Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All My Programs Are Not Responding


  • This topic is locked This topic is locked
2 replies to this topic

#1 dorthi

dorthi

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 27 August 2008 - 02:19 AM

When in normal mode all my programs come up but within seconds the "not responding" message comes up. They will every now and then run for a few seconds then freeze again. My desktop icons and start menu also disappear for a short while then come back.

I ran a virus scan and virtumonde was found but was quarantined. It also found pak_generic.001 and pak_generic.002 but says those were deleted.

I did everything in the tutorial and am still having these problems.

I am including a hijackthis log, uninstall list and startup list. Please if anyone can help figure this out it would be greatly appreciated.

Thank you in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:50:23 AM, on 8/27/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\PSIService.exe
D:\Utilities\Spyware Doctor\pctsAuxs.exe
D:\Utilities\Spyware Doctor\pctsSvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
D:\Utilities\Spyware Doctor\pctsTray.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\WScript.exe
D:\Utilities\aawservice.exe
D:\Utilities\Ad-Aware.exe
C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts file is located at: C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {2E850069-0E8D-4198-AF0D-AC0DD7BD9FEB} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [New application] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [ISTray] "D:\Utilities\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] "C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" -boot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [dvd43] "C:\Program Files\dvd43\dvd43_tray.exe"
O4 - HKCU\..\Run: [PeerGuardian] "C:\Program Files\PeerGuardian2\pg2.exe"
O4 - HKCU\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] "c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe"
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] "C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [HPAdvisor] "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autoRun
O4 - HKCU\..\Run: [filehippo.com] "D:\Utilities\filehippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: MRI_DISABLED
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Utilities\SuperAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Utilities\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Utilities\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Utilities\Spyware Doctor\pctsSvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 14795 bytes

Startup List:

StartupList report, 8/27/2008, 1:54:30 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows Vista (WinNT 6.00.1904)
Detected: Internet Explorer v7.00 (7.00.6000.16711)
* Using default options
==================================================

Running processes:

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\PSIService.exe
D:\Utilities\Spyware Doctor\pctsAuxs.exe
D:\Utilities\Spyware Doctor\pctsSvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
D:\Utilities\Spyware Doctor\pctsTray.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\WScript.exe
D:\Utilities\aawservice.exe
D:\Utilities\Ad-Aware.exe
C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Windows\explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\SYSTEM32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

New application = "C:\Program Files\DAEMON Tools\daemon.exe"
SynTPStart = "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
SynTPEnh = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
UfSeAgnt.exe = "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
ThreatFire = C:\Program Files\ThreatFire\TFTray.exe
ISTray = "D:\Utilities\Spyware Doctor\pctsTray.exe"
QPService = "C:\Program Files\HP\QuickPlay\QPService.exe"
PC Pitstop Optimize Scheduler = "C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" -boot
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
IntelliPoint = "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
GrooveMonitor = "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
dvd43 = "C:\Program Files\dvd43\dvd43_tray.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

PeerGuardian = "C:\Program Files\PeerGuardian2\pg2.exe"
Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
QlbCtrl = "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
RoboForm = "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
OE = "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
Uniblue RegistryBooster 2 = "c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe"
TrendSecure Remote File Lock = "C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe"
msnmsgr = "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
HPAdvisor = "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autoRun
filehippo.com = "D:\Utilities\filehippo.com\UpdateChecker.exe" /background
DAEMON Tools = "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[Disabled (Auslogics Startup Manager)]
Kernel and Hardware Abstraction Layer = KHALMNPR.EXE

[OptionalComponents]
=

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=C:\Windows\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - (no file) - {2E850069-0E8D-4198-AF0D-AC0DD7BD9FEB}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Windows Live Toolbar\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Check Updates for Windows Live Toolbar.job
HPCeeScheduleForAdministrator.job
HPCeeScheduleForOwner.job
Uniblue SpyEraser.job
User_Feed_Synchronization-{9E4CE45A-E368-4E56-AAAE-F72776E77526}.job

--------------------------------------------------

Enumerating Download Program Files:

[{0E5F0222-96B9-11D3-8997-00104BD12D94}]
CODEBASE = http://pcpitstop.com/pcpitstop/PCPitStop.CAB

[get_atlcom Class]
CODEBASE = http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx

[{48DD0448-9209-4F81-9F6D-D83562940134}]
CODEBASE = http://lads.myspace.com/upload/MySpaceUploader1006.cab

[{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}]
CODEBASE = http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

[{6F15128C-E66A-490C-B848-5000B5ABEEAC}]
CODEBASE = https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

[{6F750202-1362-4815-A476-88533DE61D0C}]
CODEBASE = http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab

[{9600F64D-755F-11D4-A47F-0001023E6D5A}]
CODEBASE = http://web1.shutterfly.com/downloads/Uploader.cab

[Get_ActiveX Control]
CODEBASE = https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

[{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}]
CODEBASE = http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #4: C:\Windows\system32\napinsp.dll
NameSpace #5: C:\Windows\system32\pnrpnsp.dll
NameSpace #6: C:\Windows\system32\pnrpnsp.dll
NameSpace #7: C:\Windows\system32\wshbth.dll
NameSpace #8: C:\Program Files\Bonjour\mdnsNSP.dll

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\Users\Owner\Local Settings\temp\a5b992.msi||C:\Users\Owner\Local Settings\temp\MSI5b991.LOG||C:\Users\Owner\Local Settings\temp\~DF619E.tmp||D:\Utilities\adaware2008.exe


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\Windows\system32\webcheck.dll

--------------------------------------------------
End of report, 10,740 bytes
Report generated in 36.442 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Uninstall List:

123 DVD Converter
1Click DVD Copy 5.3.1.9
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
5star Game Copy
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Reader 8.1.0
Adobe Reader 8.1.2
Adobe Shockwave Player
Advanced WindowsCare Personal 2.6.0
Age of Empires III
Age of Empires III - The Asian Dynasties
AI RoboForm (All Users)
Apple Mobile Device Support
Apple Mobile Device Support
Apple Software Update
Apple Software Update
A-Ray Scanner 2.0.2.3
Art Explosion Scrapbook Factory
AusLogics BoostSpeed
Boggle
Bonjour
CCleaner (remove only)
CDDRV_Installer
CEP - Color Enable Package
CloneCD
ConvertXtoDVD 3.1.0.26
Corel Paint Shop Pro Photo X2
Deal or No Deal
DHTML Editing Component
DivX Content Uploader
DivX Web Player
Dream Day Wedding
Drivers Install For Linksys Easylink Advisor
DVD43 v3.9.0
ERUNT 1.1j
ESU for Microsoft Vista
filehippo.com Update Checker
Form Fill (Windows Live Toolbar)
Form Fill (Windows Live Toolbar)
Free Create-Burn ISO Image v2.0
GameShadow
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Participation Program 8.0
HP Doc Viewer
HP Driver Diagnostics
HP Help and Support
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart Essential 3.0
HP Photosmart.All-In-One Driver Software 8.0 .A
HP Product Detection
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Solution Center 8.0
HP Total Care Advisor
HP Update
HP Update
HP User Guides 0056
HP Wireless Assistant
HPNetworkAssistant
HPSSupply
ID Harddisk Cleaner 1.2
ImTOO AVI to DVD Converter
Intel Matrix Storage Manager
InterVideo DeviceService
iTunes
iTunes
Java™ 6 Update 2
Java™ 6 Update 5
Java™ SE Runtime Environment 6
LimeWire 4.16.7
Linksys EasyLink Advisor 1.6 (0032)
Logitech Desktop Messenger
Logitech SetPoint
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Map Button (Windows Live Toolbar)
Memorex exPressit Label Design Studio
MGTEK dopisp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Money 2007
Microsoft Money Shared Libraries
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft Zoo Tycoon
Motorola SM56 Data Fax Modem
Mozilla Firefox (2.0.0.14)
MP3 Player Utilities 5.02
MSCU for Microsoft Vista
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
NVIDIA DDS Utilities
NVIDIA Drivers
OpenAL
PayPal Plug-In
PC Pitstop Optimize 1.5
PeerGuardian 2.0
Phanfare 2.0
PowerISO
QuickTime
Realtek High Definition Audio Driver
Reasonable NoClone 2007 Enterprise
Roxio Activation Module
Roxio DVDit Pro HD
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Rummy Royal
Safari
Security Update for 2007 Microsoft Office System (KB951596)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB936509)
Security Update for Microsoft Office Excel 2007 (KB951546)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB936514)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Visio 2007 (KB947590)
Sims2Pack Clean Installer
Smart Menus (Windows Live Toolbar)
Smart Menus (Windows Live Toolbar)
Sony USB Driver
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Spyware Doctor 6.0
Stronghold Legends
Super Text Twist
Super TextTwist
SUPERAntiSpyware Free Edition
System Requirements Lab
The Price Is Right
The Sims 2 Open For Business
The Sims™ 2 Deluxe
The Sims™ 2 FreeTime
The Sims™ 2 Seasons
ThreatFire 3.5
Trend Micro Internet Security Pro
Trend Micro Internet Security Pro
Trend Micro Remote File Lock
Ulead VideoStudio 11
Uniblue RegistryBooster 2
Uniblue SpeedUpMyPC 3
Uniblue SpyEraser
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb955433)
Update for Word 2007 (KB934173)
VCRedistSetup
VideoLAN VLC media player 0.8.6f
Vista Codec Package
Vista Manager
WavePad Uninstall
WIDCOMM Bluetooth Software 6.0.1.5500
WinAVI Video Converter
WinAVI VideoConverter
Windows Live installer
Windows Live Messenger
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Player Firefox Plugin
WinRAR archiver
Xvid 1.1.3 final uninstall
Yahoo! Toolbar for Internet Explorer

If I have forgotten anything please let me know. Thank you SO much for all your help!!!

BC AdBot (Login to Remove)

 


#2 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:56 PM

Posted 12 September 2008 - 06:38 AM

Hello


Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image

#3 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:56 PM

Posted 18 September 2008 - 12:47 AM

This thread will now be closed.
If you need this topic reopened, please contact me.

This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users