Jump to content


Photo

Slow Loading Pages


  • This topic is locked This topic is locked
21 replies to this topic

#1 Maverick61563

Maverick61563

    Advanced Member

  • Full Member
  • PipPipPip
  • 101 posts

Posted 09 January 2009 - 08:56 PM

Lately my laptop is loading very slowly and almost comes to a freeze. The longer I use it the slower it gets. Can you check to see what might be wrong? Here are the logs that the FAQ asked me to post. Thanks in advance.

Malwarebytes' Anti-Malware 1.32
Database version: 1633
Windows 6.0.6001 Service Pack 1

1/8/2009 11:52:36 PM
mbam-log-2009-01-08 (23-52-36).txt

Scan type: Quick Scan
Objects scanned: 48520
Time elapsed: 5 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\aamd532.dll (Rogue.EAntispy) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\System32\SysRestore.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Ascentive (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\aamd532.dll (Rogue.EAntispy) -> Delete on reboot.
C:\Windows\System32\SysRestore.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
--------------------------------------------------------------------------------------------------------------------------------------------------

F-Secure Online Scanner 3.3.1 - Scanning Report - Friday, January 09, 2009 07:20:24Scanning
Report
Friday, January 09, 2009 00:15:49 - 07:20:22
Computer name: JOE-LAPTOP
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\



Result: 2 malware found
TrackingCookie.Atwola (spyware)
System
TrackingCookie.Revsci (spyware)
System



Statistics
Scanned:
Files: 38933
System: 3882
Not scanned: 27
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 2
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\TEMP\MCAFEE_BRMHDMCK3LB312M
C:\WINDOWS\TEMP\MCMSC_NVH6NCPYT5AEXO2
C:\WINDOWS\TEMP\MCMSC_OUCANGHVMILUMFE
C:\WINDOWS\TEMP\MCMSC_RVRDZ4C5RYI3JTY
C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
C:\USERS\ALL
USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\706B4EED179849C2388D4EED8D888CB6_3CF9232B-2EAD-477F-980B-2E4882558123

C:\USERS\ALL USERS\AOL\C_AOL 9.1A\ORGANIZE\MAVERICK61563
C:\USERS\ALL USERS\AOL\C_AOL 9.1A\ORGANIZE\CACHE\MAVERICK61504
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\706B4EED179849C2388D4EED8D888CB6_3CF9232B-2EAD-477F-980B-2E4882558123

C:\PROGRAMDATA\AOL\C_AOL 9.1A\ORGANIZE\MAVERICK61563
C:\PROGRAMDATA\AOL\C_AOL 9.1A\ORGANIZE\CACHE\MAVERICK61504
C:\BOOT\BCD



Options
Scanning engines:
F-Secure USS: 2.40.0
F-Secure Hydra: 2.8.8110, 2009-01-09
F-Secure AVP: 7.0.171, 2009-01-09
F-Secure Pegasus: 1.20.0, 2008-11-17
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF
VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI
MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0
TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB
BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics
----------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:38 PM, on 1/9/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\AOL\1192914434\EE\aolsoftware.exe
C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AOL 9.1a\waol.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\AOL\1192914434\EE\AOLDesktop.exe
C:\Program Files\AOL 9.1a\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\taskeng.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1192914434\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [LXDJCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [XdriveTrayIcon] "C:\Program Files\Xdrive\Xdrive Desktop\XdriveTray.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [XdriveTray] "C:\Program Files\xdrive\xdrive desktop\xdrive.exe" /trayicon
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1a\AOL.EXE" -b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-w...agi3.0.84.2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} (pmjpegcam Class) - http://12.107.134.186/JpegInst.cab
O18 - Protocol: bw+0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: McAfee Application Installer Cleanup (0090491221264738) (0090491221264738mcinstcleanup) - Unknown owner - C:\Windows\TEMP\009049~1.EXE (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdj_device - - C:\Windows\system32\lxdjcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 23192 bytes





Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third
parties that F-Secure World Wide Web pages have a link to. Unless you have
clearly stated otherwise, by submitting material to any of our servers, for
example by E-mail or via our F-Secure's CGI E-mail, you agree that the
material you make available may be published in the F-Secure World Wide Pages
or hard-copy publications. You will reach F-Secure public web site by clicking
on underlined links. While doing this, your access will be logged to our
private access statistics with your domain name.This information will not be
given to any third party. You agree not to take action against us in relation
to material that you submit. Unless you have clearly stated otherwise, by
submitting material you warrant that F-Secure may incorporate any concepts
described in it in the F-Secure products/publications without liability.

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,533 posts

Posted 12 January 2009 - 09:09 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 shaferintl

shaferintl

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,445 posts

Posted 15 January 2009 - 05:53 AM

Maverick61563,

Thanks for your patience. Our volunteers are very busy. Your log indicates that you have Malware on your system. Let's get started.

I recommend that you uninstall Logitech Desktop Messenger. Although it is not Malware, it can bring Malware with it. See this link for more information. To uninstall, click Start > Control Panel > Programs and Features. Uninstall Logitech Desktop Messenger.

Please visit this webpage familiarize yourself with downloading and running ComboFix: http://www.bleepingc...to-use-combofix.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode at the top, on the screen that appears. Sign in with your normal user account.

Still in Safe Mode, open HijackThis (for Vista, right-mouse click and "Run as administrator"), run a scan, and place a Check next to the following item(s):O18 - Protocol: bw+0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {8E66F110-DE0C-4A58-84F9-ED3CB2B38484} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Then close all open windows/browsers and Click on Fix Checked.

Reboot your PC, normally.

Delete these files/folders, as follows:
  • Open notepad and copy/paste the text in the quotebox below into it (all except the word QUOTE):

    Folder::
    C:\Program Files\Ascentive

  • Save this as CFScript
  • Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

    Posted Image
  • ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang.

Please post the Combofix log and a new HijackThis log in your next reply. Please also say how your computer is running now. :)

Edit: Added "Run as Administrator for vista".

Edited by shaferintl, 15 January 2009 - 07:04 AM.

shaferintl

Links to Free Tools I Use:
AVG Antivirus ... Adaware ... Spybot S&D ...
Spyware Blaster ... Zone Alarm Firewall ...
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#4 Maverick61563

Maverick61563

    Advanced Member

  • Full Member
  • PipPipPip
  • 101 posts

Posted 15 January 2009 - 09:04 PM

Thank you for taking the time to assist me.

I followed all your directions but when I ran a HJT scan in safe mode, there were none of the items you listed to check off and fix. The pages seem to be loading a little quicker than before. It still takes a long time to start up and shut down. Is there a way to clean up my start up items and how do I know which ones I need or not? Once again, I do appreciate your time and assistance.
Here are the logs you requested:

ComboFix 09-01-13.04 - Joe 2009-01-15 21:03:58.10 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.765.201 [GMT -5:00]
Running from: c:\users\Joe\Desktop\ComboFix.exe
Command switches used :: c:\users\Joe\Desktop\CFScript.txt
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 )))))))))))))))))))))))))))))))
.

2009-01-15 20:54 . 2009-01-15 20:55 <DIR> d-------- C:\32788R22FWJFW
2009-01-13 22:56 . 2008-12-15 21:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-09 00:06 . 2009-01-09 00:06 <DIR> d-------- c:\windows\BDOSCAN8
2009-01-08 23:30 . 2009-01-08 23:30 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-08 23:30 . 2009-01-04 18:38 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-08 23:30 . 2009-01-04 18:38 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-24 00:07 . 2008-12-24 00:05 410,984 --a------ c:\windows\System32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 01:09 --------- d-----w c:\program files\Lx_cats
2009-01-14 04:16 --------- d-----w c:\program files\Windows Mail
2009-01-09 05:00 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-01-09 03:54 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-24 05:04 --------- d-----w c:\program files\Java
2008-12-11 03:12 --------- d-----w c:\programdata\Microsoft Help
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-06-15 04:19 174 --sha-w c:\program files\desktop.ini
2008-09-07 23:38 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-09-07 23:38 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-09-07 23:38 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"AOL Fast Start"="c:\program files\AOL 9.1a\AOL.EXE" [2008-06-03 50528]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-22 815104]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-01-02 464168]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2006-12-13 3166208]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2006-12-07 1261568]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-01-14 151552]
"HostManager"="c:\program files\Common Files\AOL\1192914434\ee\AOLSoftware.exe" [2008-06-24 41824]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-20 98304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-11-21 185896]
"lxdjamon"="c:\program files\Lexmark 1400 Series\lxdjamon.exe" [2007-03-05 20480]
"LXDJCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXDJtime.dll" [2007-02-09 102400]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-24 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 c:\windows\RtHDVCpl.exe]

c:\users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AOL Desktop.lnk - c:\program files\Common Files\AOL\Launch\aollaunch.exe [2007-05-25 42032]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-01-21 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
SetupExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]
??????????????e [?]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5B9363C4-993A-4046-ABC0-C1AB21774CC9}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{1A0579B4-A184-4DBF-BE71-7036E4479DA7}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{150F447E-C820-4B70-B5CC-262CEE927B5D}"= UDP:c:\program files\HiJack2\AntiTheft.exe:HiJack2 AntiTheft
"{E584EC13-41FF-4883-B4F5-965AC6B9B314}"= TCP:c:\program files\HiJack2\AntiTheft.exe:HiJack2 AntiTheft
"{85B476EB-7BD5-4DA0-B400-C6805172D127}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Application Loader
"{95E7CB1A-6AD1-4334-B5AC-741B4BDC35FE}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Application Loader
"{A30DC040-862E-4050-8885-9804AE1D929B}"= UDP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{05BBC265-3420-4198-908E-C482B030408B}"= TCP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{C6705D33-9857-495F-BE1F-9A45E95A0955}"= UDP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{90F8C4D6-303A-4129-8E5D-D97C1021FEEF}"= TCP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{D4736B8C-D81E-467E-B7AC-78AB1B7CE48C}"= UDP:c:\program files\America Online 9.0\waol.exe:AOL
"{E1D5F297-C243-4BF3-B2C0-DAFA77B93BAF}"= TCP:c:\program files\America Online 9.0\waol.exe:AOL
"{5EBFD44F-7927-4539-B628-011D2782C0EB}"= UDP:c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:AOLTsMon
"{0F94A733-0B43-4B65-B252-FCEEF9865DAE}"= TCP:c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:AOLTsMon
"{B85FE7C0-F20F-4FD8-9D95-871B52A598B0}"= UDP:c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:AOLTopSpeed
"{FA3D6209-74C2-4676-9F78-580DD8BA5CB5}"= TCP:c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:AOLTopSpeed
"{67CF88FB-4135-4619-8164-B693A941AC67}"= UDP:c:\program files\Common Files\AOL\1192914434\EE\AOLServiceHost.exe:AOL
"{5542E3E4-158F-4CB7-9678-F9BD46815F74}"= TCP:c:\program files\Common Files\AOL\1192914434\EE\AOLServiceHost.exe:AOL
"{11B3E3A2-4760-4F4E-AD01-5B04CC1A61B8}"= UDP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL
"{889A0EA8-880B-4087-8866-B727A5169F94}"= TCP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL
"{A7D4927B-F9FC-40A6-9DED-DDA21B036914}"= UDP:c:\program files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:AOL
"{CD707D97-F999-4AEA-AEA3-167B6744B242}"= TCP:c:\program files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:AOL
"{68F49989-7F36-4AF5-9790-5F5BEAE8E766}"= UDP:c:\program files\Common Files\AOL\AOL Spyware Protection\asp.exe:AOL
"{75BB772D-9A4C-4A4C-BE3C-7C22217D0B36}"= TCP:c:\program files\Common Files\AOL\AOL Spyware Protection\asp.exe:AOL
"{FA951AF6-F026-4800-87B9-2953972E8432}"= UDP:c:\program files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:AOL
"{D8860917-FD33-4494-B586-A048CBFFF8B1}"= TCP:c:\program files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:AOL
"{EF525EB3-C794-4D06-A585-96C0A7A4B6A0}"= UDP:c:\program files\AOL 9.0\waol.exe:AOL
"{B60DE998-E10D-456D-89C1-E04778E435FE}"= TCP:c:\program files\AOL 9.0\waol.exe:AOL
"{BF62BAE1-1C2F-49F4-86E1-9DFD4969FBF0}"= UDP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{8CAD1585-92F4-4478-84FC-CFF8FDE962B6}"= TCP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{7EC5FBBA-50F4-4BA8-A459-D545DB28FAAD}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdjpswx.exe:
"{B77F0BD0-BA01-4C51-8835-35476C8DCA14}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdjpswx.exe:
"{76D505BC-E559-46CE-9CC0-63DEE11DB41A}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdjjswx.exe:
"{4844A3A4-9F2F-4A10-A773-B249584D3709}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdjjswx.exe:
"{1416D404-5426-4FBE-8C49-B511B2BD8F5E}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdjtime.exe:
"{4A903CB4-C1BF-4BDB-BD47-F3AE1026B290}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdjtime.exe:
"TCP Query User{09BE2312-7973-48A0-9A2A-33D272A22896}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{25D566A7-4D7A-4B86-B7FA-F383387EA840}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"{87CAE635-E086-4ECC-9EEF-20533536DBCD}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D546BA16-4912-4478-8CB0-5597C30A2F93}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D62FC9AA-46A9-448F-8DBD-971D8E3510D0}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{C454F91C-F1D7-4E3B-95DC-E07FD5710D7B}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{6F7800DB-9BCC-4C98-B640-458F03C7E3B6}"= UDP:c:\program files\Common Files\AOL\1192914434\EE\aolsoftware.exe:AOL Services
"{28037D76-D5E2-4096-9112-BF1528628517}"= TCP:c:\program files\Common Files\AOL\1192914434\EE\aolsoftware.exe:AOL Services
"{AC5DD792-07AA-4DC6-9F6D-9675A6C286A1}"= UDP:c:\windows\System32\lxdjcoms.exe:Lexmark Communications System
"{1724C5C8-58F4-4DD2-8422-1BABA7D0664D}"= TCP:c:\windows\System32\lxdjcoms.exe:Lexmark Communications System
"{190E12DD-18A4-447E-B0FB-F4BA85590A90}"= UDP:c:\program files\Lexmark 1400 Series\lxdjamon.exe:Lexmark Device Monitor
"{2310600A-B81E-4752-A23A-CEDD0712817C}"= TCP:c:\program files\Lexmark 1400 Series\lxdjamon.exe:Lexmark Device Monitor
"{D3B73F50-96B2-4C9B-B5B8-E1D99F30294E}"= UDP:c:\program files\Lexmark 1400 Series\App4R.exe:Lexmark Imaging Studio
"{8EE694CB-3A05-4D14-860F-55AECE627DCC}"= TCP:c:\program files\Lexmark 1400 Series\App4R.exe:Lexmark Imaging Studio
"{A68DC61B-409F-4B7E-90FD-A74E8C16B0EE}"= UDP:c:\users\Joe\AppData\Local\Temp\lxdj\wireless\ENGLISH\lxdjwpss.exe:
"{4AE4A984-D5E0-47C7-9E3E-80A31A601E1C}"= TCP:c:\users\Joe\AppData\Local\Temp\lxdj\wireless\ENGLISH\lxdjwpss.exe:
"{36BCD1F9-C2AF-4FE9-A8EE-64020C462C53}"= UDP:c:\windows\System32\lxdjcfg.exe:
"{5F4569C8-B16B-4784-ADE8-354609F7139B}"= TCP:c:\windows\System32\lxdjcfg.exe:
"{025ECE0C-A7F5-4DD6-B16C-2673F9146F21}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{8517ADC6-3710-45FD-87D5-7531D1116681}"= UDP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{728C9259-5297-4CF6-9877-DA8F25E71FF4}"= TCP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{FEBE822B-EA3B-4BD5-A661-3D80AB2C5874}"= UDP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{0C341EE2-8678-42A7-B0B0-A77DFBE58839}"= TCP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{874C6FC1-983B-4F3C-8ED9-A5BE481C6860}"= UDP:c:\program files\America Online 9.0a\waol.exe:AOL
"{4C2FE80D-B1AA-41B7-AE93-B58DD88FC4F1}"= TCP:c:\program files\America Online 9.0a\waol.exe:AOL
"{B7FECC6C-51B7-4389-BDF5-6E0E985D6E8F}"= UDP:c:\program files\Common Files\AOL\1192914434\EE\AOLServiceHost.exe:AOL
"{9E394532-8B7E-4E5A-BBB6-C23AFD66BE85}"= TCP:c:\program files\Common Files\AOL\1192914434\EE\AOLServiceHost.exe:AOL
"{1210A093-4B0C-48BF-AE1E-A326A31D217F}"= UDP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL
"{42076D1B-9124-43B0-AD31-18712FFC5A34}"= TCP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL
"{24EA7AD6-2C96-4F73-B511-D4DB44F80246}"= UDP:c:\program files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:AOL
"{A69F6DF1-1CC6-46FC-90B4-9972BD58A129}"= TCP:c:\program files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:AOL
"{C5BEF60A-4862-4A85-B886-282DDF2BF8CF}"= UDP:c:\program files\Common Files\AOL\AOL Spyware Protection\asp.exe:AOL
"{8734AF2D-3C2F-4075-BF13-1954A19274E7}"= TCP:c:\program files\Common Files\AOL\AOL Spyware Protection\asp.exe:AOL
"{02ADD9BF-B274-4BE5-9EB1-02FBA329DBDE}"= UDP:c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:AOL
"{EBD33B47-4818-4877-80D5-504F66EFB4DE}"= TCP:c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:AOL
"{38D128C1-C559-40BE-839B-6CAB1A2887BE}"= UDP:c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:AOL
"{6ACC1F40-3AD9-4699-82C6-F26CFCD4ED36}"= TCP:c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:AOL
"{9A024B00-1AE5-4335-A579-572852DBED83}"= UDP:c:\program files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:AOL
"{425DD78E-91CA-4672-BD32-0B192AA73623}"= TCP:c:\program files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:AOL
"{7AC8900E-9B3A-4EEB-BD05-477232850ED6}"= UDP:c:\program files\AOL 9.0\waol.exe:AOL
"{33C030F4-1FD0-4C9A-A618-77E3EF9D1D97}"= TCP:c:\program files\AOL 9.0\waol.exe:AOL
"{5EB63BA3-C2E9-4E49-A890-1A4D54D2FA37}"= UDP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{3FED58A2-C68D-421D-ABE2-66FFD9B18BC8}"= TCP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{97C7DD82-0B5D-4C2A-8844-892B63EA71DD}"= UDP:c:\program files\AOL 9.1\waol.exe:AOL
"{048A0F38-8AC4-4CA2-AB90-A44E195588C6}"= TCP:c:\program files\AOL 9.1\waol.exe:AOL
"{2189EBD4-336D-40EE-9A2A-DCE27ACD2020}"= UDP:c:\program files\Common Files\AOL\1192914434\EE\AOLDesktop.exe:AOL Desktop
"{0FF64062-1279-4869-962E-C57C9697FB2C}"= TCP:c:\program files\Common Files\AOL\1192914434\EE\AOLDesktop.exe:AOL Desktop
"{DC809363-A89C-44AF-8034-D2EEFA3D6C1D}"= UDP:c:\program files\AOL 9.1a\waol.exe:AOL
"{CE2A7A39-E1C7-4A58-870E-D78B0BBBA9B3}"= TCP:c:\program files\AOL 9.1a\waol.exe:AOL
"{5B57ABF3-BB04-4544-89AA-0FA3D9C59E41}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdjpswx.exe:
"{C491B11A-D9A6-429A-ADDE-A065F1ADE9B1}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdjpswx.exe:
"{8B17F583-3108-469D-BA26-782A8626C68B}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdjjswx.exe:
"{258E34C6-255E-428E-AEA3-FEDC4AB8C67F}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdjjswx.exe:
"{0F8561CA-3D68-4F69-93BA-A837FB049CC0}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdjtime.exe:
"{7F8CEA84-6EAE-4753-804A-B895585B50DB}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdjtime.exe:

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

S4 0090491221264738mcinstcleanup;McAfee Application Installer Cleanup (0090491221264738);c:\windows\TEMP\009049~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\009049~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d54ae4a-9619-11dd-9664-00038a000015}]
\shell\AutoRun\command - F:\Autorun.exe /run
\shell\Shell00\Command - F:\Autorun.exe /run
\shell\Shell01\Command - F:\Autorun.exe /action
\shell\Shell02\Command - F:\Autorun.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {35BDA760-4905-19AA-54A0-C118ABB5BF0C} /qb
.
Contents of the 'Scheduled Tasks' folder

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-01-16 c:\windows\Tasks\User_Feed_Synchronization-{C1CA0581-7EFA-4652-A629-EA56E5AD5116}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 02:33]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-XdriveTrayIcon - c:\program files\Xdrive\Xdrive Desktop\XdriveTray.exe
HKCU-Run-XdriveTray - c:\program files\xdrive\xdrive desktop\xdrive.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.aol.com
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-US\local\search.html

c:\windows\Downloaded Program Files\pmjpegcam.ocx - c:\windows\Downloaded Program Files\pmjpegaudio.ocx
O16 -: {F3D4C08D-3616-43F0-9E29-44C749B0664B}
hxxp://12.107.134.186/JpegInst.cab
c:\windows\Downloaded Program Files\install.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-15 21:10:30
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\eNetHook.dll

- - - - - - - > 'lsass.exe'(668)
c:\windows\system32\eNetHook.dll

- - - - - - - > 'Explorer.exe'(2944)
c:\program files\AOL Deskbar\deskbar.dll
c:\program files\Common Files\AOL\AOL Toolbar\AOLHelper.dll
.
Completion time: 2009-01-15 21:16:04
ComboFix-quarantined-files.txt 2009-01-16 02:15:54

Pre-Run: 43,824,513,024 bytes free
Post-Run: 43,612,143,616 bytes free

243 --- E O F --- 2009-01-14 04:16:12

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:22 PM, on 1/15/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\AOL\1192914434\EE\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AOL 9.1a\waol.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\AOL\1192914434\EE\AOLDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\AOL 9.1a\shellmon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1192914434\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [LXDJCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1a\AOL.EXE" -b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-w...agi3.0.84.2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} (pmjpegcam Class) - http://12.107.134.186/JpegInst.cab
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: McAfee Application Installer Cleanup (0090491221264738) (0090491221264738mcinstcleanup) - Unknown owner - C:\Windows\TEMP\009049~1.EXE (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdj_device - - C:\Windows\system32\lxdjcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10361 bytes

#5 shaferintl

shaferintl

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,445 posts

Posted 16 January 2009 - 08:40 PM

Maverick61563,

Thanks for the logs and information. Looking very good! :thumbsup:

It still takes a long time to start up and shut down. Is there a way to clean up my start up items and how do I know which ones I need or not?

Below are some optional fixes for HijackThis. These are loaded at startup and may help. Once fixed, they can still be run from a desktop icon or Start > All Programs. Remember, these are optional (your choice).

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
  • Run Spybot-S&D
  • Go to the Mode menu , and make sure "Advanced Mode " is selected
  • On the left hand side, choose Tools -> Resident
  • Uncheck "Resident TeaTimer " and OK any prompts
  • Restart your computer.
Open HijackThis, run a scan, and place a Check next to the following item(s) - Optional:O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1192914434\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

Then close all open windows/browsers and Click on Fix Checked.

When everything is done and your log is clean again, you can enable it again. If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it. Then, Download ResetTeaTimer.bat. Double click ResetTeaTimer.bat to remove all entries set by TeaTimer. Please don't forget this step to disable teatimer.

Some additional things to help improve your system's performance are offered by one of our Global Moderators, here. Work your way through these recommendations.

Please download OTMoveIt3
  • Double click OTMoveIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet, please allow it to do so.

Please run an online scan to be sure we've left nothing behind!

Run a BitDefender Online scan Here and post the results.

Please post the BitDefender Scan Report and a new HijackThis log in your next reply. Please also say how your computer is running now. :)
shaferintl

Links to Free Tools I Use:
AVG Antivirus ... Adaware ... Spybot S&D ...
Spyware Blaster ... Zone Alarm Firewall ...
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#6 Maverick61563

Maverick61563

    Advanced Member

  • Full Member
  • PipPipPip
  • 101 posts

Posted 17 January 2009 - 04:43 PM

Here are the logs that you requested:

BitDefender Log File

Product : BitDefender Total Security 2009
Version : BitDefender UIScanner v.12
Scanning task : Manual Scan
Log date : 17:33:50 17/01/2009
Log path : C:\Users\Joe\AppData\Roaming\BitDefender\Desktop\Profiles\Logs\manual_scan\1232231630_1_02.xml

Scan Paths:Path 0000: C:\

Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : No

Target Selection Options:Scan registry keys : No
Scan cookies : No
Scan boot sectors : No
Scan memory processes : No
Scan archives : No
Scan runtime packers : No
Scan emails : No
Scan all files : No
Heuristic Scan : No
Scanned extensions :
Excluded extensions :

Target Processing:Default action for infected objects : None
Default action for suspicious objects : None
Default action for hidden objects : None

Scan engines summaryNumber of virus signatures : 2500897
Archive plugins : 45
Email plugins : 6
Scan plugins : 13
System plugins : 5
Unpack plugins : 7

Overall scan summaryScanned items : 142583
Infected items : 0
Suspicious items : 0
Resolved items : 0
Unresolved items : 14
Password-protected items : 14
Individual viruses found : 0
Scanned directories : 18077
Scanned boot sectors : 0
Scanned archives : 2098
Input-output errors : 271
Scan time : 03:14:46
Files per second : 12

Scanned processes summaryScanned : 0
Infected : 0

Scanned registry keys summaryScanned : 0
Infected : 0

Scanned cookies summaryScanned : 0
Infected : 0

Objects that were not scanned:Object Name Reason Final Status
C:\Program Files\McAfee.com\Agent\uninst\screm.ui=]agntcons.vbs Password-protected No action was possible
C:\Program Files\McAfee.com\Agent\uninst\screm.ui=]agntlang.vbs Password-protected No action was possible
C:\Program Files\McAfee.com\Agent\uninst\screm.ui=]comctl.lpk Password-protected No action was possible
C:\Program Files\McAfee.com\Agent\uninst\screm.ui=]config.ini Password-protected No action was possible
C:\Program Files\McAfee.com\Agent\uninst\screm.ui=]pbar.vbs Password-protected No action was possible
C:\Program Files\McAfee.com\Agent\uninst\screm.ui=]UnInsStr.vbs Password-protected No action was possible
C:\Program Files\McAfee.com\Agent\uninst\screm.ui=]uninst.vbs Password-protected No action was possible
C:\Program Files\McAfee.com\Agent\uninst\screm.ui=]uninstall.htm Password-protected No action was possible
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts43.zip=]f3initialsetup1.0.1.0.inf Password-protected No action was possible
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts43.zip=]sbRecovery.ini Password-protected No action was possible
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts44.zip=]f3initialsetup1.0.1.0.inf Password-protected No action was possible
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts44.zip=]sbRecovery.ini Password-protected No action was possible
C:\Windows\adobe\Data1.cab=]WebSearchENU.pdf Password-protected No action was possible
C:\Windows\adobe\Data1.cab=]RdrMsgSplash.pdf Password-protected No action was possible
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:34 PM, on 1/17/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AOL 9.1a\waol.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Common Files\AOL\1192914434\EE\AOLDesktop.exe
C:\Program Files\Common Files\AOL\1192914434\EE\aolsoftware.exe
C:\Program Files\AOL 9.1a\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [LXDJCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1a\AOL.EXE" -b
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-w...agi3.0.84.2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} (pmjpegcam Class) - http://12.107.134.186/JpegInst.cab
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: McAfee Application Installer Cleanup (0090491221264738) (0090491221264738mcinstcleanup) - Unknown owner - C:\Windows\TEMP\009049~1.EXE (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxdj_device - - C:\Windows\system32\lxdjcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10312 bytes

#7 shaferintl

shaferintl

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,445 posts

Posted 17 January 2009 - 05:56 PM

Maverick61563,

Thanks for the post. Your system appears to be clean!! :thumbsup: :thumbsup:

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we at SWI are to help you, for your sake we would rather not have repeat customers. :p

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

1) First and foremost, you should maintain your firewall. It is the primary way to keep out malware. A tutorial on understanding and using firewalls may be found here.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.o...oducts/firefox/

4) Also make sure to run your antivirus software, perform scans regularly, and to keep it up-to-date.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems! Good luck. :D
shaferintl

Links to Free Tools I Use:
AVG Antivirus ... Adaware ... Spybot S&D ...
Spyware Blaster ... Zone Alarm Firewall ...
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#8 Maverick61563

Maverick61563

    Advanced Member

  • Full Member
  • PipPipPip
  • 101 posts

Posted 17 January 2009 - 06:31 PM

Thank you for all your help in cleaning up my computer.

#9 shaferintl

shaferintl

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,445 posts

Posted 17 January 2009 - 06:45 PM

You are very welcome. Glad we could help. :)

[Reopened]
Everyone else please begin a New Topic.
shaferintl

Links to Free Tools I Use:
AVG Antivirus ... Adaware ... Spybot S&D ...
Spyware Blaster ... Zone Alarm Firewall ...
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#10 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 19 January 2009 - 10:24 PM

Reopened at request of topic owner.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#11 shaferintl

shaferintl

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,445 posts

Posted 20 January 2009 - 05:09 AM

Maverick61563,

Post a fresh HijackThis log and let's have a look. :thumbsup:
shaferintl

Links to Free Tools I Use:
AVG Antivirus ... Adaware ... Spybot S&D ...
Spyware Blaster ... Zone Alarm Firewall ...
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#12 Maverick61563

Maverick61563

    Advanced Member

  • Full Member
  • PipPipPip
  • 101 posts

Posted 20 January 2009 - 08:41 PM

Here's the new log. Not sure what happened, it was working great after our last contact and then it started freezing up more than before I made original post.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:02 PM, on 1/20/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\AOL\1192914434\EE\AOLDesktop.exe
C:\Program Files\Common Files\AOL\1192914434\EE\aolsoftware.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AOL 9.1a\waol.exe
C:\Program Files\AOL 9.1a\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [LXDJCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1a\AOL.EXE" -b
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-w...agi3.0.84.2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} (pmjpegcam Class) - http://12.107.134.186/JpegInst.cab
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: McAfee Application Installer Cleanup (0090491221264738) (0090491221264738mcinstcleanup) - Unknown owner - C:\Windows\TEMP\009049~1.EXE (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdj_device - - C:\Windows\system32\lxdjcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9445 bytes

#13 shaferintl

shaferintl

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,445 posts

Posted 20 January 2009 - 09:16 PM

Maverick61563,

Run a Malwarebytes' Anti-Malware scan and post it. :thumbsup:
shaferintl

Links to Free Tools I Use:
AVG Antivirus ... Adaware ... Spybot S&D ...
Spyware Blaster ... Zone Alarm Firewall ...
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#14 Maverick61563

Maverick61563

    Advanced Member

  • Full Member
  • PipPipPip
  • 101 posts

Posted 20 January 2009 - 09:44 PM

Malwarebytes' Anti-Malware 1.33
Database version: 1673
Windows 6.0.6001 Service Pack 1

1/20/2009 10:40:36 PM
mbam-log-2009-01-20 (22-40-36).txt

Scan type: Quick Scan
Objects scanned: 47030
Time elapsed: 12 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#15 shaferintl

shaferintl

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,445 posts

Posted 21 January 2009 - 05:11 AM

Maverick61563,

Your system appears to be clean. Please describe the freeze-ups. Is it your browser? If so, only certain websites? What do you have to do to un-freeze it? Give me some details.
shaferintl

Links to Free Tools I Use:
AVG Antivirus ... Adaware ... Spybot S&D ...
Spyware Blaster ... Zone Alarm Firewall ...
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#16 Maverick61563

Maverick61563

    Advanced Member

  • Full Member
  • PipPipPip
  • 101 posts

Posted 21 January 2009 - 09:25 PM

The laptop is opening pages extremely slow. It does not seem to be happening on any specific sites. The pages starts to load and just hangs there for a while before opening. Every once in a while I get a message that AOL scheduler has stopped working. When I play games (such as solitaire or hearts) the cards move almost in slow motion. Since my last post, these things are happening randomly. Sometimes slow - sometimes normal.

Not sure if it's a browser problem. How would I know if that's the case?

Also, when I start up now, the Acer Empowering Technology toolbar does not open which allows me to access the internet via wireless connection. I have to manually open it. I checked the settings and the box marked open on start up is checked. Shut down sems to be taking much longer than normal too. Totally confused...Any ideas?

#17 shaferintl

shaferintl

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,445 posts

Posted 22 January 2009 - 06:17 PM

Maverick61563,

The laptop is opening pages extremely slow.., Not sure if it's a browser problem.

This certainly does not sound like a browser problem. I want to run some other scans to see if there is something lurking.

Also, when I start up now, the Acer Empowering Technology toolbar does not open...

We will look into this further after running the scans.

Please run a GMER Rootkit scan:

Download GMER's application from here:
http://www.gmer.net/gmer.zip

Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.
This will copy the results to your clipboard. (save it to a file)
Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.

If you're having problems with running GMER.exe, try it in safe mode.
This tool works in safe mode. Other rootkitrevealers don't.

Download Dr.Web CureIt to the desktop. Do not execute it.

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode at the top, on the screen that appears. Sign in with your normal user account.

Run Dr.Web CureIt as follows:
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.
Please post the GMER Report.txt, the DrWeb.csv report, and a new HijackThis log in your next reply. Please also say how your computer is running now. :)
shaferintl

Links to Free Tools I Use:
AVG Antivirus ... Adaware ... Spybot S&D ...
Spyware Blaster ... Zone Alarm Firewall ...
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#18 Maverick61563

Maverick61563

    Advanced Member

  • Full Member
  • PipPipPip
  • 101 posts

Posted 23 January 2009 - 01:42 AM

Here's the logs you asked for. There was no report for DRWEB-CURE, it said that no viruses were found.

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-23 02:05:40
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.14 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8AB159BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8AB15958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8AB1596C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8AB159FC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8AB15A3F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8AB15930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8AB15944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8AB159D2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8AB15A67]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8AB15A53]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8AB159AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8AB15996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8AB15A2B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8AB15A12]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8AB159E8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8AB15982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwYieldExecution 81C4118C 5 Bytes JMP 8AB159EC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 81DDB17C 5 Bytes JMP 8AB15A43 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateUserProcess 81DE2DCA 5 Bytes JMP 8AB15986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 81DFCF80 5 Bytes JMP 8AB15A2F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 81E1C1DC 5 Bytes JMP 8AB15948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 81E2BB18 5 Bytes JMP 8AB15934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 81E3E74E 7 Bytes JMP 8AB15A00 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 81E3EDA5 5 Bytes JMP 8AB15A16 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 81E40FB6 5 Bytes JMP 8AB159C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 81E4E674 5 Bytes JMP 8AB1599A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 81E508CE 7 Bytes JMP 8AB159D6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 81E6F452 5 Bytes JMP 8AB15A57 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 81E7049E 2 Bytes JMP 8AB15A6B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey + 3 81E704A1 2 Bytes [ CA, 08 ]
PAGE ntkrnlpa.exe!ZwCreateProcess 81EAE1C1 5 Bytes JMP 8AB1595C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 81EAE20C 7 Bytes JMP 8AB15970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 81EAECCB 5 Bytes JMP 8AB159AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.14 ----

.text C:\Windows\system32\wuauclt.exe[412] kernel32.dll!GetStartupInfoW 759B1929 5 Bytes JMP 0001006F
.text C:\Windows\system32\wuauclt.exe[412] kernel32.dll!GetStartupInfoA 759B19C9 5 Bytes JMP 00010F1F
.text C:\Windows\system32\wuauclt.exe[412] kernel32.dll!CreateProcessW 759B1C01 5 Bytes JMP 0001008A
.text C:\Windows\system32\wuauclt.exe[412] kernel32.dll!CreateProcessA 759B1C36 5 Bytes JMP 00010EF3
.text C:\Windows\system32\wuauclt.exe[412] kernel32.dll!VirtualProtect 759B1DD1 5 Bytes JMP 00010F52
.text C:\Windows\system32\wuauclt.exe[412] kernel32.dll!CreateNamedPipeW 759B5C44 5 Bytes JMP 0001001B
.text C:\Windows\system32\wuauclt.exe[412] kernel32.dll!LoadLibraryExW 759D30C3 5 Bytes JMP 0001002C
.text C:\Windows\system32\wuauclt.exe[412] kernel32.dll!LoadLibraryW 759D361F 5 Bytes JMP 00010F8A
.text C:\Windows\system32\wuauclt.exe[412] kernel32.dll!VirtualProtectEx 759D8D7E 5 Bytes JMP 00010F41
.text C:\Windows\system32\wuauclt.exe[412] kernel32.dll!LoadLibraryExA 759D9469 5 Bytes JMP 00010F6F
.text C:\Windows\system32\wuauclt.exe[412] kernel32.dll!LoadLibraryA 759D9491 5 Bytes JMP 00010FAF
.text C:\Windows\system32\wuauclt.exe[412] kernel32.dll!CreatePipe 759E0284 5 Bytes JMP 00010F30
.text C:\Windows\system32\wuauclt.exe[412] kernel32.dll!GetProcAddress 759FB8B6 5 Bytes JMP 00010ED8
.text C:\Windows\system32\wuauclt.exe[412] kernel32.dll!CreateFileW 759FCC4E 5 Bytes JMP 00010FD4
.text C:\Windows\system32\wuauclt.exe[412] kernel32.dll!CreateFileA 759FCF71 5 Bytes JMP 00010FE5
.text C:\Windows\system32\wuauclt.exe[412] kernel32.dll!CreateNamedPipeA 75A441F6 5 Bytes JMP 00010000
.text C:\Windows\system32\wuauclt.exe[412] kernel32.dll!WinExec 75A453E7 5 Bytes JMP 00010F0E
.text C:\Windows\system32\wuauclt.exe[412] ADVAPI32.dll!RegCreateKeyExA 7719B5E7 5 Bytes JMP 00070051
.text C:\Windows\system32\wuauclt.exe[412] ADVAPI32.dll!RegCreateKeyA 7719B8AE 5 Bytes JMP 00070025
.text C:\Windows\system32\wuauclt.exe[412] ADVAPI32.dll!RegOpenKeyA 771A0BF5 5 Bytes JMP 00070FEF
.text C:\Windows\system32\wuauclt.exe[412] ADVAPI32.dll!RegCreateKeyW 771AB83D 5 Bytes JMP 00070040
.text C:\Windows\system32\wuauclt.exe[412] ADVAPI32.dll!RegCreateKeyExW 771ABCE1 5 Bytes JMP 00070F9E
.text C:\Windows\system32\wuauclt.exe[412] ADVAPI32.dll!RegOpenKeyExA 771AD4E8 5 Bytes JMP 00070FB9
.text C:\Windows\system32\wuauclt.exe[412] ADVAPI32.dll!RegOpenKeyW 771B3CB0 5 Bytes JMP 00070FD4
.text C:\Windows\system32\wuauclt.exe[412] ADVAPI32.dll!RegOpenKeyExW 771BF09D 5 Bytes JMP 00070014
.text C:\Windows\system32\wuauclt.exe[412] WININET.dll!InternetOpenA 75B903DD 5 Bytes JMP 0088000A
.text C:\Windows\system32\wuauclt.exe[412] WININET.dll!InternetOpenUrlA 75B920A3 5 Bytes JMP 00880025
.text C:\Windows\system32\wuauclt.exe[412] WININET.dll!InternetOpenW 75B92A58 5 Bytes JMP 00880FEF
.text C:\Windows\system32\wuauclt.exe[412] WININET.dll!InternetOpenUrlW 75BDAF79 5 Bytes JMP 00880036
.text C:\Windows\system32\wuauclt.exe[412] WS2_32.dll!socket 76B136D1 5 Bytes JMP 008E0FE5
.text C:\Windows\system32\services.exe[624] kernel32.dll!GetStartupInfoW 759B1929 5 Bytes JMP 00120091
.text C:\Windows\system32\services.exe[624] kernel32.dll!GetStartupInfoA 759B19C9 5 Bytes JMP 00120080
.text C:\Windows\system32\services.exe[624] kernel32.dll!CreateProcessW 759B1C01 5 Bytes JMP 001200D1
.text C:\Windows\system32\services.exe[624] kernel32.dll!CreateProcessA 759B1C36 1 Byte [ E9 ]
.text C:\Windows\system32\services.exe[624] kernel32.dll!CreateProcessA + 2 759B1C38 3 Bytes [ F2, 76, 8A ]
.text C:\Windows\system32\services.exe[624] kernel32.dll!VirtualProtect 759B1DD1 5 Bytes JMP 00120F81
.text C:\Windows\system32\services.exe[624] kernel32.dll!CreateNamedPipeW 759B5C44 5 Bytes JMP 00120FCA
.text C:\Windows\system32\services.exe[624] kernel32.dll!LoadLibraryExW 759D30C3 5 Bytes JMP 0012005B
.text C:\Windows\system32\services.exe[624] kernel32.dll!LoadLibraryW 759D361F 5 Bytes JMP 00120040
.text C:\Windows\system32\services.exe[624] kernel32.dll!VirtualProtectEx 759D8D7E 5 Bytes JMP 00120F5C
.text C:\Windows\system32\services.exe[624] kernel32.dll!LoadLibraryExA 759D9469 5 Bytes JMP 00120F9E
.text C:\Windows\system32\services.exe[624] kernel32.dll!LoadLibraryA 759D9491 5 Bytes JMP 00120FB9
.text C:\Windows\system32\services.exe[624] kernel32.dll!CreatePipe 759E0284 5 Bytes JMP 00120F4B
.text C:\Windows\system32\services.exe[624] kernel32.dll!GetProcAddress 759FB8B6 5 Bytes JMP 001200E2
.text C:\Windows\system32\services.exe[624] kernel32.dll!CreateFileW 759FCC4E 5 Bytes JMP 0012001B
.text C:\Windows\system32\services.exe[624] kernel32.dll!CreateFileA 759FCF71 5 Bytes JMP 0012000A
.text C:\Windows\system32\services.exe[624] kernel32.dll!CreateNamedPipeA 75A441F6 5 Bytes JMP 00120FEF
.text C:\Windows\system32\services.exe[624] kernel32.dll!WinExec 75A453E7 5 Bytes JMP 001200B6
.text C:\Windows\system32\services.exe[624] ADVAPI32.dll!RegCreateKeyExA 7719B5E7 5 Bytes JMP 00190FB6
.text C:\Windows\system32\services.exe[624] ADVAPI32.dll!RegCreateKeyA 7719B8AE 5 Bytes JMP 00190047
.text C:\Windows\system32\services.exe[624] ADVAPI32.dll!RegOpenKeyA 771A0BF5 5 Bytes JMP 0019000A
.text C:\Windows\system32\services.exe[624] ADVAPI32.dll!RegCreateKeyW 771AB83D 5 Bytes JMP 00190058
.text C:\Windows\system32\services.exe[624] ADVAPI32.dll!RegCreateKeyExW 771ABCE1 5 Bytes JMP 00190FA5
.text C:\Windows\system32\services.exe[624] ADVAPI32.dll!RegOpenKeyExA 771AD4E8 5 Bytes JMP 00190FDB
.text C:\Windows\system32\services.exe[624] ADVAPI32.dll!RegOpenKeyW 771B3CB0 5 Bytes JMP 0019001B
.text C:\Windows\system32\services.exe[624] ADVAPI32.dll!RegOpenKeyExW 771BF09D 5 Bytes JMP 0019002C
.text C:\Windows\system32\services.exe[624] WS2_32.dll!socket 76B136D1 5 Bytes JMP 00180000
.text C:\Windows\system32\lsass.exe[640] kernel32.dll!GetStartupInfoW 759B1929 5 Bytes JMP 000D00D0
.text C:\Windows\system32\lsass.exe[640] kernel32.dll!GetStartupInfoA 759B19C9 5 Bytes JMP 000D00BF
.text C:\Windows\system32\lsass.exe[640] kernel32.dll!CreateProcessW 759B1C01 5 Bytes JMP 000D0106
.text C:\Windows\system32\lsass.exe[640] kernel32.dll!CreateProcessA 759B1C36 5 Bytes JMP 000D0F6F
.text C:\Windows\system32\lsass.exe[640] kernel32.dll!VirtualProtect 759B1DD1 5 Bytes JMP 000D0082
.text C:\Windows\system32\lsass.exe[640] kernel32.dll!CreateNamedPipeW 759B5C44 5 Bytes JMP 000D0FDE
.text C:\Windows\system32\lsass.exe[640] kernel32.dll!LoadLibraryExW 759D30C3 5 Bytes JMP 000D0071
.text C:\Windows\system32\lsass.exe[640] kernel32.dll!LoadLibraryW 759D361F 5 Bytes JMP 000D004A
.text C:\Windows\system32\lsass.exe[640] kernel32.dll!VirtualProtectEx 759D8D7E 5 Bytes JMP 000D0093
.text C:\Windows\system32\lsass.exe[640] kernel32.dll!LoadLibraryExA 759D9469 5 Bytes JMP 000D0FB2
.text C:\Windows\system32\lsass.exe[640] kernel32.dll!LoadLibraryA 759D9491 5 Bytes JMP 000D0FCD
.text C:\Windows\system32\lsass.exe[640] kernel32.dll!CreatePipe 759E0284 5 Bytes JMP 000D00AE
.text C:\Windows\system32\lsass.exe[640] kernel32.dll!GetProcAddress 759FB8B6 5 Bytes JMP 000D0117
.text C:\Windows\system32\lsass.exe[640] kernel32.dll!CreateFileW 759FCC4E 5 Bytes JMP 000D0FEF
.text C:\Windows\system32\lsass.exe[640] kernel32.dll!CreateFileA 759FCF71 5 Bytes JMP 000D000A
.text C:\Windows\system32\lsass.exe[640] kernel32.dll!CreateNamedPipeA 75A441F6 5 Bytes JMP 000D0025
.text C:\Windows\system32\lsass.exe[640] kernel32.dll!WinExec 75A453E7 1 Byte [ E9 ]
.text C:\Windows\system32\lsass.exe[640] kernel32.dll!WinExec + 2 75A453E9 3 Bytes [ AC, 68, 8A ]
.text C:\Windows\system32\lsass.exe[640] ADVAPI32.dll!RegCreateKeyExA 7719B5E7 5 Bytes JMP 004B007D
.text C:\Windows\system32\lsass.exe[640] ADVAPI32.dll!RegCreateKeyA 7719B8AE 5 Bytes JMP 004B0051
.text C:\Windows\system32\lsass.exe[640] ADVAPI32.dll!RegOpenKeyA 771A0BF5 5 Bytes JMP 004B0FEF
.text C:\Windows\system32\lsass.exe[640] ADVAPI32.dll!RegCreateKeyW 771AB83D 5 Bytes JMP 004B006C
.text C:\Windows\system32\lsass.exe[640] ADVAPI32.dll!RegCreateKeyExW 771ABCE1 5 Bytes JMP 004B0FC0
.text C:\Windows\system32\lsass.exe[640] ADVAPI32.dll!RegOpenKeyExA 771AD4E8 5 Bytes JMP 004B0025
.text C:\Windows\system32\lsass.exe[640] ADVAPI32.dll!RegOpenKeyW 771B3CB0 5 Bytes JMP 004B0014
.text C:\Windows\system32\lsass.exe[640] ADVAPI32.dll!RegOpenKeyExW 771BF09D 5 Bytes JMP 004B0040
.text C:\Windows\system32\lsass.exe[640] WS2_32.dll!socket 76B136D1 5 Bytes JMP 000F0FEF
.text C:\Windows\system32\svchost.exe[812] kernel32.dll!GetStartupInfoW 759B1929 5 Bytes JMP 00260F12
.text C:\Windows\system32\svchost.exe[812] kernel32.dll!GetStartupInfoA 759B19C9 5 Bytes JMP 00260058
.text C:\Windows\system32\svchost.exe[812] kernel32.dll!CreateProcessW 759B1C01 5 Bytes JMP 00260073
.text C:\Windows\system32\svchost.exe[812] kernel32.dll!CreateProcessA 759B1C36 5 Bytes JMP 00260EDC
.text C:\Windows\system32\svchost.exe[812] kernel32.dll!VirtualProtect 759B1DD1 5 Bytes JMP 00260F5C
.text C:\Windows\system32\svchost.exe[812] kernel32.dll!CreateNamedPipeW 759B5C44 5 Bytes JMP 00260FAF
.text C:\Windows\system32\svchost.exe[812] kernel32.dll!LoadLibraryExW 759D30C3 5 Bytes JMP 00260036
.text C:\Windows\system32\svchost.exe[812] kernel32.dll!LoadLibraryW 759D361F 5 Bytes JMP 00260025
.text C:\Windows\system32\svchost.exe[812] kernel32.dll!VirtualProtectEx 759D8D7E 5 Bytes JMP 00260F37
.text C:\Windows\system32\svchost.exe[812] kernel32.dll!LoadLibraryExA 759D9469 5 Bytes JMP 00260F79
.text C:\Windows\system32\svchost.exe[812] kernel32.dll!LoadLibraryA 759D9491 5 Bytes JMP 00260F9E
.text C:\Windows\system32\svchost.exe[812] kernel32.dll!CreatePipe 759E0284 5 Bytes JMP 00260047
.text C:\Windows\system32\svchost.exe[812] kernel32.dll!GetProcAddress 759FB8B6 5 Bytes JMP 00260084
.text C:\Windows\system32\svchost.exe[812] kernel32.dll!CreateFileW 759FCC4E 5 Bytes JMP 0026000A
.text C:\Windows\system32\svchost.exe[812] kernel32.dll!CreateFileA 759FCF71 5 Bytes JMP 00260FEF
.text C:\Windows\system32\svchost.exe[812] kernel32.dll!CreateNamedPipeA 75A441F6 5 Bytes JMP 00260FD4
.text C:\Windows\system32\svchost.exe[812] kernel32.dll!WinExec 75A453E7 5 Bytes JMP 00260EF7
.text C:\Windows\system32\svchost.exe[812] ADVAPI32.dll!RegCreateKeyExA 7719B5E7 5 Bytes JMP 00290F83
.text C:\Windows\system32\svchost.exe[812] ADVAPI32.dll!RegCreateKeyA 7719B8AE 5 Bytes JMP 00290025
.text C:\Windows\system32\svchost.exe[812] ADVAPI32.dll!RegOpenKeyA 771A0BF5 5 Bytes JMP 00290FEF
.text C:\Windows\system32\svchost.exe[812] ADVAPI32.dll!RegCreateKeyW 771AB83D 5 Bytes JMP 00290F94
.text C:\Windows\system32\svchost.exe[812] ADVAPI32.dll!RegCreateKeyExW 771ABCE1 5 Bytes JMP 00290040
.text C:\Windows\system32\svchost.exe[812] ADVAPI32.dll!RegOpenKeyExA 771AD4E8 5 Bytes JMP 00290FC3
.text C:\Windows\system32\svchost.exe[812] ADVAPI32.dll!RegOpenKeyW 771B3CB0 5 Bytes JMP 00290FDE
.text C:\Windows\system32\svchost.exe[812] ADVAPI32.dll!RegOpenKeyExW 771BF09D 5 Bytes JMP 0029000A
.text C:\Windows\system32\svchost.exe[812] WS2_32.dll!socket 76B136D1 5 Bytes JMP 00280000
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetStartupInfoW 759B1929 5 Bytes JMP 00880F39
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetStartupInfoA 759B19C9 5 Bytes JMP 00880075
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateProcessW 759B1C01 5 Bytes JMP 00880F03
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateProcessA 759B1C36 5 Bytes JMP 008800A4
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!VirtualProtect 759B1DD1 5 Bytes JMP 00880F6F
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateNamedPipeW 759B5C44 5 Bytes JMP 00880FC0
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryExW 759D30C3 5 Bytes JMP 00880F8A
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryW 759D361F 5 Bytes JMP 00880036
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!VirtualProtectEx 759D8D7E 5 Bytes JMP 00880064
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryExA 759D9469 5 Bytes JMP 00880047
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryA 759D9491 5 Bytes JMP 00880FAF
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreatePipe 759E0284 5 Bytes JMP 00880F4A
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetProcAddress 759FB8B6 5 Bytes JMP 00880EF2
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateFileW 759FCC4E 5 Bytes JMP 0088000A
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateFileA 759FCF71 5 Bytes JMP 00880FEF
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateNamedPipeA 75A441F6 5 Bytes JMP 0088001B
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!WinExec 75A453E7 5 Bytes JMP 00880F1E
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExA 7719B5E7 5 Bytes JMP 008B0076
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyA 7719B8AE 5 Bytes JMP 008B0FD4
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyA 771A0BF5 5 Bytes JMP 008B0000
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyW 771AB83D 5 Bytes JMP 008B0065
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExW 771ABCE1 5 Bytes JMP 008B0FB9
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExA 771AD4E8 5 Bytes JMP 008B0FE5
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyW 771B3CB0 5 Bytes JMP 008B001B
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExW 771BF09D 5 Bytes JMP 008B0036
.text C:\Windows\system32\svchost.exe[872] WS2_32.dll!socket 76B136D1 5 Bytes JMP 008A0FEF
.text C:\Windows\System32\svchost.exe[908] kernel32.dll!GetStartupInfoW 759B1929 5 Bytes JMP 006300CB
.text C:\Windows\System32\svchost.exe[908] kernel32.dll!GetStartupInfoA 759B19C9 5 Bytes JMP 006300BA
.text C:\Windows\System32\svchost.exe[908] kernel32.dll!CreateProcessW 759B1C01 5 Bytes JMP 00630112
.text C:\Windows\System32\svchost.exe[908] kernel32.dll!CreateProcessA 759B1C36 5 Bytes JMP 006300F7
.text C:\Windows\System32\svchost.exe[908] kernel32.dll!VirtualProtect 759B1DD1 5 Bytes JMP 0063007A
.text C:\Windows\System32\svchost.exe[908] kernel32.dll!CreateNamedPipeW 759B5C44 5 Bytes JMP 0063002C
.text C:\Windows\System32\svchost.exe[908] kernel32.dll!LoadLibraryExW 759D30C3 5 Bytes JMP 00630069
.text C:\Windows\System32\svchost.exe[908] kernel32.dll!LoadLibraryW 759D361F 5 Bytes JMP 00630047
.text C:\Windows\System32\svchost.exe[908] kernel32.dll!VirtualProtectEx 759D8D7E 5 Bytes JMP 00630F8F
.text C:\Windows\System32\svchost.exe[908] kernel32.dll!LoadLibraryExA 759D9469 5 Bytes JMP 00630058
.text C:\Windows\System32\svchost.exe[908] kernel32.dll!LoadLibraryA 759D9491 5 Bytes JMP 00630FC0
.text C:\Windows\System32\svchost.exe[908] kernel32.dll!CreatePipe 759E0284 5 Bytes JMP 00630095
.text C:\Windows\System32\svchost.exe[908] kernel32.dll!GetProcAddress 759FB8B6 5 Bytes JMP 00630F60
.text C:\Windows\System32\svchost.exe[908] kernel32.dll!CreateFileW 759FCC4E 5 Bytes JMP 00630FE5
.text C:\Windows\System32\svchost.exe[908] kernel32.dll!CreateFileA 759FCF71 5 Bytes JMP 00630000
.text C:\Windows\System32\svchost.exe[908] kernel32.dll!CreateNamedPipeA 75A441F6 5 Bytes JMP 00630011
.text C:\Windows\System32\svchost.exe[908] kernel32.dll!WinExec 75A453E7 5 Bytes JMP 006300DC
.text C:\Windows\System32\svchost.exe[908] ADVAPI32.dll!RegCreateKeyExA 7719B5E7 5 Bytes JMP 00950FB6
.text C:\Windows\System32\svchost.exe[908] ADVAPI32.dll!RegCreateKeyA 7719B8AE 5 Bytes JMP 0095003D
.text C:\Windows\System32\svchost.exe[908] ADVAPI32.dll!RegOpenKeyA 771A0BF5 5 Bytes JMP 0095000A
.text C:\Windows\System32\svchost.exe[908] ADVAPI32.dll!RegCreateKeyW 771AB83D 5 Bytes JMP 0095004E
.text C:\Windows\System32\svchost.exe[908] ADVAPI32.dll!RegCreateKeyExW 771ABCE1 5 Bytes JMP 0095007D
.text C:\Windows\System32\svchost.exe[908] ADVAPI32.dll!RegOpenKeyExA 771AD4E8 5 Bytes JMP 00950FE5
.text C:\Windows\System32\svchost.exe[908] ADVAPI32.dll!RegOpenKeyW 771B3CB0 5 Bytes JMP 0095001B
.text C:\Windows\System32\svchost.exe[908] ADVAPI32.dll!RegOpenKeyExW 771BF09D 5 Bytes JMP 0095002C
.text C:\Windows\System32\svchost.exe[908] WS2_32.dll!socket 76B136D1 5 Bytes JMP 0094000A
.text C:\Windows\System32\svchost.exe[908] WININET.DLL!InternetOpenA 75B903DD 5 Bytes JMP 0064000A
.text C:\Windows\System32\svchost.exe[908] WININET.DLL!InternetOpenUrlA 75B920A3 5 Bytes JMP 00640FD4
.text C:\Windows\System32\svchost.exe[908] WININET.DLL!InternetOpenW 75B92A58 5 Bytes JMP 00640FEF
.text C:\Windows\System32\svchost.exe[908] WININET.DLL!InternetOpenUrlW 75BDAF79 5 Bytes JMP 00640025
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!GetStartupInfoW 759B1929 5 Bytes JMP 00190F45
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!GetStartupInfoA 759B19C9 5 Bytes JMP 00190095
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateProcessW 759B1C01 5 Bytes JMP 00190F19
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateProcessA 759B1C36 5 Bytes JMP 00190F34
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!VirtualProtect 759B1DD1 5 Bytes JMP 0019007A
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateNamedPipeW 759B5C44 5 Bytes JMP 00190022
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!LoadLibraryExW 759D30C3 5 Bytes JMP 00190FAC
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!LoadLibraryW 759D361F 5 Bytes JMP 0019004E
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!VirtualProtectEx 759D8D7E 5 Bytes JMP 00190F85
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!LoadLibraryExA 759D9469 5 Bytes JMP 0019005F
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!LoadLibraryA 759D9491 5 Bytes JMP 0019003D
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreatePipe 759E0284 5 Bytes JMP 00190F74
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!GetProcAddress 759FB8B6 5 Bytes JMP 00190EF4
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateFileW 759FCC4E 5 Bytes JMP 00190011
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateFileA 759FCF71 5 Bytes JMP 00190000
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateNamedPipeA 75A441F6 5 Bytes JMP 00190FD1
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!WinExec 75A453E7 5 Bytes JMP 001900B0
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExA 7719B5E7 5 Bytes JMP 00CB0036
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyA 7719B8AE 5 Bytes JMP 00CB0FA5
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyA 771A0BF5 5 Bytes JMP 00CB0FEF
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyW 771AB83D 5 Bytes JMP 00CB0F8A
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExW 771ABCE1 5 Bytes JMP 00CB0F6F
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExA 771AD4E8 5 Bytes JMP 00CB000A
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyW 771B3CB0 5 Bytes JMP 00CB0FDE
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExW 771BF09D 5 Bytes JMP 00CB001B
.text C:\Windows\System32\svchost.exe[1040] WS2_32.dll!socket 76B136D1 5 Bytes JMP 00CA0000
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetStartupInfoW 759B1929 5 Bytes JMP 00A20091
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetStartupInfoA 759B19C9 5 Bytes JMP 00A20F4B
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateProcessW 759B1C01 5 Bytes JMP 00A200C7
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateProcessA 759B1C36 5 Bytes JMP 00A20F30
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!VirtualProtect 759B1DD1 5 Bytes JMP 00A20051
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateNamedPipeW 759B5C44 5 Bytes JMP 00A20FAF
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryExW 759D30C3 5 Bytes JMP 00A20040
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryW 759D361F 5 Bytes JMP 00A20025
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!VirtualProtectEx 759D8D7E 5 Bytes JMP 00A2006C
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryExA 759D9469 5 Bytes JMP 00A20F83
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryA 759D9491 5 Bytes JMP 00A20F9E
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreatePipe 759E0284 5 Bytes JMP 00A20F5C
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetProcAddress 759FB8B6 5 Bytes JMP 00A20F15
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateFileW 759FCC4E 5 Bytes JMP 00A2000A
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateFileA 759FCF71 5 Bytes JMP 00A20FE5
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateNamedPipeA 75A441F6 5 Bytes JMP 00A20FD4
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!WinExec 75A453E7 5 Bytes JMP 00A200AC
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExA 7719B5E7 5 Bytes JMP 00DE0FA8
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyA 7719B8AE 5 Bytes JMP 00DE0040
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyA 771A0BF5 5 Bytes JMP 00DE0000
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyW 771AB83D 5 Bytes JMP 00DE0FB9
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExW 771ABCE1 5 Bytes JMP 00DE0F97
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExA 771AD4E8 5 Bytes JMP 00DE0FD4
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyW 771B3CB0 5 Bytes JMP 00DE0FEF
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExW 771BF09D 5 Bytes JMP 00DE0025
.text C:\Windows\System32\svchost.exe[1096] WS2_32.dll!socket 76B136D1 5 Bytes JMP 00DD0000
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!GetStartupInfoW 759B1929 5 Bytes JMP 010000B0
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!GetStartupInfoA 759B19C9 5 Bytes JMP 01000095
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateProcessW 759B1C01 5 Bytes JMP 010000C1
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateProcessA 759B1C36 5 Bytes JMP 01000F2A
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!VirtualProtect 759B1DD1 5 Bytes JMP 01000069
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateNamedPipeW 759B5C44 5 Bytes JMP 01000022
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExW 759D30C3 5 Bytes JMP 01000058
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!LoadLibraryW 759D361F 5 Bytes JMP 01000FB6
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!VirtualProtectEx 759D8D7E 5 Bytes JMP 01000F7E
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExA 759D9469 5 Bytes JMP 01000F9B
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!LoadLibraryA 759D9491 5 Bytes JMP 01000033
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreatePipe 759E0284 5 Bytes JMP 01000084
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!GetProcAddress 759FB8B6 5 Bytes JMP 01000F0F
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateFileW 759FCC4E 5 Bytes JMP 01000000
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateFileA 759FCF71 5 Bytes JMP 01000FE5
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateNamedPipeA 75A441F6 5 Bytes JMP 01000011
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!WinExec 75A453E7 5 Bytes JMP 01000F4F
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExA 7719B5E7 5 Bytes JMP 01070047
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyA 7719B8AE 5 Bytes JMP 01070FC0
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyA 771A0BF5 5 Bytes JMP 01070000
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyW 771AB83D 5 Bytes JMP 01070FA5
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExW 771ABCE1 5 Bytes JMP 01070F8A
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExA 771AD4E8 5 Bytes JMP 01070025
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyW 771B3CB0 5 Bytes JMP 01070FEF
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExW 771BF09D 5 Bytes JMP 01070036
.text C:\Windows\system32\svchost.exe[1112] WS2_32.dll!socket 76B136D1 5 Bytes JMP 01060000
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!GetStartupInfoW 759B1929 5 Bytes JMP 00350F63
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!GetStartupInfoA 759B19C9 5 Bytes JMP 003500A9
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreateProcessW 759B1C01 5 Bytes JMP 003500DF
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreateProcessA 759B1C36 5 Bytes JMP 003500CE
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!VirtualProtect

#19 shaferintl

shaferintl

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,445 posts

Posted 23 January 2009 - 05:37 AM

Maverick61563,

Thanks for the logs. Your system appears to be clean! :thumbsup: As far as your system being slow, I would recommend that you try a different firewall and anti-virus. McAfee is known to slow systems and cause lags. You can google it to see for yourself.

If you decide to go with my suggestion, uninstall McAfee using Start > Control Panel > Programs and Features. Do not browse while your system is unprotected.

Some good free firewalls are Comodo, Online Armor, Kerio, or Jetico Personal Firewall 1.0. A tutorial on understanding and using firewalls may be found here.

For a free A-V:Regarding the Acer Empowering Technology toolbar problem, you could uninstall it and re-install from here.

Hopefully this should take care of your problems! Post back and let me know the outcome. :D
shaferintl

Links to Free Tools I Use:
AVG Antivirus ... Adaware ... Spybot S&D ...
Spyware Blaster ... Zone Alarm Firewall ...
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#20 Maverick61563

Maverick61563

    Advanced Member

  • Full Member
  • PipPipPip
  • 101 posts

Posted 25 January 2009 - 11:15 AM

I removed McAfee and Spyware Guard. I used the Kerio link you gave me to buy a years subscription to Sun Belt Firewall & Anti Virus. So far so good. Thanks for the guiance.

#21 shaferintl

shaferintl

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,445 posts

Posted 25 January 2009 - 11:19 AM

I removed McAfee and Spyware Guard. I used the Kerio link you gave me to buy a years subscription to Sun Belt Firewall & Anti Virus. So far so good. Thanks for the guiance.

Sounds good. If you need anything more, get back to me. I'll leave this thread open for a few days. :thumbsup:
shaferintl

Links to Free Tools I Use:
AVG Antivirus ... Adaware ... Spybot S&D ...
Spyware Blaster ... Zone Alarm Firewall ...
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#22 shaferintl

shaferintl

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,445 posts

Posted 28 January 2009 - 05:09 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
shaferintl

Links to Free Tools I Use:
AVG Antivirus ... Adaware ... Spybot S&D ...
Spyware Blaster ... Zone Alarm Firewall ...
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.




Member of UNITE
Support SpywareInfo Forum - click the button