Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

slow IE and strange items rundll32.exe? i have donated before


  • This topic is locked This topic is locked

#1
liquidsoundandlight

liquidsoundandlight

    New Member

  • Member
  • Pip
  • 3 posts
my computer won't update and IE takes forever to load pages i also have a rundll32.exe that comes up in my startup and will not go away.




Logfile of HijackThis v1.99.1
Scan saved at 1:37:17 AM, on 2/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\george gibbs\My Documents\spyware and hijack logs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O3 - Toolbar: ClubFM Radio Toolbar - {A3EAF105-FBC1-470B-BC69-B27CA48A0640} - C:\Program Files\ClubFM Radio Toolbar\clubfm_radio4.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-30.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19....es/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.l...lscbase7617.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1140408676031
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec....ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestat....cab?v=1,0,0,32
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

spysweeper
1:18 AM: Traces Found: 0
1:18 AM: Custom Sweep has completed. Elapsed time 00:00:40
1:18 AM: Registry Sweep Complete, Elapsed Time:00:00:03
1:18 AM: Starting Registry Sweep
1:18 AM: Memory Sweep Complete, Elapsed Time: 00:00:32
1:18 AM: Starting Memory Sweep
1:18 AM: Sweep initiated using definitions version 851
1:18 AM: Spy Sweeper 5.2.3.2132 started
1:18 AM: | Start of Session, Friday, February 02, 2007 |
********
1:18 AM: | End of Session, Friday, February 02, 2007 |
1:17 AM: Traces Found: 0
1:17 AM: Custom Sweep has completed. Elapsed time 00:01:20
1:17 AM: Registry Sweep Complete, Elapsed Time:00:00:03
1:17 AM: Starting Registry Sweep
1:17 AM: Memory Sweep Complete, Elapsed Time: 00:00:54
1:16 AM: Starting Memory Sweep
1:16 AM: Sweep initiated using definitions version 851
1:16 AM: Spy Sweeper 5.2.3.2132 started
1:16 AM: | Start of Session, Friday, February 02, 2007 |
********
1:16 AM: | End of Session, Friday, February 02, 2007 |
1:16 AM: Informational: Loaded AntiVirus Engine: 2.41.0; SDK Version: 4.13; Virus Definitions: 1/31/2007 9:53:10 PM (GMT)
1:16 AM: Program Version 5.2.3.2132 Using Spyware Definitions 851
1:05 AM: Removal process completed. Elapsed time 00:00:00
1:05 AM: Quarantining All Traces: 2o7.net cookie
1:05 AM: Quarantining All Traces: atlas dmt cookie
1:05 AM: Removal process initiated
1:05 AM: Sweep Status: 2 Items Found
1:05 AM: Traces Found: 2
1:05 AM: File Sweep Complete, Elapsed Time: 00:15:49
1:05 AM: Sweep Canceled
12:59 AM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\george gibbs\application data\adobe\acrobat\6.0\messages\enu\read0600win_enuadbe0062q.pdf]
12:57 AM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\george gibbs\application data\adobe\acrobat\6.0\messages\enu\read0600win_enuyhoo0014q.pdf]
12:52 AM: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 6.0\reader\messages\enu\rdrmsgenu.pdf]
12:49 AM: Starting File Sweep
12:49 AM: Warning: Failed to access drive A:
12:49 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
12:49 AM: c:\documents and settings\george gibbs\cookies\[email protected][1].txt (ID = 1958)
12:49 AM: Found Spy Cookie: 2o7.net cookie
12:49 AM: c:\documents and settings\george gibbs\cookies\[email protected][2].txt (ID = 2253)
12:49 AM: Found Spy Cookie: atlas dmt cookie
12:49 AM: Starting Cookie Sweep
12:49 AM: Registry Sweep Complete, Elapsed Time:00:00:11
12:49 AM: Starting Registry Sweep
12:49 AM: Memory Sweep Complete, Elapsed Time: 00:02:30
12:46 AM: Starting Memory Sweep
12:46 AM: Start Full Sweep
12:46 AM: Sweep initiated using definitions version 851
12:46 AM: Spy Sweeper 5.2.3.2132 started
12:46 AM: | Start of Session, Friday, February 02, 2007 |
********
12:46 AM: | End of Session, Friday, February 02, 2007 |
12:36 AM: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGWB.DAT
11:50 PM: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGWB.DAT
Operation: File Access
Target:
Source: C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGWB.DAT
11:50 PM: Tamper Detection
11:32 PM: Warning: AntiVirus engine returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\GEORGE GIBBS\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\IY0WPED0\YAHOO[1].HTM]
7:50 PM: Your virus definitions have been updated.
7:50 PM: Informational: Loaded AntiVirus Engine: 2.41.0; SDK Version: 4.13; Virus Definitions: 1/31/2007 9:53:10 PM (GMT)
7:50 PM: Your spyware definitions have been updated.
7:50 PM: Automated check for program update in progress.
Keylogger: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
12:44 PM: Shield States
12:44 PM: Informational: Loaded AntiVirus Engine: 2.41.0; SDK Version: 4.13; Virus Definitions: 1/31/2007 9:53:10 PM (GMT)
12:44 PM: Spyware Definitions: 850
12:44 PM: Spy Sweeper 5.2.3.2132 started
8:57 PM: | End of Session, Tuesday, January 30, 2007 |
8:57 PM: BHO Shield: found: googletoolbar3.dll-- BHO installation denied at user request
7:48 PM: Your virus definitions have been updated.
7:48 PM: Informational: Loaded AntiVirus Engine: 2.41.0; SDK Version: 4.13; Virus Definitions: 1/30/2007 7:41:06 PM (GMT)
7:48 PM: Your spyware definitions have been updated.
7:44 PM: Automated check for program update in progress.
5:51 PM: Removal process completed. Elapsed time 00:00:00
5:51 PM: Quarantining All Traces: xiti cookie
5:51 PM: Quarantining All Traces: tribalfusion cookie
5:51 PM: Quarantining All Traces: trafficmp cookie
5:51 PM: Quarantining All Traces: statcounter cookie
5:51 PM: Quarantining All Traces: overture cookie
5:51 PM: Quarantining All Traces: nextag cookie
5:51 PM: Quarantining All Traces: imrworldwide.com cookie
5:51 PM: Quarantining All Traces: ccbill cookie
5:51 PM: Quarantining All Traces: atlas dmt cookie
5:51 PM: Quarantining All Traces: advertising cookie
5:51 PM: Quarantining All Traces: adrevolver cookie
5:51 PM: Quarantining All Traces: yieldmanager cookie
5:51 PM: Quarantining All Traces: 2o7.net cookie
5:51 PM: Removal process initiated
5:51 PM: Sweep Status: 13 Items Found
5:51 PM: Traces Found: 15
5:51 PM: File Sweep Complete, Elapsed Time: 00:00:10
5:51 PM: Sweep Canceled
5:51 PM: Starting File Sweep
5:51 PM: Warning: Failed to access drive A:
5:51 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
5:51 PM: c:\documents and settings\george gibbs\cookies\[email protected][1].txt (ID = 3717)
5:51 PM: Found Spy Cookie: xiti cookie
5:51 PM: c:\documents and settings\george gibbs\cookies\[email protected][1].txt (ID = 3589)
5:51 PM: Found Spy Cookie: tribalfusion cookie
5:51 PM: c:\documents and settings\george gibbs\cookies\[email protected][1].txt (ID = 3581)
5:51 PM: Found Spy Cookie: trafficmp cookie
5:51 PM: c:\documents and settings\george gibbs\cookies\[email protected][1].txt (ID = 3447)
5:51 PM: Found Spy Cookie: statcounter cookie
5:51 PM: c:\documents and settings\george gibbs\cookies\[email protected][1].txt (ID = 3105)
5:51 PM: Found Spy Cookie: overture cookie
5:51 PM: c:\documents and settings\george gibbs\cookies\[email protected][1].txt (ID = 5014)
5:51 PM: Found Spy Cookie: nextag cookie
5:51 PM: c:\documents and settings\george gibbs\cookies\[email protected][1].txt (ID = 1958)
5:51 PM: c:\documents and settings\george gibbs\cookies\[email protected][1].txt (ID = 2089)
5:51 PM: c:\documents and settings\george gibbs\cookies\[email protected][2].txt (ID = 2845)
5:51 PM: Found Spy Cookie: imrworldwide.com cookie
5:51 PM: c:\documents and settings\george gibbs\cookies\[email protected][2].txt (ID = 2369)
5:51 PM: Found Spy Cookie: ccbill cookie
5:51 PM: c:\documents and settings\george gibbs\cookies\[email protected][2].txt (ID = 2253)
5:51 PM: Found Spy Cookie: atlas dmt cookie
5:51 PM: c:\documents and settings\george gibbs\cookies\[email protected][2].txt (ID = 2175)
5:51 PM: Found Spy Cookie: advertising cookie
5:51 PM: c:\documents and settings\george gibbs\cookies\[email protected][1].txt (ID = 2088)
5:51 PM: Found Spy Cookie: adrevolver cookie
5:51 PM: c:\documents and settings\george gibbs\cookies\[email protected][1].txt (ID = 3751)
5:51 PM: Found Spy Cookie: yieldmanager cookie
5:51 PM: c:\documents and settings\george gibbs\cookies\[email protected][1].txt (ID = 1957)
5:51 PM: Found Spy Cookie: 2o7.net cookie
5:51 PM: Starting Cookie Sweep
5:51 PM: Registry Sweep Complete, Elapsed Time:00:00:08
5:51 PM: Starting Registry Sweep
5:51 PM: Memory Sweep Complete, Elapsed Time: 00:02:08
5:49 PM: Starting Memory Sweep
5:49 PM: Start Full Sweep
5:49 PM: Sweep initiated using definitions version 847
5:49 PM: Spy Sweeper 5.2.3.2132 started
5:49 PM: | Start of Session, Tuesday, January 30, 2007 |
********
7:50 PM: Your virus definitions have been updated.
7:50 PM: Informational: Loaded AntiVirus Engine: 2.41.0; SDK Version: 4.13; Virus Definitions: 1/31/2007 9:53:10 PM (GMT)
7:49 PM: Your spyware definitions have been updated.
7:49 PM: Automated check for program update in progress.
8:29 AM: Warning: AntiVirus engine returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\GEORGE GIBBS\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\56MNOMJN\HOME[1].HTM]
8:00 AM: Access to Hosts file allowed for C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGW.EXE
Operation: File Access
Target:
Source: C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGW.EXE
8:00 AM: Tamper Detection
9:43 PM: Removal process completed. Elapsed time 00:00:01
9:43 PM: Quarantining All Traces: 2o7.net cookie
9:43 PM: Quarantining All Traces: atlas dmt cookie
9:43 PM: Removal process initiated
9:42 PM: Sweep Status: 2 Items Found
9:42 PM: Traces Found: 2
9:42 PM: File Sweep Complete, Elapsed Time: 00:41:58
9:42 PM: Sweep Canceled
9:42 PM: Warning: AntiVirus engine returned [Access Denied] on [c:\documents and settings\george gibbs\local settings\temporary internet files\content.ie5\iy0wped0\cute+skinny+blonde+teen+modelling+her+delicate+body[1].jpg]
9:42 PM: Warning: AntiVirus engine returned [Access Denied] on [c:\documents and settings\george gibbs\local settings\temporary internet files\content.ie5\iy0wped0\cute+skinny+brunette++pussy+licker[1].jpg]
9:42 PM: Warning: AntiVirus engine returned [Access Denied] on [c:\documents and settings\george gibbs\local settings\temporary internet files\content.ie5\mc0yd02x\skinny+chick+rubbs+her+clit[1].jpg]
9:42 PM: Warning: AntiVirus engine returned [Access Denied] on [c:\documents and settings\george gibbs\local settings\temporary internet files\content.ie5\barq8a9w\greedy+teen+enjoys+get+sticky+jizz+on+her+face[1].jpg]
9:42 PM: Warning: AntiVirus engine returned [Access Denied] on [c:\documents and settings\george gibbs\local settings\temporary internet files\content.ie5\barq8a9w\asian+chick+gets+her+face+covered+with+hot+cum[1].jpg]
9:42 PM: Warning: AntiVirus engine returned [Access Denied] on [c:\documents and settings\george gibbs\local settings\temporary internet files\content.ie5\iy0wped0\03[1].mpg]
9:42 PM: Warning: AntiVirus engine returned [Access Denied] on [c:\documents and settings\george gibbs\local settings\temporary internet files\content.ie5\barq8a9w\asian+babe+gets+her+pretty+face+covered+with+cum[1].jpg]
9:42 PM: Warning: AntiVirus engine returned [Access Denied] on [c:\documents and settings\george gibbs\local settings\temporary internet files\content.ie5\mc0yd02x\skinny+mom+getting+penetrated[1].jpg]
9:42 PM: Warning: AntiVirus engine returned [Access Denied] on [c:\documents and settings\george gibbs\local settings\temporary internet files\content.ie5\iy0wped0\groupteencasting[1].jpg]
9:42 PM: Warning: AntiVirus engine returned [Access Denied] on [c:\documents and settings\george gibbs\local settings\temporary internet files\content.ie5\barq8a9w\400x400_a2[1].jpg]
9:42 PM: Warning: AntiVirus engine returned [Access Denied] on [c:\documents and settings\george gibbs\local settings\temporary internet files\content.ie5\iy0wped0\teenpov[1].jpg]
9:42 PM: Warning: AntiVirus engine returned [Access Denied] on [c:\documents and settings\george gibbs\local settings\temporary internet files\content.ie5\mc0yd02x\black+amateur+[bleep]+getting+[bleep]+banged+with+big+[bleep][1].jpg]
9:41 PM: Warning: AntiVirus engine returned [Access Denied] on [c:\documents and settings\george gibbs\local settings\temporary internet files\content.ie5\iy0wped0\justcreampie[1].jpg]
9:41 PM: Warning: AntiVirus engine returned [Access Denied] on [c:\documents and settings\george gibbs\local settings\temporary internet files\content.ie5\56mnomjn\003[1].mpg]
9:41 PM: Warning: AntiVirus engine returned [Access Denied] on [c:\documents and settings\george gibbs\local settings\temporary internet files\content.ie5\56mnomjn\jizzonglasses[1].jpg]
9:41 PM: Warning: AntiVirus engine returned [Access Denied] on [c:\documents and settings\george gibbs\local settings\temporary internet files\content.ie5\mc0yd02x\gomc[1].jpg]
9:41 PM: Warning: AntiVirus engine returned [Access Denied] on [c:\documents and settings\george gibbs\local settings\temporary internet files\content.ie5\mc0yd02x\handjobmodel[1].jpg]
9:41 PM: Warning: AntiVirus engine returned [Access Denied] on [c:\documents and settings\george gibbs\local settings\temporary internet files\content.ie5\mc0yd02x\skinny+latina+getting+drilled+by+a+monster+[bleep][1].jpg]
9:41 PM: Warning: AntiVirus engine returned [Access Denied] on [c:\documents and settings\george gibbs\local settings\temporary internet files\content.ie5\mc0yd02x\jerkmenow[1].jpg]
9:41 PM: Warning: AntiVirus engine returned [Access Denied] on [c:\documents and settings\george gibbs\local settings\temporary internet files\content.ie5\mc0yd02x\skinny+grandma+mounting+a+big+[bleep][1].jpg]

Edited by liquidsoundandlight, 21 February 2007 - 02:15 AM.

  • 0

Advertisements


#2
Gotham

Gotham

    Member

  • Member
  • PipPipPip
  • 385 posts
Hi There liquidsoundandlight, I am Gotham. I will be assisting you today.

Please bear with me as I analyze your log :blink:

I will be back ASAP :whistling:

Gotham
  • 0

#3
Gotham

Gotham

    Member

  • Member
  • PipPipPip
  • 385 posts
I am Back :whistling:

Alright Lets get Started.

.:.
The Entry we about to fix in HJT Entry is optional, but i suggest you fix it. See here for more info: http://www.viewfour....le=privacy.html But if you do not want to simpy skip down to the next ".:." :blink:

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
O3 - Toolbar: ClubFM Radio Toolbar - {A3EAF105-FBC1-470B-BC69-B27CA48A0640} - C:\Program Files\ClubFM Radio Toolbar\clubfm_radio4.dll


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

ClubFM Radio Toolbar

Please note any other programs that you dont recognize in that list in your next response

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\ClubFM Radio Toolbar/b]

After that, Reboot, and post a new HijackThis log here in a reply

.:.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

.:.

Please run an on-line virus scan at Kaspersky OnLine Scan[/color]
or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

+++++

If you are unable to run the activeX Antivirus Scanners, lets try this Java based solution from Trend Micro.

.:.

I would also like to get an uninstall list.

To get an Uninstall List from HijackThis:
  • Open HijackThis, click Config, click Misc Tools
  • Click "Open Uninstall Manager"
  • Click "Save List" (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.
.:.

Logs I need in your next reply:
[b]Fresh HJT
Uninstall List
Online Virus Scan

I Await your reply,
Gotham
  • 0

#4
liquidsoundandlight

liquidsoundandlight

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
clubfm is an internet radiostation my wife likes to listen to, but i deleted it anyway.
nvcpl daemon is suspicious


Logfile of HijackThis v1.99.1
Scan saved at 10:41:05 PM, on 2/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\george gibbs\My Documents\spyware and hijack logs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-30.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19....es/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.l...lscbase7617.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1140408676031
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec....ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestat....cab?v=1,0,0,32
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

(((((((((( avg scan {))))))))))))))))))))
"Partition table (MBR)","- OK -","Quick checked"
"Boot sector of disk C:","- OK -","Quick checked"
"System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load","","Scanned"
"System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\Run","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunOnce","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunServices","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\Run","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunOnce","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunServices","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\Winlogon\Userinit","","Scanned"
"System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell","","Scanned"
"System registry exefile\shell\open\command","","Scanned"
"System registry scrfile\shell\open\command","","Scanned"
"System registry scrfile\shell\config\command","","Scanned"
"System registry batfile\shell\open\command","","Scanned"
"System registry cmdfile\shell\open\command","","Scanned"
"System registry comfile\shell\open\command","","Scanned"
"System registry piffile\shell\open\command","","Scanned"
"System registry giffile\shell\open\command","","Scanned"
"System registry htmlfile\shell\open\command","","Scanned"
"System registry htafile\shell\open\command","","Scanned"
"System registry jpegfile\shell\open\command","","Scanned"
"System registry txtfile\shell\open\command","","Scanned"
"System registry regfile\shell\open\command","","Scanned"
"System registry cplfile\shell\cplopen\command","","Scanned"
"System registry Word.Document.8\shell\open\command","","Scanned"
"System registry WordPad.Document.1\shell\open\command","","Scanned"
"System registry inffile\shell\open\command","","Scanned"
"System registry vbsfile\shell\open\command","","Scanned"
"System registry vbefile\shell\open\command","","Scanned"
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe","- OK -","Quick checked"
"C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe","- OK -","Quick checked"
"C:\Program Files\Internet Explorer\iexplore.exe","- OK -","Quick checked"
"C:\Program Files\QuickTime\qttask.exe","- OK -","Quick checked"
"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe","- OK -","Quick checked"
"C:\WINDOWS\regedit.exe","- OK -","Quick checked"
"C:\WINDOWS\system32\mshta.exe","- OK -","Quick checked"
"C:\WINDOWS\system32\rundll32.exe","- OK -","Quick checked"
"C:\WINDOWS\system32\shell32.dll","- OK -","Quick checked"
"C:\WINDOWS\system32\shimgvw.dll","- OK -","Quick checked"
"C:\WINDOWS\system32\kernel32.dll","- OK -","Quick checked"
"C:\WINDOWS\system32\wsock32.dll","- OK -","Quick checked"
"C:\WINDOWS\system32\user32.dll","- OK -","Quick checked"
"C:\WINDOWS\system32\shell32.dll","- OK -","Quick checked"
"C:\WINDOWS\system32\ntoskrnl.exe","- OK -","Quick checked"
"C:\WINDOWS\system32\drivers\etc\hosts","Change","Changed"




uninstall




Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat and Reader 6.0.3 Update
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1
Adobe® Photoshop® Album Starter Edition 3.0
Ahead InCD EasyWrite Reader
Apple Software Update
AVG Free Edition
Creative Prodikeys
Digimax Master
EA downloader
ErrorDoctor
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Software Update
InCD
Internet Explorer 7 Beta 2
IrfanView (remove only)
iTunes
LiveUpdate 3.0 (Symantec Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSXML 4.0 SP2 (KB927978)
Nero OEM
NeroVision Express
NVIDIA Drivers
Panda ActiveScan
Photosmart 140,240,7200,7600,7700,7900 Series
PIXELA ImageMixer
PlanetSide
PowerDVD
QuickTime
Samsung USB Driver
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB926255)
Spy Sweeper
Spyware Nuker XT
StartUp Manager
TeamSpeak 2 RC2
Tenebril Uninstaller 1.20
Turtle Beach Santa Cruz Driver
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinImage

Edited by liquidsoundandlight, 26 February 2007 - 02:07 AM.

  • 0

#5
Gotham

Gotham

    Member

  • Member
  • PipPipPip
  • 385 posts
nvcpl is legit. :blink:


Your Log Is clean! :help: :) :whistling: :) :help:

Now let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should also have a good firewall. Here are 3 free ones available for personal use:and a good antivirus (these are also free for personal use):It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit monthly. And to keep your system clean run these free malware scannersweekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Have a safe and happy computing day!

Gotham
  • 0

#6
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP