Jump to content


Slow and Freezing computer.....Pleeazzzzze help

Started by lmbh0721, Jan 02 2007 02:51 AM

  • You cannot reply to this topic
1 reply to this topic

#1 OFFLINE   lmbh0721

    Member

  • Members
  • PipPip
  • 11 posts

Posted 02 January 2007 - 02:51 AM

I would greatly appreciate any help thrown my way....pleazzzzzzeeee, pretty please.......here are my logs..
Thanks...LH :wub:

BitDefender Online Scanner

Scan report generated at: Sun, Dec 31, 2006 - 19:06:18

Scan path: A:\;C:\;D:\;E:\;F:\;G:\;

Statistics

Time
01:20:58

Files
397251

Folders
5616

Boot Sectors
5

Archives
23805

Packed Files
24121


Results

Identified Viruses
3

Infected Files
27

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
27

Engines Info

Virus Definitions
363556

Engine build
AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{0168F460-62B2-486F-924E-CFCA2A73F858}
Infected with: Trojan.QHost.CU

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{0168F460-62B2-486F-924E-CFCA2A73F858}
Disinfection failed

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{0168F460-62B2-486F-924E-CFCA2A73F858}
Deleted

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{186C0090-78EA-4EC3-9F73-318B99D8E0A0}
Infected with: Trojan.QHost.CU

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{186C0090-78EA-4EC3-9F73-318B99D8E0A0}
Disinfection failed

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{186C0090-78EA-4EC3-9F73-318B99D8E0A0}
Deleted

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{1EDFE3C6-B51D-45BD-BE0C-6C7BA29C0AF9}
Infected with: Trojan.QHost.CU

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{1EDFE3C6-B51D-45BD-BE0C-6C7BA29C0AF9}
Disinfection failed

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{1EDFE3C6-B51D-45BD-BE0C-6C7BA29C0AF9}
Deleted

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{20A78D49-CAC7-4894-8A2E-95BDBBC2296B}
Infected with: Trojan.QHost.CU

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{20A78D49-CAC7-4894-8A2E-95BDBBC2296B}
Disinfection failed

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{20A78D49-CAC7-4894-8A2E-95BDBBC2296B}
Deleted

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{32A44197-DE73-47F4-A3EE-DD5D6F147E87}
Infected with: Trojan.QHost.CU

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{32A44197-DE73-47F4-A3EE-DD5D6F147E87}
Disinfection failed

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{32A44197-DE73-47F4-A3EE-DD5D6F147E87}
Deleted

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{39292181-4790-4DF1-8AEE-E0A90188ECFA}
Infected with: Trojan.QHost.CU

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{39292181-4790-4DF1-8AEE-E0A90188ECFA}
Disinfection failed

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{39292181-4790-4DF1-8AEE-E0A90188ECFA}
Deleted

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{4E641C59-005C-4332-933F-7D44A2B7702C}
Infected with: Trojan.QHost.CU

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{4E641C59-005C-4332-933F-7D44A2B7702C}
Disinfection failed

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{4E641C59-005C-4332-933F-7D44A2B7702C}
Deleted

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{4F24088A-739A-45A9-A714-380541F12284}
Infected with: Trojan.QHost.CU

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{4F24088A-739A-45A9-A714-380541F12284}
Disinfection failed

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{4F24088A-739A-45A9-A714-380541F12284}
Deleted

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{534F6D90-35CA-4F39-AF47-EDBAA652BFB8}
Infected with: Trojan.QHost.CU

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{534F6D90-35CA-4F39-AF47-EDBAA652BFB8}
Disinfection failed

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{534F6D90-35CA-4F39-AF47-EDBAA652BFB8}
Deleted

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{6B9DBA05-0D09-40A6-93CA-10384DDC2AFB}
Infected with: Trojan.QHost.CU

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{6B9DBA05-0D09-40A6-93CA-10384DDC2AFB}
Disinfection failed

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{6B9DBA05-0D09-40A6-93CA-10384DDC2AFB}
Deleted

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{792AA06B-9188-402A-AA9E-A3B34AB0F6CF}
Infected with: Trojan.QHost.CU

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{792AA06B-9188-402A-AA9E-A3B34AB0F6CF}
Disinfection failed

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{792AA06B-9188-402A-AA9E-A3B34AB0F6CF}
Deleted

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{8F1C603D-0718-4B66-AA9A-891610E7C201}
Infected with: Trojan.QHost.CU

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{8F1C603D-0718-4B66-AA9A-891610E7C201}
Disinfection failed

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{8F1C603D-0718-4B66-AA9A-891610E7C201}
Deleted

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{BABCFEB9-FAFC-4FED-BA55-9ECD5B58B11A}
Infected with: Trojan.QHost.CU

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{BABCFEB9-FAFC-4FED-BA55-9ECD5B58B11A}
Disinfection failed

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{BABCFEB9-FAFC-4FED-BA55-9ECD5B58B11A}
Deleted

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{CDB56E28-92D9-493A-B8EC-AB497A5B2937}
Infected with: Trojan.QHost.CU

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{CDB56E28-92D9-493A-B8EC-AB497A5B2937}
Disinfection failed

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{CDB56E28-92D9-493A-B8EC-AB497A5B2937}
Deleted

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{E883B018-F31C-48B3-A236-FAEC6247B8F4}
Infected with: Trojan.QHost.CU

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{E883B018-F31C-48B3-A236-FAEC6247B8F4}
Disinfection failed

C:\Documents and Settings\Lynn Hagge\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{E883B018-F31C-48B3-A236-FAEC6247B8F4}
Deleted

C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
Detected with: Adware.Mywebsearch.G

C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
Disinfection failed

C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
Deleted

C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
Detected with: Adware.Mywebsearch.G

C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
Disinfection failed

C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
Deleted

C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
Detected with: Adware.Mywebsearch.G

C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
Disinfection failed

C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
Deleted

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
Detected with: Adware.Mywebsearch.G

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
Disinfection failed

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\0A5F465E.exe=>(Quarantine-2)=>wise0008
Infected with: Trojan.Downloader.TSUpdate.F

C:\Program Files\Norton AntiVirus\Quarantine\0A5F465E.exe=>(Quarantine-2)=>wise0008
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\0A5F465E.exe=>(Quarantine-2)=>wise0008
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\0A5F465E.exe=>(Quarantine-2)
Update failed

C:\Program Files\Norton AntiVirus\Quarantine\273E05E4.EXE=>(Quarantine-2)=>wise0008
Infected with: Trojan.Downloader.TSUpdate.F

C:\Program Files\Norton AntiVirus\Quarantine\273E05E4.EXE=>(Quarantine-2)=>wise0008
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\273E05E4.EXE=>(Quarantine-2)=>wise0008
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\273E05E4.EXE=>(Quarantine-2)
Update failed

C:\Program Files\Norton AntiVirus\Quarantine\78BC31E7.EXE=>(Quarantine-2)=>wise0008
Infected with: Trojan.Downloader.TSUpdate.F

C:\Program Files\Norton AntiVirus\Quarantine\78BC31E7.EXE=>(Quarantine-2)=>wise0008
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\78BC31E7.EXE=>(Quarantine-2)=>wise0008
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\78BC31E7.EXE=>(Quarantine-2)
Update failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1431\A0113948.DLL
Detected with: Adware.Mywebsearch.G

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1431\A0113948.DLL
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1431\A0113948.DLL
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1431\A0113949.DLL
Detected with: Adware.Mywebsearch.G

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1431\A0113949.DLL
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1431\A0113949.DLL
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1431\A0113950.DLL
Detected with: Adware.Mywebsearch.G

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1431\A0113950.DLL
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1431\A0113950.DLL
Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1431\A0113951.DLL
Detected with: Adware.Mywebsearch.G

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1431\A0113951.DLL
Disinfection failed

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1431\A0113951.DLL
Deleted

C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
Infected with: Trojan.QHost.CU

C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
Disinfection failed

C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
Deleted


SUPERAntiSpyware Scan Log
Generated 12/31/2006 at 08:15 PM

Application Version : 3.4.1000

Core Rules Database Version : 3156
Trace Rules Database Version: 1171

Scan type : Complete Scan
Total Scan Time : 00:43:43

Memory items scanned : 494
Memory threats detected : 0
Registry items scanned : 6050
Registry threats detected : 33
File items scanned : 49800
File threats detected : 24

Adware.Tracking Cookie
C:\Documents and Settings\Lynn Hagge\Cookies\lynn hagge@overture[2].txt
C:\Documents and Settings\Lynn Hagge\Cookies\lynn hagge@atdmt[1].txt
C:\Documents and Settings\Lynn Hagge\Cookies\lynn hagge@doubleclick[2].txt
C:\Documents and Settings\Lynn Hagge\Cookies\lynn hagge@advertising[2].txt
C:\Documents and Settings\Lynn Hagge\Cookies\lynn hagge@videoegg.adbureau[1].txt
C:\Documents and Settings\Lynn Hagge\Cookies\lynn hagge@mywebsearch[1].txt
C:\Documents and Settings\Lynn Hagge\Cookies\lynn hagge@apmebf[2].txt
C:\Documents and Settings\Lynn Hagge\Cookies\lynn hagge@www.stopzilla[2].txt
C:\Documents and Settings\Lynn Hagge\Cookies\lynn hagge@qksrv[2].txt
C:\Documents and Settings\Lynn Hagge\Cookies\lynn hagge@nextag[2].txt
C:\Documents and Settings\LocalService\Cookies\lynn hagge@doubleclick[2].txt

Adware.MyWebSearch
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\Programmable
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\TypeLib
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\Programmable
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\TypeLib
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE

Trojan.NewDotNet
HKU\.DEFAULT\Software\New.net
HKU\S-1-5-18\Software\New.net

Registry Cleaner Trial
HKCR\TypeLib\{205FF72E-CA67-11D5-99DD-444553540013}
HKCR\TypeLib\{205FF72E-CA67-11D5-99DD-444553540013}\1.0
HKCR\TypeLib\{205FF72E-CA67-11D5-99DD-444553540013}\1.0\0
HKCR\TypeLib\{205FF72E-CA67-11D5-99DD-444553540013}\1.0\0\win32
HKCR\TypeLib\{205FF72E-CA67-11D5-99DD-444553540013}\1.0\FLAGS
HKCR\TypeLib\{205FF72E-CA67-11D5-99DD-444553540013}\1.0\HELPDIR
HKCR\Interface\{205FF73A-CA67-11D5-99DD-444553540013}
HKCR\Interface\{205FF73A-CA67-11D5-99DD-444553540013}\ProxyStubClsid
HKCR\Interface\{205FF73A-CA67-11D5-99DD-444553540013}\ProxyStubClsid32
HKCR\Interface\{205FF73A-CA67-11D5-99DD-444553540013}\TypeLib
HKCR\Interface\{205FF73A-CA67-11D5-99DD-444553540013}\TypeLib#Version
HKU\S-1-5-21-4208528904-3806264450-738525382-1007\Software\Registry Cleaner
HKU\S-1-5-21-4208528904-3806264450-738525382-1007\Software\SoftwareOnline.com
C:\Program Files\Registry Cleaner Trial\Log\ScanLog.txt
C:\Program Files\Registry Cleaner Trial\Log
C:\Program Files\Registry Cleaner Trial
C:\Documents and Settings\Lynn Hagge\Application Data\Registry Cleaner\Backups\2005-10-03,18-18 40 234.zip
C:\Documents and Settings\Lynn Hagge\Application Data\Registry Cleaner\Backups
C:\Documents and Settings\Lynn Hagge\Application Data\Registry Cleaner\RegClean.ini
C:\Documents and Settings\Lynn Hagge\Application Data\Registry Cleaner\scanner.log
C:\Documents and Settings\Lynn Hagge\Application Data\Registry Cleaner\Scan_Folders.ini
C:\Documents and Settings\Lynn Hagge\Application Data\Registry Cleaner\User_IgnoreKeys.ini
C:\Documents and Settings\Lynn Hagge\Application Data\Registry Cleaner

Trojan.NewDotNet-Installer
C:\PROGRAM FILES\MICROSOFT ANTISPYWARE\QUARANTINE\C2336AA3-FF99-4FE2-9099-24DA6B\EE637D27-A40E-4974-95C3-5871DB

Adware.WebRebates
C:\PROGRAM FILES\MYPOINTS__POINT__ALERT\MY.EXE

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:34:23 PM 12/31/2006

+ Scan result:



HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{6B035665-6C0D-4388-AD11-B28314DCA59B} -> Adware.EZ-Tracks : Ignored.
HKU\S-1-5-21-4208528904-3806264450-738525382-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6B035665-6C0D-4388-AD11-B28314DCA59B} -> Adware.EZ-Tracks : Ignored.
HKU\S-1-5-21-4208528904-3806264450-738525382-1007\Software\Httper -> Adware.Httper : Ignored.
HKU\S-1-5-21-4208528904-3806264450-738525382-1007\Software\Httper\Settings -> Adware.Httper : Ignored.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Ignored.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Ignored.
C:\Documents and Settings\Lynn Hagge\Cookies\lynn hagge@2o7[2].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Lynn Hagge\Cookies\lynn hagge@ad.doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignored.

Logfile of HijackThis v1.99.1
Scan saved at 9:53:28 PM, on 12/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
G:\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Lynn Hagge\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {6B035665-6C0D-4388-AD11-B28314DCA59B} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINDOWS\System32\CrazyTalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "G:\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\SUPERAntiSpyware.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm326YYUS
O8 - Extra context menu item: MyPoints PointAlert - file://C:\Program Files\MyPoints__Point__Alert\myptt\myptC5.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Point Alert - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\MyPointsPointAlert\System\Temp\mypoints_script0.htm (file missing) (HKCU)
O9 - Extra button: MyPoints PointAlert - {C1A28978-1075-4850-898A-C2D78892524B} - file://C:\Program Files\MyPoints__Point__Alert\myptt\myptC5.htm (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_30.dll' missing
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {3907FEBA-74A6-49C1-A389-B1E076416538} - http://www.topmoxie.com/external/builds/my...mypt800_301.cab
O16 - DPF: {4B6E165B-1085-4550-A4E4-7C6D874AD96B} - http://www.topmoxie....nts/mypt800.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab
O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish....ishUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinn...x/blockwerx.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave...bugs/axhost.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinn...v45/sol/sol.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinn...apit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinn...man/hangman.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled...aploader_v6.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?312
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O16 - DPF: {F9B9C680-DF3B-11CF-80BD-00A0244EB4C1} - http://www.poppyfiel...m/dnx/dnxlm.cab
O20 - Winlogon Notify: !SASWinLogon - C:\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks again,
LH

#2 OFFLINE   rridgely

    I hate computers

  • Moderators
  • 8,858 posts
  • Gender:Male

Posted 02 January 2007 - 09:05 PM

Please run AVG antispyware again and once the scan is complete set all of the items it finds to delete instead of the recommended action like the steps said. Save the log saying they were removed.

Next run the below scan:

Run Kaspersky WebScanner
  • Please go HERE and click Kaspersky Online Scanner
  • Read and Accept the Agreement
  • You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • If you see a Windows dialog asking if you want to install this software, click the Install button.
  • The program will launch and then begin downloading the latest definition files,
  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
  • Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
  • Under "Please select a target to scan:", click My Computer to start the scan.
  • When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
  • Paste kaspersky log onto forum.

Post the AVG log, the kaspersky log, and a new hijackthis log.
Back to Spyware Hell


  1. Piriform Community Forums
  2. Computer Help and Discussion
  3. Spyware Hell