The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

My Hijack Log - For your kind attention, please

Posted 7/15/2007 6:19 PM
#50481
User avatar

peterfoster Valued member

Date Joined Nov 2016
Total Posts: 13
Here's my Hijack Log. All the Spyware, Adware and Virus scans I have run are now clean. Any help you can provide would be much appreciated. Thanks.


Logfile of HijackThis v1.99.1
Scan saved at 18:28:50, on 15/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Prevx2\PXConsole.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Prevx2\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = supanet Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Search and Remove Spyware - {CDB280E8-BE43-4128-8A5A-3FCD094E2D88} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Search and Remove Spyware - {CDB280E8-BE43-4128-8A5A-3FCD094E2D88} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.supanet.com/
O15 - Trusted Zone: www.ActualResearch.com
O15 - Trusted Zone: www.bet365.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - https://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - https://download.ebay.com/turbo_lister/UK/install.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - https://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe" -f (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)
Posted 7/15/2007 7:30 PM
#50484
User avatar

peterfoster Valued member

Date Joined Nov 2016
Total Posts: 13
Here's my rootlog.txt file-

********************************* ROOTCHK-(08-07-07)-LOG, by ejvindh
15/07/2007 20:18:14.59

Driver nm (visible) is present. Run COMBOFIX by sUBs.

********************************* ROOTCHK-LOG-end


catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, https://www.gmer.net
Rootkit scan 2007-07-15 20:19:57
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0
Posted 7/16/2007 5:12 AM
#50492
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hi peterfoster :cool:





Please download Combofix:

https://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

download.bleepingcomputer.com/sUBs/ComboFix.exe
and save to the desktop.


Close all other browser windows.

Double click on combo.exe & follow the prompts.


When finished, it will produce a logfile located at C:\ComboFix.txt.


Post the contents of that log in your next reply with a new hijackthis log.

Note:
Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/17/2007 10:02 PM
#50563
User avatar

peterfoster Valued member

Date Joined Nov 2016
Total Posts: 13
Hi peterfoster :cool:







Please download Combofix:

https://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

download.bleepingcomputer.com/sUBs/ComboFix.exe
and save to the desktop.


Close all other browser windows.

Double click on combo.exe & follow the prompts.


When finished, it will produce a logfile located at C:\ComboFix.txt.


Post the contents of that log in your next reply with a new hijackthis log.

Note:
Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.






Apologies for the delay in getting back to you, Touch. Many thanks for helping me. I've downloaded Combofix but to date I haven't been able to get it to run. I get the message "Windows cannot find nircmd.exe." My ability to visit sites, download things and generally work with the computer is now at a minimum - I'm posting this message with my "other" PC. Everything I try with my "sick" computer takes an eternity. All my scans - adware, virus and spyware - come up clear. Even if I just go into "my computer" I get the "yellow torch" graphic. I'll reboot and try to run combofix again.
Posted 7/19/2007 7:29 PM
#50657
User avatar

peterfoster Valued member

Date Joined Nov 2016
Total Posts: 13
Would it be worthwhile to attempt to run cambofix in safe mode, do you think....
Posted 7/20/2007 5:14 AM
#50667
User avatar

peterfoster Valued member

Date Joined Nov 2016
Total Posts: 13
Good news, Touch! I've managed to run Cambofix by closing doen my PREVX2 malware software. Here's the log file (it took 90 mintes to produce) followed by a new "hijackthis" log file-




"Peter" - 2007-07-19 23:51:35 - ComboFix 07-07-17.8 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-19 to 2007-07-19 )))))))))))))))))))))))))))))))


2007-07-17 23:49 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-16 21:35 1,060,864 --a------ C:\WINDOWS\SYSTEM32\MFC71.dll
2007-07-16 21:27 <DIR> d--h----- C:\BJPrinter
2007-07-15 22:35 13,107,200 --a------ C:\WINDOWS\SYSTEM32\oembios.bin
2007-07-14 21:01 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-07-14 14:21 374,752 --a------ C:\WINDOWS\SYSTEM32\WUSBGXP.sys
2007-07-14 14:21 339,488 --a------ C:\WINDOWS\SYSTEM32\WUSB20XP.sys
2007-07-14 14:21 15,781 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys
2007-07-14 14:21 140,416 --------- C:\WINDOWS\SYSTEM32\rt2500usb.sys
2007-07-12 22:16 <DIR> d-------- C:\Program Files\CCleaner
2007-07-12 22:15 2,719,216 --a------ C:\Program Files\ccsetup140.exe
2007-07-09 21:03 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Symantec
2007-07-08 23:57 <DIR> d-------- C:\DOCUME~1\Peter\APPLIC~1\Comodo
2007-07-08 23:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-07-08 23:51 <DIR> d-------- C:\Program Files\Comodo
2007-07-08 23:50 7,943,248 --a------ C:\Program Files\CFP_Setup_English_2.4.18.184.exe
2007-07-08 17:04 <DIR> d-------- C:\WINDOWS\ERUNT
2007-07-07 23:45 <DIR> d-------- C:\DOCUME~1\Peter\APPLIC~1\Prevx
2007-07-07 23:44 <DIR> d-------- C:\Program Files\Prevx2
2007-07-07 23:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
2007-07-07 23:43 77,312 --a------ C:\WINDOWS\ua2.dll
2007-07-07 18:50 <DIR> d-------- C:\Program Files\a-squared Free
2007-07-07 18:49 16,719,472 --a------ C:\Program Files\a2FreeSetup.exe
2007-07-07 18:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-07 18:43 5,914,648 --a------ C:\Program Files\SUPERAntiSpyware.exe
2007-07-07 18:43 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-07-07 18:43 <DIR> d-------- C:\DOCUME~1\Peter\APPLIC~1\SUPERAntiSpyware.com
2007-07-07 15:07 635,272 --a------ C:\Program Files\WindowsXP-KB930178-x86-ENU.exe
2007-06-29 22:11 6,221,304 --a------ C:\Program Files\winamp535_full_emusic-7plus.exe
2007-06-23 13:33 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-06-23 12:37 18,164,640 --a------ C:\Program Files\aaw2007.exe



(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-16 22:49:17 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-16 22:14:01 -------- d-----w C:\Program Files\Norton Personal Firewall
2007-07-16 20:35:57 -------- d-----w C:\Program Files\Canon
2007-07-15 10:01:04 -------- d-----w C:\DOCUME~1\Peter\APPLIC~1\Canon
2007-07-14 13:21:53 -------- d-----w C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
2007-07-14 13:21:44 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-07 20:49:26 -------- d-----w C:\Program Files\Lavasoft
2007-07-07 20:48:03 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-07-07 12:32:17 3,923,240 ----a-w C:\Program Files\SFTPMSI.exe
2007-06-29 21:13:31 -------- d-----w C:\Program Files\Winamp
2007-06-23 11:52:09 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
2007-06-23 11:50:25 4,673,280 ----a-w C:\Program Files\bitcomet_setup.exe
2007-06-07 21:06:32 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-06-04 14:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 14:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 14:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-03 10:32:54 -------- d-----w C:\DOCUME~1\Peter\APPLIC~1\uTorrent
2007-06-03 09:55:40 -------- d-----w C:\Program Files\dvdSanta
2007-05-27 15:07:22 -------- d-----w C:\Program Files\ulead.dat
2007-05-26 16:36:12 -------- d-----w C:\Program Files\LimeWire
2007-05-25 21:09:42 -------- d-----w C:\DOCUME~1\Peter\APPLIC~1\Ahead
2007-05-20 16:26:06 -------- d-----w C:\DOCUME~1\Peter\APPLIC~1\Media Player Classic
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-15 10:11:55 1,272,712 ----a-w C:\Program Files\WindowsXP-KB927891-v2-x86-ENU.exe
2007-03-31 19:47:01 40,515 ----a-w C:\Program Files\Premonition__Canalstreet_Telesync_[-www.meganova.org-].torrent
2007-03-31 19:40:00 15,062 ----a-w C:\Program Files\[isoHunt]_Premonition.CAM.XviD-FuZe.[www.torrentfive.com].torrent
2007-03-30 18:26:43 57,419 ----a-w C:\Program Files\Borat_The_Movie_2006_Dvdrip_[-www.meganova.org-].torrent
2007-03-27 22:48:44 4,322,304 ----a-w C:\Program Files\aawsepersonal.exe
2007-03-17 22:42:32 7,170,794 ----a-w C:\Program Files\Codecs6026_allin1.zip
2007-03-06 21:46:45 28,636 ----a-w C:\Program Files\Get_Carter__1971__DVD_Rip_XviD_avi-Fenopy.com.torrent
2007-03-06 20:39:51 28,740 ----a-w C:\Program Files\Cabaret(Xvid)(Darkside_RG)_-[www.bitenova.nl]-_.torrent
2007-03-05 21:22:09 22,521 ----a-w C:\Program Files\Get_Carter_1971_dvdrip_x264[www.torrentlocomotive.com].torrent
2007-03-05 21:13:21 15,771 ----a-w C:\Program Files\THE_GODFATHER_1972_PALDVDRIP_XVID_AC3_ENG_ARG[www.torrentlocomotive.com].torrent
2007-03-03 13:41:53 19,050 ----a-w C:\Program Files\Gunsmoke_S10_E349_-[www.bitenova.nl]-_.torrent
2007-02-24 23:08:12 6,718,976 ----a-w C:\Program Files\winamp533_full_emusic-7plus.exe
2007-02-24 07:58:21 21,822,168 ----a-w C:\Program Files\AdbeRdr80_en_US.exe
2007-01-01 12:28:21 16,546,295 ----a-w C:\Program Files\YouTube - Strictly Come Dancing - Week 4.flv
2006-11-27 20:08:18 31,207 ----a-w C:\Program Files\I_039_m_Alan_Partridge_-_Season_1[www.btmon.com].torrent
2006-11-26 14:42:10 25,760,213 ----a-w C:\Program Files\SUPERsetup.exe
2006-11-05 23:27:44 888,624 ----a-w C:\Program Files\MuVoAudible_PCFW_1_40_12_L4.exe
2006-11-05 23:24:58 2,121,409 ----a-w C:\Program Files\MUVO_DRV_LB_1_00_04_250.exe
2006-11-05 14:09:32 320,323 ----a-w C:\Program Files\25x0_2F9_RPC+RL.rar
2006-11-05 13:48:00 484,032 ----a-w C:\Program Files\R92733.EXE
2006-11-05 12:19:11 15,958,889 ----a-w C:\Program Files\sonic.exe
2006-11-05 11:29:02 12,754,672 ----a-w C:\Program Files\MP10Setup.exe
2006-11-01 00:31:22 245,760 ----a-w C:\Program Files\Youtube Grabber.exe
2006-10-07 12:39:07 6,192,024 ----a-w C:\Program Files\TVUPlayer.zip
2006-10-07 10:46:48 6,350,898 ----a-w C:\Program Files\BitTorrent-4.24.0.exe
2006-09-18 14:43:12 2,077,424 ----a-w C:\Program Files\WindowsXP-KB894391-x86-ENU.exe
2006-09-12 20:54:32 34,330,784 ----a-w C:\Program Files\Anonymizer_Software.exe
2006-06-03 09:57:13 1,184,625 ----a-w C:\Program Files\Setup_AltoMP3Gold.exe
2006-05-20 11:24:36 3,993,605 ----a-w C:\Program Files\dg5uk.exe
2006-05-17 22:23:55 51,838,779 ----a-w C:\Program Files\20060411081746125_Samsung_PC_Studio_3_Installer.exe
2006-05-15 17:52:35 60,928 --sha-w C:\Program Files\Thumbs.db
2006-05-11 08:37:45 21,254,280 ----a-w C:\Program Files\AdbeRdr707_en_US.exe
2006-05-11 08:32:31 7,050,552 ----a-w C:\Program Files\psa30se_en_us.exe
2006-05-11 08:31:22 762,512 ----a-w C:\Program Files\ytb612_efgsip.exe
2006-05-07 17:03:49 359,112 ----a-w C:\Program Files\LimeWireWin.exe
2006-03-27 17:29:05 4,752,968 ----a-w C:\Program Files\MsgPlus-362.exe
2006-03-05 17:34:15 5,640,784 ----a-w C:\Program Files\winamp52_full_emusic-7plus.exe
2006-01-27 23:12:46 36,488,456 ----a-w C:\Program Files\iTunesSetup.exe
2005-09-24 21:58:32 10,371,006 ----a-w C:\Program Files\Chelmsford.wmv
2005-09-18 17:44:16 2,972,568 ----a-w C:\Program Files\screensaver_2005.zipspooks.zip
2005-09-13 18:54:14 1,282,759 ----a-w C:\Program Files\MBM5370.exe
2005-09-05 18:33:42 906 ----a-w C:\Program Files\sweet.gif
2005-09-05 18:33:20 23,747 ----a-w C:\Program Files\lip_gloss.gif
2005-09-05 18:32:58 3,410 ----a-w C:\Program Files\sexipepsiblinkiereddpp.gif
2005-09-05 18:32:19 29,930 ----a-w C:\Program Files\pretty pink.gif
2005-09-05 18:32:05 1,288 ----a-w C:\Program Files\luvshopp.gif
2005-09-05 18:31:49 2,317 ----a-w C:\Program Files\baby blue.gif
2005-09-04 21:18:24 11,635,064 ----a-w C:\Program Files\GoogleEarth.exe
2005-08-31 21:05:56 49,343 ----a-w C:\Program Files\inv78-02.zip
2005-08-05 07:02:36 158,213 ----a-w C:\Program Files\Fw_Me_2_!.eml
2005-07-24 20:06:57 5,176,904 ----a-w C:\Program Files\winamp5094_full_emusic-7plus.exe
2005-07-18 20:02:11 2,038 ----a-w C:\Program Files\21.gif
2005-07-18 19:32:17 6,423 ----a-w C:\Program Files\hi_its_me.gif
2005-07-18 19:25:12 3,936 ----a-w C:\Program Files\100%me.gif
2005-07-08 18:06:46 10,017 ----a-w C:\Program Files\insane.gif
2005-07-08 18:02:16 2,602 ----a-w C:\Program Files\playboy.gif
2005-07-08 17:58:17 7,190 ----a-w C:\Program Files\avatarpinkwater8342.gif
2005-06-26 13:26:22 5,186,992 ----a-w C:\Program Files\winamp5093_full_emusic-7plus.exe
2005-06-13 17:58:17 1,697 ----a-w C:\Program Files\msnpiccykiss.gif
2005-05-22 20:23:16 3,066,888 ----a-w C:\Program Files\BSLITEINSTALL.exe
2005-05-20 19:16:38 3,479 ----a-w C:\Program Files\rideacowboy.gif
2005-05-15 21:08:23 4,833,824 ----a-w C:\Program Files\winamp509_full_emusic-8basic.exe
2005-04-13 17:31:06 480,256 ----a-w C:\Program Files\FreeMyEmoticonsGirlie.exe
2005-02-19 10:46:48 15,746,528 ----a-w C:\Program Files\R75461.EXE
2005-01-20 12:15:42 1,835 ----a-w C:\Program Files\supanet.ins
2004-12-03 17:15:11 160,768 ----a-w C:\Program Files\HijackThis.exe
2004-11-27 02:19:55 1,454,419 ----a-w C:\Program Files\RegFreezeSetup.zip
2004-11-13 23:55:48 3,490,277 ----a-w C:\Program Files\avi-pro.exe
2004-11-13 20:46:06 5,494,832 ----a-w C:\Program Files\DivXPlayerInstaller.exe
2004-11-13 18:52:27 1,737,320 ----a-w C:\Program Files\TMPGEnc-2.521.58.169-Free.zip
2004-11-13 14:58:48 5,285,888 ----a-w C:\Program Files\Pstory.msi
2004-10-03 11:23:24 1,418,304 ----a-w C:\Program Files\j2re-1_4_2_05-windows-i586-p-iftw.exe
2004-09-12 21:01:34 4,565,928 ----a-w C:\Program Files\winamp505_full.exe
2004-09-12 17:25:55 1,028,368 ----a-w C:\Program Files\vbrun60-setup.exe
2004-09-06 16:08:54 90,112 ------w C:\Program Files\uvSEPA.dll
2004-09-06 16:06:18 217,088 ------w C:\Program Files\uvMPEG2.dll
2005-05-13 17:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 11:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-13 21:27:00 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-07 19:14:52 308,224 --sha-r C:\WINDOWS\SYSTEM32\avisynth.dll
2005-07-14 12:31:20 27,648 --sha-r C:\WINDOWS\SYSTEM32\AVSredirect.dll
2005-06-26 15:32:28 616,448 --sha-r C:\WINDOWS\SYSTEM32\cygwin1.dll
2005-06-21 22:37:42 45,568 --sha-r C:\WINDOWS\SYSTEM32\cygz.dll
2004-01-25 00:00:00 70,656 --sha-r C:\WINDOWS\SYSTEM32\i420vfw.dll
2006-04-27 10:24:24 2,945,024 --sha-r C:\WINDOWS\SYSTEM32\Smab.dll
2005-02-28 13:16:22 240,128 --sha-r C:\WINDOWS\SYSTEM32\x.264.exe
2004-01-25 00:00:00 70,656 --sha-r C:\WINDOWS\SYSTEM32\yv12vfw.dll



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F85D76C-0569-466F-A488-493E6BD0E955}]
2006-03-26 22:44 265432 --------- C:\Program Files\Windows Desktop Search\dsWebAllow.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
2007-06-14 14:07 443968 --a------ C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}]
2006-01-10 12:09 90112 --a------ C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-07-12 04:00 501136 --a------ C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
2003-09-07 00:31 126976 --a------ C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2006-09-27 17:45 544032 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PrevxOne"="C:\Program Files\Prevx2\PXConsole.exe" [2007-07-10 07:42]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"WUSB54Gv4"="C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe" [2004-04-19 09:19]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-27 19:31]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-07-08 23:51]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 20:47]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"MtdAcq"="C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe" [2002-10-16 19:13]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2005-10-12 18:13]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SpyBotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe


C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-05-18 21:01:49]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-01-05 22:40:16]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-08-19 01:00:00]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"="C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 13:11]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 13:29]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll --a------ 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp



Contents of the 'Scheduled Tasks' folder
2007-07-13 20:08:36 C:\WINDOWS\tasks\1-Click Maintenance.job
2007-07-19 23:32:05 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
2004-01-15 10:25:21 C:\WINDOWS\tasks\ISP signup reminder 1.job


**************************************************************************

catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2007-07-20 00:43:48
Windows 5.1.2600 Service Pack 2 NTFS


scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


**************************************************************************

Completion time: 2007-07-20 1:11:44

--- E O F ---


And here's the new "highjackthis" log-





Logfile of HijackThis v1.99.1
Scan saved at 06:06:48, on 20/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\Dell\Media Experience\PCM2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
https://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.supanet.com/
O15 - Trusted Zone:
www.ActualResearch.com
O15 - Trusted Zone: www.bet365.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - https://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - https://download.ebay.com/turbo_lister/UK/install.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - https://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe" -f (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)






Thanks for your help, Touch.
Posted 7/20/2007 6:56 AM
#50678
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
It looks promising :smile:





[2]Update Superantispyware[/2]






Download and install DrWebCureit:

https://spywareinfo.dk/download/drweb-cureit.exe[/color][/url]



to your desktop.









Doubleclick the "drweb-cureit.exe" and click "ok" in the prompt window that will open , asking "start the express scan now".

It will first make a quick scan of your system, let it clean what it find, and when it says "done"

Click on the green screwdriver-

Actions Tab- Adware-Dialers-Riskware-Hacktools, use dropdown menu and select -Delete

Click on the drive(s) you want to scan . A red dot will mark the selected drive(s) . Then hit the green arrow in lower right corner It will now scan your drive(s), say yes to all



After the scan, in the Dr.Web CureIt menu on top, click file and choose save report list

Save the report to your desktop. The report will be called DrWeb.csv

Close Dr.Web Cureit.



Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.









Start Superantispyware/rightclick on the black/yellow bug in tray.

Hit - Scan Your Computer - button

Click on the drive(s) you want to scan. Put a check in - Perform Complete Scan, then next,

it will scan now. When scan have finished, put a checkmark with all items it found. Next, after cleaning, allow it to Reboot







Start Superantispyware again –

Click Preferences and then click the statistics/logs tab.

Click the dated log and press view log and a text file will appear.







Post this log along with Dr.Web log and tell how things are running ?






















[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/20/2007 7:56 PM
#50703
User avatar

peterfoster Valued member

Date Joined Nov 2016
Total Posts: 13
Thanks, Touch. This all feels very hopeful.


As Winston said: "Now this is not the end. It is not even the beginning of the end. But it is, perhaps, the end of the beginning...."



I'm scanning the C drive with Dr Webb antivirus as you kindly suggested and sadly the scan has been stalled for an hour on "C:\i386\MSOBSHEL.DLL"



Could this be the problem. do you think? Thanks.
Posted 7/21/2007 4:01 AM
#50730
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
""The End of the Beginning"
"The Germans have received back again that measure of fire and steel which they have so often meted out to others. Now this is not the end. It is not even the beginning of the end. But it is, perhaps, the end of the beginning.""

—Lord Mayor's Luncheon, Mansion House following the victory at El Alameinin North Africa, London, 10 November 1942.

-----------------------------------------------------------------------------------


It should´nt be a problem.





Check if You have more than one MSOBSHEL.DLL




Go to Start- Search and scrolldown using the scroll bar on the right. Go down to More advanced options and click.

Be sure the first three boxes are selected:

Search System folders

Search Hidden Files and folders

Search SubFolders

And find:

[2]MSOBSHEL.DLL[/2]

[2][/2]

[2]Post back the result[/2]

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/21/2007 11:17 AM
#50745
User avatar

peterfoster Valued member

Date Joined Nov 2016
Total Posts: 13
Hello, Touch



Search has revealed five instances of files named MSOBSHEL.DLL. I've listed these below together with all the related detail of each-



1. In Folder: C:\I386



Description: Microsoft Out of Box Experience

Company: Microsoft Corporation

File Version: 5.1.2600.0

Date Created: 15/01/2004 11.35

Size: 27.5 KB



This is the file which caused all the scans to stall




2. In Folder: C:\WINDOWS\$NtServicePackFilesUninstall$



Description: Microsoft Out of Box Experience

Company: Microsoft Corporation

File Version: 5.1.2600.0

Date Created: 02/12/2004 22.51

Size: 27.5 KB



For some reason the details of this file in the "Results of Search" list are in blue whereas the other four are in black.




3. In Folder: C:\WINDOWS\ServicePackFiles\i386



Description: Microsoft Out of Box Experience

Company: Microsoft Corporation

File Version: 5.1.2600.2180

Date Created: 02/12/2004 22.58

Size: 30.0 KB




4. In Folder: C:\WINDOWS\SYSTEM32\OOBE



Description: Microsoft Out of Box Experience

Company: Microsoft Corporation

File Version: 5.1.2600.2180

Date Created: 29.08.2002 06.00

Size: 30.0 KB



5. In Folder: C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34a35fced0033d3e152a36e0e


Description: Microsoft Out of Box Experience

Company: Microsoft Corporation

File Version: 5.1.2600.2180

Date Created: 04.08.2004 08.56

Size: 30.0 KB



Thanks again, Touch.
Posted 7/21/2007 11:49 AM
#50746
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Ok. Copy the one You have in - C:\WINDOWS\SYSTEM32\OOBE - to C:\I386 Folder. Say Yes to overwrite




Windows system files are blue :smile:

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/21/2007 6:28 PM
#50756
User avatar

peterfoster Valued member

Date Joined Nov 2016
Total Posts: 13
Ok. I've copied the "System32" version of "MSOBSHEL.DLL" to the "i386" version. I know that I have succeeded in this because the "old i386" version was 27.5 KB whereas the new version is 30.0 KB which of course is the same size as the "System32" version!



I've run the Dr.Web scan on the C Drive and sadly it's been stalled now again for an hour on the same file as it did yesterday - C:\i386\MSOBSHEL.DLL.



Of course, because the "i386" is now identical to the "System32" version (because the former is a copy of the latter!) it of course means that the scan will also stick on the "System32" version of the file. I went into "properties" in both the !i386" and "System32" versions of the file and both state "These files are used by the Operating System and by various programs. Editing/modification could damage your system. If you still want to open the file, click "Open With""



I note in a google search that there are a number of remedies flagged for repairing "MSOBSHEL,DLL" including a product named "Regcure" from "TuneupAdvior." Other products are "WindowsRegistryRepair.com" and "Programmechecker.com."



What do you feel is the best way forward? Thanks.
Posted 7/22/2007 9:26 PM
#50782
User avatar

peterfoster Valued member

Date Joined Nov 2016
Total Posts: 13
Because the DrWeb and Superantispyware scans keep stalling when I try to run them in normal mode, I have run them in safe mode and have managed to get them to complete the scans in safe mode. i.e. the files which caused the scans to stall in normal mode did not cause the scan to stall in safe mode. (For example, files such as "MSOBSHEL")



I have posted the DrWeb and Superantispyware scans below, (The computer is running very slowly generally and taking an age to respond. For eample from boot up to being able to begin to compose this posting has taken over 15 minutes.)



Here's the DrWeb report called "DrWeb.csv"-




[table cellSpacing=0 cellPadding=2 width=943 border=0]
[tr ][td width="36%" colSpan=5 height=16][2]SURVEY.EXE;C:\Peter;Joke.Opros;Deleted.;[/2]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][/tr][tr ][td width="71%" colSpan=10 height=16][2]FreeMyEmoticonsGirlie.exe\data001;C:\Program Files\FreeMyEmoticonsGirlie.exe;Adware.SaveNow;;[/2]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][/tr][tr ][td width="57%" colSpan=8 height=16][2]FreeMyEmoticonsGirlie.exe;C:\Program Files;Archive contains infected objects;Moved.;[/2]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][/tr][tr ][td width="79%" colSpan=11 height=16][2]Antispy_SDK.ocx;C:\Program Files\Anonymizer\Anonymizer Software\AnonASW;Probably DLOADER.Trojan;Deleted.;[/2]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][/tr][tr ][td width="64%" colSpan=9 height=16][2]MCCWrapper.dll;C:\Program Files\Common Files\Motive;Probably DLOADER.Trojan;Deleted.;[/2]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][/tr][tr ][td width="50%" colSpan=7 height=16][2]khancer.exe;C:\Program Files\K-Lite;Probably BACKDOOR.Trojan;Deleted.;[/2]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][/tr][tr ][td width="36%" colSpan=5 height=16][2]Process.exe;C:\SDFix\apps;Tool.Prockill;Deleted.;[/2]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][/tr][tr ][td colSpan=14 height=16][2]A0019283.exe\data001;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP25\A0019283.exe;Adware.SaveNow;;[/2]
[/td][/tr][tr ][td colSpan=14 height=16][2]A0019283.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP25;Archive contains infected objects;Moved.;[/2]
[/td][/tr][tr ][td width="86%" colSpan=12 height=16][2]A0019284.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP25;Tool.Prockill;Deleted.;[/2]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][/tr][tr ][td width="7%" height=16][2]installer[p2p-10207[/2]
[/td][td width="29%" colSpan=4 height=16][2]de].exe;C:\WINDOWS;Dialer.Star;Deleted.;[/2]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][/tr][tr ][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][td width="7%" height=16]
[/td][/tr][/table]


And here's the Superantispyware Log-



SUPERAntiSpyware Scan Log
https://www.superantispyware.com

Generated 07/22/2007 at 09:00 PM

Application Version : 3.9.1008

Core Rules Database Version : 3272
Trace Rules Database Version: 1283

Scan type : Complete Scan
Total Scan Time : 01:13:13

Memory items scanned : 195
Memory threats detected : 0
Registry items scanned : 6562
Registry threats detected : 0
File items scanned : 60806
File threats detected : 10

Adware.Tracking Cookie
C:\Documents and Settings\Peter\Cookies\peter@247realmedia[1].txt
C:\Documents and Settings\Peter\Cookies\peter@tribalfusion[1].txt
C:\Documents and Settings\Peter\Cookies\peter@indextools[2].txt
C:\Documents and Settings\Peter\Cookies\peter@hitbox[2].txt
C:\Documents and Settings\Peter\Cookies\peter@atdmt[1].txt
C:\Documents and Settings\Peter\Cookies\peter@www.googleadservices[2].txt
C:\Documents and Settings\Peter\Cookies\peter@clickbank[2].txt
C:\Documents and Settings\Peter\Cookies\peter@2o7[1].txt
C:\Documents and Settings\Peter\Cookies\peter@adverts.digitalspy.co[2].txt
C:\Documents and Settings\Peter\Cookies\peter@ehg-twi.hitbox[2].txt
Posted 7/23/2007 4:27 AM
#50799
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Please post new hijackthis log, so We can see if there is any changes in the log

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/23/2007 7:22 PM
#50822
User avatar

peterfoster Valued member

Date Joined Nov 2016
Total Posts: 13
Hello, Touch. Here's a freshly-baked hijackthis log which was a real struggle to post. The machine is borderline unusable. Thanks.


Logfile of HijackThis v1.99.1
Scan saved at 19:47:54, on 23/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.supanet.com/
O15 - Trusted Zone: www.ActualResearch.com
O15 - Trusted Zone: www.bet365.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - https://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - https://download.ebay.com/turbo_lister/UK/install.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - https://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)
Posted 7/24/2007 6:59 AM
#50844
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Still looks clean :smile:




I suggest You folow these tips as described in these guides



https://www.tweakhound.com/xp/xptweaks/supertweaks12.htm

https://www.pchell.com/support/how_to_speed_up_windows_boot_time.shtml

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/24/2007 7:23 AM
#50847
User avatar

peterfoster Valued member

Date Joined Nov 2016
Total Posts: 13
Thanks, Touch; willdo.

Do you think that the fact that certain files (MSOBSHEL, for example) stall my scans (at least when I run the scans in normal mode because the scans complete when I run them in safe mode) is significant?

Thanks for your help.






Posted 7/25/2007 7:13 AM
#50885
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
I´m not sure, however they can be in use in normal mode. That´s why We (normally) recommend scans from safe mode

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/25/2007 7:24 AM
#50888
User avatar

peterfoster Valued member

Date Joined Nov 2016
Total Posts: 13
Thanks for that, Touch! I'll ensure that I run all my scans in safe mode going forward!
Posted 7/25/2007 7:30 AM
#50891
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
My pleasure :smile:







Since your problem appears to be resolved, this thread will now be closed.

If you need this topic reopened, please PM a Moderator and we will reopen it for you

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Wednesday, August 10, 2022, 1:02 AM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,573 registered members. Please welcome our newest member, iAwake.
51 Guest(s), 0 Registered Member(s) are currently online.