[ngarvey]

Hello,

I'm having some problems with my computer, I don't know if it's spyware related or not. I've been getting the following message on startup with increasing frequency:

svchost.exe - Application error

The instruction at "0x7c918fea" referenced memory at "0x00000010". The memory could not be written.

Also I can't connect to the internet at all.

If it's better to post this in another forum please say so. Thanks for any help you can give.


Here is the HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 13:26:28, on 16/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Documents and Settings\N Garvey\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.launch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputers.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: ConferenceRoom Java Client - http://chat.privatef...000/java/cr.cab
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab28578.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28578.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120149399109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124028668171
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.c...aploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw10fd.law10....ex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab28578.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

[Advertisements]

Let's try fixing the internet issue first:

Download WinsockFix http://www.greyknigh.../WinsockFix.zip and unzip it. Then double click on WinsockFix.exe to run it.

If that fixes the internet issue, then do this next:

Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoft.../activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Please post that log in your next reply.

[greyknight17]

Let's try fixing the internet issue first:

Download WinsockFix http://www.greyknigh.../WinsockFix.zip and unzip it. Then double click on WinsockFix.exe to run it.

If that fixes the internet issue, then do this next:

Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoft.../activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Please post that log in your next reply.

[ngarvey]

WinsockFix didn't work, and my computer got worse, so bad that on start up I could barely do anything. I did a system restore to the beginning of the month and the immediate problems of connecting to the internet and the svchost.exe error seem to be solved. But, my computer is really slow.

Here's the pandascan report:

Incident Status Location

Adware:adware/beginto Not disinfected C:\WINDOWS\SYSTEM32\cache32_rtneg
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\ErrorWindowFunkTray\Proc Bolt.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\N Garvey\Application Data\Internet active\FreeEnc.exe
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\N Garvey\Application Data\Mozilla\Firefox\Profiles\rqyrp7my.default\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\N Garvey\Application Data\Mozilla\Firefox\Profiles\rqyrp7my.default\cookies.txt[90594700]
Adware:Adware/Lop Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C589C501-2A59-473B-8E07-55FDC7\C5CD7BF1-B89E-4E6B-97CE-DA911B
Adware:Adware/Redswoosh Not disinfected C:\Program Files\RSSoft\RSEDNClient.exe

Thanks for your help,

Nic

[greyknight17]

OK, we'll have to work on this with another computer...download any files needed onto a CD or floppy to move over to the computer that can't go online...

Delete these:

C:\WINDOWS\SYSTEM32\cache32_rtneg
C:\Documents and Settings\All Users\Application Data\ErrorWindowFunkTray\
C:\Documents and Settings\N Garvey\Application Data\Internet active\

Delete everything inside this folder:

C:\Program Files\Microsoft AntiSpyware\Quarantine\

Download FindLOP http://metallica.gee...com/findlop.zip and unzip to a folder. Inside the folder find findlop.bat Double click on it and it will create the file C:\findlop.txt Find that file and copy the content into your next reply along with a new HijackThis log. Do NOT restart or shutdown your computer at this time as the filename may change if you do.

[ngarvey]

To be clear, I can connect to the internet. This was fixed after I did my system restore. Sorry for the confusion.

findlop.txt:

[TRACE] Enumerating jobs and queues


HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 19:18:19, on 25/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\N Garvey\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.launch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputers.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: ConferenceRoom Java Client - http://chat.privatef...000/java/cr.cab
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab28578.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28578.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120149399109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124028668171
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.c...aploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw10fd.law10....ex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab28578.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

[greyknight17]

OK, no problem

Where's the FindLOP log?

[ngarvey]

This is all that is in the findlop log

[TRACE] Enumerating jobs and queues

[greyknight17]

Try this one instead:

Download this tool http://www.fbeej.ctr...ogrammer/fl.zip and unzip it. Post the log created here along with a new HijackThis log. Do NOT restart or shutdown your computer at this time as the filename may change if you do.

Just want an update...having any problems now?

[ngarvey]

The only problem is speed. It's most obvious on startup, sometimes it takes 5 mins to startup but since you don't want me to shutdown I haven't been able to check this. Maybe my problem isn't spyware but some sort of disc error.

Anyway here is the log:

Volume in drive C has no label.
Volume Serial Number is 8C88-5C15

Directory of C:\Documents and Settings\All Users\Application Data

04/01/2006 00:01 <DIR> Adobe
07/06/2005 15:21 <DIR> AOL
21/01/2006 01:39 <DIR> Apple Computer
26/02/2006 08:00 <DIR> AVG7
07/01/2005 09:55 <DIR> Grisoft
05/12/2003 15:05 <DIR> MSN6
14/05/2004 18:50 <DIR> nView_Profiles
05/07/2004 17:39 <DIR> PopCap
21/01/2006 01:44 1,751 QTSBandwidthCache
14/12/2003 11:36 <DIR> QuickTime
28/11/2005 00:57 <DIR> Spybot - Search & Destroy
23/11/2004 20:48 <DIR> Trymedia
13/12/2005 20:02 <DIR> Ulead Systems
05/06/2005 16:31 <DIR> Viewpoint
10/08/2005 23:56 <DIR> Windows Genuine Advantage
1 File(s) 1,751 bytes
14 Dir(s) 16,471,560,192 bytes free
Volume in drive C has no label.
Volume Serial Number is 8C88-5C15

Directory of C:\Documents and Settings\N Garvey\Application Data

04/09/2005 00:52 <DIR> Adobe
14/02/2006 08:06 <DIR> AdobeUM
07/06/2005 15:21 <DIR> AOL
02/03/2004 17:37 <DIR> Apple Computer
25/10/2005 18:36 <DIR> AVG7
09/02/2004 10:04 0 dm.ini
02/11/2005 19:17 <DIR> ERROR TYPE
26/10/2004 17:41 74,224 GDIPFONTCACHEV1.DAT
13/12/2005 20:49 <DIR> Google
08/12/2003 21:31 <DIR> Help
17/02/2006 20:46 <DIR> ICQLite
12/12/2002 13:47 <DIR> Identities
12/12/2002 13:54 <DIR> InterTrust
05/12/2003 10:15 <DIR> InterVideo
05/12/2003 11:26 <DIR> Kazaa Lite
09/06/2005 00:14 <DIR> Lavasoft
23/04/2004 19:34 <DIR> Macromedia
10/05/2005 13:40 <DIR> MathWorks
17/06/2005 21:16 <DIR> Media Player Classic
03/10/2004 11:58 <DIR> Mozilla
07/12/2003 22:05 <DIR> MSN6
10/12/2003 20:41 <DIR> Real
03/10/2004 11:58 <DIR> Talkback
13/12/2005 19:49 <DIR> Ulead Systems
14/11/2004 15:26 <DIR> vlc
11/06/2005 19:06 <DIR> WinPatrol
06/06/2005 10:43 <DIR> You've Got Pictures Screensaver
2 File(s) 74,224 bytes
25 Dir(s) 16,471,560,192 bytes free
Volume in drive C has no label.
Volume Serial Number is 8C88-5C15

Directory of C:\Documents and Settings\Default User\Application Data

12/12/2002 13:54 <DIR> .
12/12/2002 13:54 <DIR> ..
12/12/2002 05:41 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 16,471,560,192 bytes free
Volume in drive C has no label.
Volume Serial Number is 8C88-5C15

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C has no label.
Volume Serial Number is 8C88-5C15

Directory of C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues

[greyknight17]

I'm wondering what could cause that slowdown though since you really don't have a lot of programs running at startup. If you want, you can try disabling some programs at startup to see if it helps. Go to Start->Run and type in msconfig and then hit OK. Go to the Startup tab and uncheck only those programs you know you don't need...for example, leave the main security programs like AVG and any other programs you are unsure along.

If that still doesn't help, then do the Kaspersky scan:

Run a virus scan using Kaspersky Online Scanner. Just click on the Kaspersky Online Scanner button and read what's posted there - hit Accept once you're done. Download the ActiveX file when prompted. Scanning will begin shortly. When it's done post the log here.

[greyknight17]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.