No replies to this topic

[1excop36]

After upgrading my Dimension 8200 to squeeze a few more years out of it, I did a fresh install of Windows XP and SP2 plus all updates on the new Maxtor 120GB hard drive. As I started to load software onto the new hard drive. I initially was using the trial version of Kaspersky Ant-Virus as my AV protection, SpySweeper as my primary anti-spyware and AdAware SE (not 2007) as my backup and long with Windows firewall. I am also using a trial version of Trojan Hunter, scan mode only. Scans are run daily and updadted as often as each program will allow. I also use SpywareBlaster. For maintenance and keeping files straight, I use Tuneup 2007 and CCleaner. My primary browser is Firefox 2 and when pushed I have the latest version of IE 7. I thought I was pretty well covered. I began having problems with KAV causing many programs to suddenly stop responding or lock up; they would return to normal as soon as I closed out KAV. After trying many fixes that only partially resolved the situation, I switched to the free version of AVG AV. For the most part the lock up problem has been resolved.

However, due to my own stupidity, I tried to download the last version of CreataCard from a Torrent site for my spouse. Apparently, buried in the setup was a SHeur.AMW Trojan Horse which is also Winbo32.exe and Win32 PEPatch Virus all which were placed in C:\System Volume\_restore (6 different files). KAV missed the infection but AVG picked it right up and neutralized it. Naturally, it took three tries at installing the card program before I realized it was the culprit. So AVG did it's job 2 more times. All scans from every security program have been coming up clean. However, my system has started exhibiting strange malfunctions. For some reason, both Firefox and IE7 keep losing the profile settings (which I try to back up weekly so it's not a total loss). Different programs at random times, will either not load up, even though the process manager shows it to be running, or the programs stop responding. Sometimes the programs that are supposed to start with windows don't while other times they do. Start up times are also becoming longer and increasingly longer. Doug (in the "Other Computer Problems" forum) suggested I run the free Sophos worm removal tool but it showed nothing present. Mozilla suggested that I might have a corrupt profile and suggested setting up a clean one which I have yet to do. Doug felt it worthwhile to post my HighjackThis log to see if someone here can spot something that everyone else thus far has missed. As I am not that terribly far into reinstalling all our software and have backed up all the data files on the old HD (now a portable USB drive), Going back to reformatting the HD and starting again is running through my mind. I would like to have our system running smoothly as we are planning to drop our present DSL provider because of entirely unsatisfactory and unreliable service in favor (grudgingly) for Comcast Cable broadband as it's our only viable option. So I would like to have everything smoothed out when we step out into that possible quagmire.

I apologize for the lengthy background but many someone can see something I did wrong (besides the corrupted download).

Here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 1:07:38 AM, on 8/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/...arconfigchanged
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.myway.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: ExtraTorrent Toolbar - {3DA353C2-FE7F-428C-B494-791DCDAF516E} - C:\PROGRA~1\EXTRAT~1\EXTRAT~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: Snsicon.lnk = C:\Program Files\Second Nature\Snsicon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 9\Web\MCIEContext.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: MasterCook Web Import Bar - {E6EF5071-7647-4E85-9785-87B6CF5CB561} - C:\WINDOWS\system32\shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE


I know I'm running a few utilities that are what some would call nonessential fluff, but it's a family system so that's why they're installed. Any help will be greatly appreciated. My wife is trying to get some coursework done for her job as a nurse's assistant on an oncology ward and need this machine ship shape asap. The notes of accusation in her voice are getting more pointed.

Gerry

Again appreciate any advice