DDS scan:

Deckard's System Scanner v20071014.68
Run by The Kellers on 2008-07-02 13:30:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
106: 2008-07-02 17:30:32 UTC - RP1241 - Deckard's System Scanner Restore Point
105: 2008-07-02 03:04:58 UTC - RP1240 - Software Distribution Service 3.0
104: 2008-07-01 12:41:30 UTC - RP1239 - System Checkpoint
103: 2008-06-30 12:23:25 UTC - RP1238 - System Checkpoint
102: 2008-06-29 11:38:23 UTC - RP1237 - System Checkpoint

-- First Restore Point --
1: 2008-04-04 01:13:05 UTC - RP1136 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).

-- HijackThis (run as The Kellers.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:32:54 PM, on 7/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\The Kellers\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\The Kellers.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7250 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 StudioPro (StudioPro webcam) - c:\windows\system32\drivers\studiopro.sys <Not Verified; e2eSoft; VCam - Virtual Camera>
R3 DELTA (Service for Delta Driver (WDM)) - c:\windows\system32\drivers\delta.sys <Not Verified; Midiman/M-Audio; M-Audio Delta WDM Driver>
R3 VNUSB (VN Series Device) - c:\windows\system32\drivers\vnusb.sys <Not Verified; OLYMPUS OPTICAL CO.,LTD.; VVRUSB Driver>

S3 GPWADrv (Service for L6 GuitarPort Driver (WDM)) - c:\windows\system32\drivers\gpwadrv.sys (file missing)
S3 L6DP - c:\windows\system32\drivers\l6dp.sys (file missing)
S3 msvad_multi (Samson Audio (WDM)) - c:\windows\system32\drivers\swaudwdm.sys <Not Verified; Samson; Samson Audio (WDM) Driver>
S3 SamsonLLDriver (Samson C01U LL Driver) - c:\windows\system32\drivers\samsonlldriver.sys <Not Verified; SaneWave Inc.; Samson C01U>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {67E64D25-AC39-40BF-B8D5-4D97A9E80182}
Description: VN Series Device
Device ID: ROOT\VNUSB\0000
Manufacturer: OLYMPUS CORPORATION
Name: VN Series Device
PNP Device ID: ROOT\VNUSB\0000
Service: VNUSB

-- Scheduled Tasks -------------------------------------------------------------

2008-07-02 02:14:45 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job

-- Files created between 2008-06-02 and 2008-07-02 -----------------------------

2008-07-01 14:52:50 0 d-------- C:\Program Files\Trend Micro
2008-06-21 11:54:25 0 d-------- C:\Documents and Settings\The Kellers\Application Data\Uniblue
2008-06-19 11:08:55 0 d-------- C:\Program Files\ToniArts
2008-06-19 10:44:28 0 d-------- C:\Program Files\MRU-Blaster
2008-06-19 10:25:02 0 dr-h----- C:\Documents and Settings\The Kellers\Recent
2008-06-19 09:23:17 0 d-------- C:\Program Files\CCleaner
2008-06-19 08:02:10 0 d-------- C:\Documents and Settings\The Kellers\Application Data\Malwarebytes
2008-06-19 08:02:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-19 08:02:06 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-19 08:01:38 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-19 01:17:43 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-19 01:17:27 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-19 01:17:27 0 d-------- C:\Documents and Settings\The Kellers\Application Data\SUPERAntiSpyware.com
2008-06-19 01:16:59 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 18:45:52 0 d-------- C:\WINDOWS\Prefetch
2008-06-17 18:33:18 0 d-------- C:\WINDOWS\system32\scripting
2008-06-17 18:33:17 0 d-------- C:\WINDOWS\l2schemas
2008-06-17 18:33:16 0 d-------- C:\WINDOWS\system32\en
2008-06-17 18:33:15 0 d-------- C:\WINDOWS\system32\bits
2008-06-17 18:29:12 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-17 18:25:55 0 d-------- C:\WINDOWS\network diagnostic
2008-06-17 18:20:51 0 d-------- C:\WINDOWS\EHome

-- Find3M Report ---------------------------------------------------------------

2008-07-02 11:13:22 0 d-------- C:\Documents and Settings\The Kellers\Application Data\DNA
2008-06-27 22:45:41 0 d-------- C:\Documents and Settings\The Kellers\Application Data\BitTorrent
2008-06-19 11:16:04 0 d-------- C:\Program Files\Audacity
2008-06-19 11:08:54 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-19 08:01:38 0 d-------- C:\Program Files\Common Files
2008-06-18 23:51:54 0 d-------- C:\Documents and Settings\The Kellers\Application Data\Lavasoft
2008-06-18 23:48:57 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-06-18 23:46:01 0 d-------- C:\Program Files\HP
2008-06-18 23:45:15 0 d-------- C:\Program Files\Common Files\HP
2008-06-17 21:58:56 0 d-------- C:\Documents and Settings\The Kellers\Application Data\Mozilla
2008-06-17 18:33:48 0 d-------- C:\Program Files\Messenger
2008-06-17 18:33:15 0 d-------- C:\Program Files\Movie Maker
2008-06-17 18:28:47 0 d-------- C:\Program Files\Windows NT
2008-05-23 22:42:33 0 d-------- C:\Program Files\AVG

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 09:12 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [04/28/2005 02:34 PM]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [09/14/2004 09:50 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 05:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 05:50 PM]
"DeltTray"="DeltTray.exe" [12/06/2002 12:19 PM C:\WINDOWS\system32\delttray.exe]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [05/31/2005 06:33 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 10:35 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 10:32 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 10:36 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 04:40 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/01/2007 04:51 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/23/2008 10:42 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [11/16/2006 08:04 PM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [05/07/2008 06:21 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/22/2007 01:01 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [11/8/2005 5:59:49 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 8:05:56 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

-- Hosts -----------------------------------------------------------------------

127.0.0.1 localhost.localdomain
127.0.0.1 sitefinder.Verisign.com # Verisign has joined the game
127.0.0.1 sitefinder-idn.Verisign.com # of trying to hijack mistyped
127.0.0.1 # URLs to their site.
127.0.0.1 # and potentially other sites.
127.0.0.1 media.fastclick.net # Likewise, this may interefer with some
127.0.0.1 # sites.
127.0.0.1 #up CSS on livejournal
127.0.0.1 # problems with NPR.org
127.0.0.1 06272002-dbase.hitcountz.net # Web bugs in spam

4554 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-07-02 13:36:06 ------------

(EVERYTHING BELOW IS FROM THE "EXTRA" FILE:)

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 509.98 MiB / 150.93 MiB
Pagefile Memory (total/avail): 1248.54 MiB / 936.54 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1878.12 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 144.75 GiB total, 41.72 GiB free.
D: is CDROM (No Media)
E: is CDROM (Unformatted)

\\.\PHYSICALDRIVE0 - WDC WD1600JB-75GVC0 - 149.01 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 144.75 GiB - C:
\PARTITION2 - Unknown - 4.22 GiB

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\The Kellers\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DELL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\The Kellers
LOGONSERVER=\\DELL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\THEKEL~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\THEKEL~1\LOCALS~1\Temp
USERDOMAIN=DELL
USERNAME=The Kellers
USERPROFILE=C:\Documents and Settings\The Kellers
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

The Kellers (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
AP Tuner 3.06 --> "C:\Program Files\AP Tuner\AP Tuner 3.06\uninstall.exe"
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BitTorrent 6.0.2 --> C:\Program Files\BitTorrent\uninst.exe
Broadcaster StudioPro v1.3.0 --> "C:\Program Files\Broadcaster\StudioPro\unins000.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Support 5.0.0 (630) --> rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
EarthLink setup files --> MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
EasyCleaner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
FLAC Installer 1.1.2a (remove only) --> C:\Program Files\FLAC\uninstall.exe
FLV Player --> "C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
FreeRIP v2.942 --> "C:\Program Files\FreeRIP2\unins000.exe"
G21942EN --> MsiExec.exe /X{B00EBEC1-D693-4B4D-93BD-610EDBA9B0DF}
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
Guitar Pro 5.2 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0 Software --> C:\Program Files\HP\Digital Imaging\{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}\setup\hpzscr01.exe -datfile hphscr12.dat -showdisconnect -forcereboot
Intel® 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers -->