Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer is slow and glitchy [RESOLVED]


  • This topic is locked This topic is locked

#1
newzace

newzace

    Member

  • Member
  • PipPip
  • 35 posts
Sirs,

This problem is affecting a teen's computer. I have cleaned a lot of stuff off of the computer already (crap programs, etc.) I have run the various virus programs, which have helped. But the computer is still slow and "glitchy" in that it occasionally freezes up, the screen will become all lines, resulting in a restart, and usually a disk check is requested during start up. My last resort is to clean the hard drive and reinstall everything, which I hope to avoid. Please advise.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:20 AM, on 3/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe,vkncfcp.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {47AA7988-7BC0-45A6-A730-F2ADAAA32D68} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8666D5E2-3E59-4891-A9F7-7B4065A6129C} - (no file)
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AS00_Netgear] C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-861567501-1580436667-1060284298-1010\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Ayizbjv] C:\Program Files\Common Files\M?crosoft\w?crtupd.exe (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] (User '?')
O4 - HKUS\.DEFAULT\..\Run: [Ayizbjv] C:\Program Files\Common Files\M?crosoft\w?crtupd.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] (User 'Default user')
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1204571364401
O16 - DPF: {DC6DB1F2-2C94-42CE-89F7-3FDE27B747BB} - http://spyofficer.co...tallerLight.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ljjkk - C:\WINDOWS\system32\ljjkk.dll (file missing)
O21 - SSODL: bNCJapdZ - {28F06EF9-825A-C453-7CFE-FA425E0E3A4E} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

--
End of file - 5657 bytes
  • 0

Advertisements


#2
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello newzace,

I am Thunderbird1988 and I am going to remove your malwareproblems. If you have questions, feel free to ask :)

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Thunderbird1988
  • 0

#3
newzace

newzace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hello Thunderbird1988, thanks for all of your help. The ComboFix log will be first, followed by the latest HijackThis log...

ComboFix 08-03-07.4 - Ian 2008-03-08 7:47:00.1 - FAT32x86

Running from: C:\Documents and Settings\Ian.JANICEGREEN\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\ian\Application Data\macromedia\Flash Player\#SharedObjects\P2H5HEL4\www.broadcaster.com
C:\Documents and Settings\ian\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\ian\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\Common Files\{28F06~1
C:\Program Files\Common Files\icroso~1
C:\Program Files\Common Files\mcroso~1
C:\Program Files\Common Files\misc001
C:\Program Files\Common Files\misc002
C:\Program Files\Common Files\wnsxs~1
C:\Program Files\Common Files\ymbols~1
C:\Program Files\Common Files\ystem~1
C:\Program Files\fnts~1
C:\Program Files\fnts~2
C:\Program Files\pasystem
C:\Program Files\pasystem\support.dat
C:\Program Files\pasystem\Uninstall.exe
C:\Program Files\racle~1
C:\Program Files\windows
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\racle~1
C:\WINDOWS\ssembl~1
C:\WINDOWS\start.exe
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\cqwnllke.dll
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f02WtR\f02WtR1065.exe
C:\WINDOWS\system32\mbols~1
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mcroso~1
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\pppatc~1
C:\WINDOWS\system32\silc_dll.dll
C:\WINDOWS\system32\sks~1
C:\WINDOWS\system32\stem~1
C:\WINDOWS\system32\xdnhpmwa.dll
C:\WINDOWS\system32\ystem3~1
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\Web\default.htt
C:\WINDOWS\win32066886868452006.exe
C:\WINDOWS\ystem3~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_NET_AGENT
-------\Net Agent


((((((((((((((((((((((((( Files Created from 2008-02-08 to 2008-03-08 )))))))))))))))))))))))))))))))
.

2008-03-08 07:42 . 2008-03-08 07:42 <DIR> d--hs---- C:\FOUND.687
2008-03-08 07:35 . 2008-03-08 07:35 <DIR> d--hs---- C:\FOUND.686
2008-03-08 07:25 . 2008-03-08 07:25 <DIR> d--hs---- C:\FOUND.685
2008-03-08 07:19 . 2008-03-08 07:19 <DIR> d--hs---- C:\FOUND.684
2008-03-07 23:50 . 2008-03-07 23:50 <DIR> d--hs---- C:\FOUND.683
2008-03-07 22:03 . 2008-03-07 22:03 <DIR> d--hs---- C:\FOUND.682
2008-03-07 21:48 . 2008-03-07 21:48 <DIR> d--hs---- C:\FOUND.681
2008-03-06 21:19 . 2008-03-06 21:19 <DIR> d--hs---- C:\FOUND.680
2008-03-06 21:03 . 2008-03-06 21:03 <DIR> d--hs---- C:\FOUND.679
2008-03-06 20:46 . 2008-03-06 20:46 <DIR> d--hs---- C:\FOUND.678
2008-03-06 20:36 . 2008-03-06 20:36 <DIR> d--hs---- C:\FOUND.677
2008-03-06 19:31 . 2008-03-06 19:31 <DIR> d--hs---- C:\FOUND.676
2008-03-05 16:42 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2008-03-05 16:42 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2008-03-04 20:04 . 2008-03-04 20:04 <DIR> d--hs---- C:\FOUND.675
2008-03-04 19:47 . 2008-03-04 19:47 <DIR> d--hs---- C:\FOUND.674
2008-03-04 19:32 . 2008-03-04 19:32 <DIR> d--hs---- C:\FOUND.673
2008-03-04 18:55 . 2008-03-04 18:55 <DIR> d--hs---- C:\FOUND.672
2008-03-04 18:14 . 2008-03-04 18:14 <DIR> d--hs---- C:\FOUND.671
2008-03-04 17:30 . 2008-03-04 17:30 <DIR> d--hs---- C:\FOUND.670
2008-03-04 07:50 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.wusetup.366707.new
2008-03-04 07:48 . 2008-03-04 07:48 <DIR> d--hs---- C:\FOUND.669
2008-03-03 21:45 . 2008-03-03 21:45 <DIR> d--hs---- C:\FOUND.668
2008-03-03 21:30 . 2008-03-03 21:30 <DIR> d--hs---- C:\FOUND.667
2008-03-03 15:57 . 2008-03-03 15:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WEBREG
2008-03-03 15:52 . 2008-03-03 15:52 <DIR> d-------- C:\Documents and Settings\Ian.JANICEGREEN\Application Data\HPAppData
2008-03-03 15:52 . 2008-03-03 15:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HPSSUPPLY
2008-03-03 15:52 . 2008-03-03 15:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
2008-03-03 15:52 . 2008-03-03 15:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2008-03-03 15:51 . 2008-03-03 15:51 <DIR> d-------- C:\Program Files\Common Files\HP
2008-03-03 15:49 . 2008-03-03 15:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
2008-03-03 15:49 . 2008-03-03 15:53 137,623 --a------ C:\WINDOWS\HPHins15.dat
2008-03-03 15:49 . 2007-06-07 00:56 2,828 --------- C:\WINDOWS\hphmdl15.dat
2008-03-03 15:48 . 2007-03-30 07:11 267,864 -ra------ C:\WINDOWS\SYSTEM32\hpzids01.dll
2008-03-03 15:48 . 2007-03-28 14:01 117,760 --a------ C:\WINDOWS\SYSTEM32\hpzll5ha.dll
2008-03-03 11:41 . 2008-03-03 11:41 <DIR> d--hs---- C:\FOUND.666
2008-03-03 11:29 . 2008-03-03 11:29 <DIR> d-------- C:\Documents and Settings\Ian.JANICEGREEN\Application Data\.purple
2008-03-03 11:24 . 2008-03-03 11:24 <DIR> d--hs---- C:\FOUND.665
2008-03-03 11:14 . 2008-03-03 11:14 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-03 10:46 . 2008-03-03 10:46 <DIR> d-------- C:\Documents and Settings\Ian.JANICEGREEN\Application Data\ATI
2008-03-03 10:42 . 2006-05-03 11:57 520,192 --------- C:\WINDOWS\SYSTEM32\ati2sgag.exe
2008-03-03 09:32 . 2008-03-03 09:32 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-03 09:32 . 2008-03-03 09:32 <DIR> d-------- C:\Documents and Settings\Ian.JANICEGREEN\Application Data\SUPERAntiSpyware.com
2008-03-01 13:57 . 2008-03-01 13:57 <DIR> d--hs---- C:\FOUND.664
2008-03-01 13:47 . 2008-03-01 13:47 <DIR> d--hs---- C:\FOUND.663
2008-03-01 13:31 . 2008-03-01 13:31 <DIR> d-------- C:\Program Files\NETGEAR
2008-03-01 13:31 . 2003-03-17 20:27 307,904 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wg311nd5.sys
2008-03-01 13:31 . 2003-03-17 20:27 307,904 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wag311n5.sys
2008-03-01 13:11 . 2008-03-01 13:11 <DIR> d-------- C:\Documents and Settings\Ian.JANICEGREEN\Application Data\Winamp
2008-03-01 12:55 . 2008-03-01 12:55 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Apple Computer
2008-02-21 20:54 . 2008-02-21 20:54 <DIR> d--hs---- C:\FOUND.662
2008-02-21 20:43 . 2008-02-21 20:43 <DIR> d-------- C:\Documents and Settings\Ian.JANICEGREEN\Incomplete
2008-02-21 20:43 . 2008-02-21 20:43 <DIR> d-------- C:\Documents and Settings\Ian.JANICEGREEN\Application Data\FrostWire
2008-02-21 20:43 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-02-21 20:22 . 2008-02-21 20:22 <DIR> d--hs---- C:\FOUND.661
2008-02-21 20:16 . 2008-02-21 20:16 <DIR> d--hs---- C:\FOUND.660
2008-02-21 19:19 . 2008-02-21 19:19 <DIR> d--hs---- C:\FOUND.659
2008-02-21 19:11 . 2008-02-21 19:11 <DIR> d--hs---- C:\FOUND.658
2008-02-21 19:04 . 2008-02-21 19:04 <DIR> d-------- C:\Program Files\iTunes
2008-02-21 19:04 . 2008-02-21 19:04 <DIR> d-------- C:\Program Files\iPod
2008-02-21 19:04 . 2008-02-21 19:04 <DIR> d-------- C:\Documents and Settings\Ian.JANICEGREEN\Application Data\Apple Computer
2008-02-21 19:04 . 2008-03-08 07:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-21 19:04 . 2008-02-21 19:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-21 19:03 . 2008-02-21 19:03 <DIR> d-------- C:\Program Files\Bonjour
2008-02-21 19:01 . 2008-02-21 19:01 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-02-21 19:01 . 2008-02-21 19:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2008-02-18 12:25 . 2008-02-18 12:25 <DIR> d--hs---- C:\FOUND.657
2008-02-18 10:42 . 2008-02-18 10:42 <DIR> d--hs---- C:\FOUND.656
2008-02-17 20:34 . 2008-02-17 20:34 <DIR> d--hs---- C:\FOUND.655
2008-02-17 19:29 . 2008-02-17 19:29 <DIR> d--hs---- C:\FOUND.654
2008-02-16 16:24 . 2008-02-16 16:24 <DIR> d--hs---- C:\FOUND.653
2008-02-16 12:56 . 2008-02-16 12:56 <DIR> d--hs---- C:\FOUND.652
2008-02-16 11:31 . 2008-02-16 11:31 <DIR> d--hs---- C:\FOUND.651
2008-02-16 11:13 . 2008-02-16 11:13 <DIR> d--hs---- C:\FOUND.650
2008-02-16 11:03 . 2008-02-16 11:03 <DIR> d--hs---- C:\FOUND.649
2008-02-16 10:57 . 2008-02-16 10:57 <DIR> d--hs---- C:\FOUND.648
2008-02-16 10:51 . 2008-02-16 10:51 <DIR> d--hs---- C:\FOUND.647
2008-02-16 10:46 . 2008-02-16 10:46 <DIR> d--hs---- C:\FOUND.646
2008-02-15 22:47 . 2008-02-15 22:47 <DIR> d--hs---- C:\FOUND.645
2008-02-15 22:39 . 2008-02-15 22:39 <DIR> d--hs---- C:\FOUND.644
2008-02-15 22:30 . 2008-02-15 22:30 <DIR> d-------- C:\Documents and Settings\Ian.JANICEGREEN\Application Data\acccore
2008-02-14 21:35 . 2008-02-14 21:35 <DIR> d--hs---- C:\FOUND.643
2008-02-14 21:31 . 2008-02-14 21:31 <DIR> d--hs---- C:\FOUND.642
2008-02-14 21:25 . 2008-02-14 21:25 <DIR> d--hs---- C:\FOUND.641
2008-02-14 21:19 . 2008-02-14 21:19 <DIR> d--hs---- C:\FOUND.640
2008-02-11 22:52 . 2008-02-11 22:52 <DIR> d--hs---- C:\FOUND.639
2008-02-11 22:46 . 2008-02-11 22:46 <DIR> d--hs---- C:\FOUND.638
2008-02-11 22:39 . 2008-02-11 22:39 <DIR> d--hs---- C:\FOUND.637
2008-02-11 22:26 . 2008-02-11 22:26 <DIR> d--hs---- C:\FOUND.636
2008-02-11 22:13 . 2008-02-11 22:13 <DIR> d--hs---- C:\FOUND.635
2008-02-11 22:05 . 2008-02-11 22:05 <DIR> d--hs---- C:\FOUND.634
2008-02-11 21:56 . 2008-02-11 21:56 <DIR> d--hs---- C:\FOUND.633
2008-02-11 17:04 . 2008-02-11 17:04 <DIR> d--hs---- C:\FOUND.632
2008-02-11 10:33 . 2008-02-11 10:33 <DIR> d--hs---- C:\FOUND.631
2008-02-11 10:01 . 2008-02-11 10:01 <DIR> d--hs---- C:\FOUND.630
2008-02-11 09:52 . 2008-02-11 09:52 <DIR> d--hs---- C:\FOUND.629
2008-02-10 16:57 . 2008-02-10 16:57 <DIR> d--hs---- C:\FOUND.628
2008-02-10 11:48 . 2008-02-10 11:48 <DIR> d--hs---- C:\FOUND.627
2008-02-09 18:46 . 2008-02-11 21:58 3,932,214 --a------ C:\WINDOWS\WebshotsForJanice.bmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 19:29 --------- d-----w C:\Documents and Settings\Ian.JANICEGREEN\Application Data\.purple
2008-01-28 03:15 --------- d-----w C:\Documents and Settings\ian\Application Data\Leadertech
2008-01-18 04:31 --------- d-----w C:\Program Files\Startup Inspector for Windows
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\SYSTEM32\dllcache\pngfilt.dll
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\SYSTEM32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\SYSTEM32\dllcache\mrxdav.sys
2007-12-08 05:21 3,592,192 ------w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll
2003-07-12 22:50 793 ----a-w C:\Program Files\INSTALL.LOG
2002-11-13 03:56 271 --sh--w C:\Program Files\desktop.ini
2002-11-13 03:56 23,357 ---h--w C:\Program Files\folder.htt
2004-04-21 10:58 2,524 --sh--w C:\WINDOWS\SYSTEM32\Use13R.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 07:20 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-12-04 12:34 406016]
"pccguide.exe"="C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe" [2003-10-27 15:45 258048]
"PCCClient.exe"="C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe" [2003-10-27 15:36 466944]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"AS00_Netgear"="C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe" [2003-05-16 13:59 389120]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Ayizbjv"="C:\Program Files\Common Files\M?crosoft\w?crtupd.exe" [ ]
"zzuk"="c:\windows\stub_113_4_0_4_0.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Printing Migration"="" []

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjkk]
C:\WINDOWS\system32\ljjkk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-10-04 07:20 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-01-02 16:41 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2002-08-27 16:57 290816 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FilmLoop]
C:\Program Files\FilmLoop Player\FilmLoop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
D:\Pinnacle NIne\LaunchList.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop3trap.exe]
--a------ 2003-10-27 15:40 315458 C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\samy]
C:\Program Files\Internet Explorer\samy22011.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2007-02-27 11:39 1310720 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-09 22:28 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{06-6E-EF-F8-ZN}]
C:\DOCUME~1\ian\LOCALS~1\Temp\thinksnet.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
"AIM"=C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
"IncrediMail"=C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
"FAST Defrag"=
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
"ClockSync"="C:\Program Files\ClockSync\Sync.exe" /q
"eZmmod"=C:\PROGRA~1\ezula\mmod.exe
"Rsoe"=C:\Documents and Settings\Janice\Application Data\msob.exe
"Zfmvf"=C:\WINDOWS\SYSTEM\sng.exe
"TV Media"=C:\PROGRAM FILES\TV MEDIA\Tvm.exe
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe"
"MyTotalSearch Email Plugin"=C:\PROGRA~1\MYTOTA~1\BAR\1.BIN\MTSOEMON.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CreativeMixer"=C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE /t
"DeadAIM"=rundll32.exe C:\PROGRA~1\AIM\DeadAIM.ocm,ExportedCheckODLs
"SystemTray"=SysTray.ExE
"Disc Detector"=C:\Program Files\Creative\ShareDLL\CtNotify.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"NPROTECT"=C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
"AS00_Netgear"=C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe -hide
"LexmarkPrinTray"=PrinTray.exe
"bxxs5"=RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
"WildTangent CDA"=RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
"HPDJ Taskbar Utility"=C:\WINDOWS\SYSTEM32\hpztsb09.exe
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe /autostart
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMON.EXE
"AS01_Netgear"=C:\Program Files\NETGEAR\WG311 Wireless Smart Configuration\Utility\NetgearAG.exe -hide
"ICSDCLT"=C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\ICSDCLT.DLL,ICSClient
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
"QuickTime Task"="C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"StillImageMonitor"=C:\WINDOWS\SYSTEM32\STIMON.EXE
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"SchedulingAgent"=mstask.exe
"*StateMgr"=C:\WINDOWS\System\Restore\StateMgr.exe
"ScriptBlocking"="C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
"CSINJECT.EXE"=C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
"NPROTECT"=C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
"SymTray - Norton SystemWorks"=C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
"WinTools"=C:\Program Files\Common Files\WinTools\WToolsA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R2 PCC_PFW;PC-Cillin Personal Firewall;C:\WINDOWS\system32\Drivers\PCC_PFW.sys [2003-10-27 15:34]
R2 PCCPFW;PC-cillin PersonalFirewall;C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe [2003-10-27 15:37]
R3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\system32\AWINDIS5.SYS [2002-04-11 17:43]
R3 NETGEAR_WG311_SERVICE;NETGEAR WG311 Wireless PCI Adapter Service;C:\WINDOWS\system32\DRIVERS\wg311nd5.sys [2003-03-17 20:27]
S3 QDFSDRV;QDFSDRV;C:\WINDOWS\system32\drivers\qdfsdrv.sys [2002-02-01 17:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 07:52:48
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2008-03-08 7:56:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-08 15:56:12
.
2008-02-16 20:19:05 --- E O F ---


hijack this..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:28 AM, on 3/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
c:\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AS00_Netgear] C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [Ayizbjv] C:\Program Files\Common Files\M?crosoft\w?crtupd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [zzuk] c:\windows\stub_113_4_0_4_0.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Ayizbjv] C:\Program Files\Common Files\M?crosoft\w?crtupd.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1204571364401
O16 - DPF: {DC6DB1F2-2C94-42CE-89F7-3FDE27B747BB} - http://spyofficer.co...tallerLight.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ljjkk - C:\WINDOWS\system32\ljjkk.dll (file missing)
O21 - SSODL: bNCJapdZ - {28F06EF9-825A-C453-7CFE-FA425E0E3A4E} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

--
End of file - 6552 bytes
  • 0

#4
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello newzace,

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post

Thunderbird1988
  • 0

#5
newzace

newzace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Here it is...

Ad-Aware 2007
Adobe Flash Player Plugin
Adobe Photoshop 7.0
Adobe Reader 8.1.0
AIM 6
AMD Athlon 64 Processor Driver
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
AutoCAD 2004
Autodesk Express Viewer
Bonjour
FrostWire 4.13.4
Genesys USB Mass Storage Device
Google Talk (remove only)
Google Toolbar for Firefox
GTK+ Runtime 2.10.13 rev a (remove only)
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Customer Participation Program 9.0
HP Deskjet Printer Driver Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPSSupply
iTunes
J2SE Runtime Environment 5.0 Update 7
Java™ 6 Update 3
Kaspersky Online Scanner
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Learning and Research Plus Support Files
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Small Business
Microsoft Office XP Professional with FrontPage
Microsoft XML Parser and SDK
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
neroxml
NETGEAR Wireless PCI Adapter
Notepad++
Opera 9.26
PC-cillin 2002
Personal License Update Wizard for Windows Media Player
Pidgin
QuickTime
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Shockwave
Sierra Utilities
SUPERAntiSpyware Free Edition
syn Version 2.1.0.46
TuneUp Utilities 2004
Ulead VideoStudio 8.0
Uninstall Startup Inspector
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Webshots!
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinZip
XAMPP 1.6.2
  • 0

#6
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello newzace,

I see you have installed Frostwire on your computer, Frostwire is a file sharing program. The problem with this kind of programs is that they are responsible for many infected computers. Also the use of it is illegal in many countries. I therfore strongly recommend you to uninstall it.

A. Please RUN HijackThis
  • Click the SCAN button to produce a log.

  • Place a check mark beside each one of the following items:

    O4 - HKUS\S-1-5-18\..\Run: [Ayizbjv] C:\Program Files\Common Files\M?crosoft\w?crtupd.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [zzuk] c:\windows\stub_113_4_0_4_0.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Ayizbjv] C:\Program Files\Common Files\M?crosoft\w?crtupd.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] (User 'Default user')
    O16 - DPF: {DC6DB1F2-2C94-42CE-89F7-3FDE27B747BB} - http://spyofficer.co...tallerLight.cab
    O20 - Winlogon Notify: ljjkk - C:\WINDOWS\system32\ljjkk.dll (file missing)
    O21 - SSODL: bNCJapdZ - {28F06EF9-825A-C453-7CFE-FA425E0E3A4E} - (no file)

  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.


B. 1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
WINDOWS\SYSTEM32\Use13R.exe
C:\Documents and Settings\Janice\Application Data\msob.exe
C:\WINDOWS\SYSTEM\sng.exe

Folder::
C:\FOUND.687
C:\FOUND.686
C:\FOUND.685
C:\FOUND.684
C:\FOUND.683
C:\FOUND.682
C:\FOUND.681
C:\FOUND.680
C:\FOUND.679
C:\FOUND.678
C:\FOUND.677
C:\FOUND.676
C:\FOUND.675
C:\FOUND.674
C:\FOUND.673
C:\FOUND.672
C:\FOUND.671
C:\FOUND.670
C:\FOUND.669
C:\FOUND.668
C:\FOUND.667
C:\FOUND.666
C:\FOUND.665
C:\FOUND.664
C:\FOUND.663
C:\FOUND.661
C:\FOUND.660
C:\FOUND.659
C:\FOUND.658
C:\FOUND.657
C:\FOUND.656
C:\FOUND.655
C:\FOUND.654
C:\FOUND.653
C:\FOUND.652
C:\FOUND.651
C:\FOUND.650
C:\FOUND.649
C:\FOUND.648
C:\FOUND.647
C:\FOUND.646
C:\FOUND.645
C:\FOUND.644
C:\FOUND.643
C:\FOUND.642
C:\FOUND.641
C:\FOUND.640
C:\FOUND.639
C:\FOUND.638
C:\FOUND.637
C:\FOUND.636
C:\FOUND.635
C:\FOUND.634
C:\FOUND.633
C:\FOUND.632
C:\FOUND.631
C:\FOUND.630
C:\FOUND.629
C:\FOUND.628
C:\FOUND.627
C:\PROGRAM FILES\TV MEDIA
C:\PROGRA~1\MYTOTA~1
C:\Program Files\Common Files\WinTools
C:\PROGRA~1\ezula

Driver::

ADS::

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\samy]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"eZmmod"=-
"Rsoe"=-
"Zfmvf"=-
"TV Media"=-
"MyTotalSearch Email Plugin"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"WinTools"=-



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select ""Do no automatically generate report""
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

Thunderbird1988
  • 0

#7
newzace

newzace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hello Thunderbird1988, thanks again for all of your help. Since the computer in question is a teen's computer, I probably should have done a better job of monitoring for content. The Frostwire application has been removed. I have attached the latest HijackThis and AVG Anti-Spyware logs as requested. I have the ComboFix log as well, I'm just trying to figure out how to post it, as it is a very long document.

Attached Files


  • 0

#8
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
You can split it into more posts. Or if you know how to zip, you can zip it and attach it.
  • 0

#9
newzace

newzace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Zip File! Of course, why didn't I think of that? The Zip file is attached.

Attached Files


  • 0

#10
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Newzace,

Sorry it took me so long to get back to you, I have been busy lately.

OTMoveIt2 -

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [xcode]
    C:\WINDOWS\SYSTEM32\Use13R.exe
    C:\FOUND.689
    C:\FOUND.688

    [/xcode]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.

  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

After you have done this please post the logs of OTMoveIT, a new HijackThislog, and please tell me how your system is running.

Thunderbird1988
  • 0

#11
newzace

newzace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hello Thunderbird1988, sorry about the long delay between posts. I have been sick for the last 10 days or so (still am), so I have not been at my working computer too much.

You can also close tis thread as I cleared the non-working computer's hard drive and reinstalled Windows. That computer was a hand-me-down from another teen in the household, and it turned out to be easier to do it this way. In addition to some nefarious spyware, etc. that was on the computer, it turns out that many of the glitches that resulted in the computer shutting down had to do with a malfunction graphics card. That card has been replaced, and the computer is running fine now.

Thanks for all of your help, and thanks to the Geeks to Go staff for this website and service.
  • 0

#12
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Newzace,

Now this case is solved, I would like to give you some hints to prevent reinfection.

Reenable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety


  • 0

#13
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP