# Hijacked PC



## BCs

My system seems to get hijacked often. you can be in the middle of anything and all of a suden the system goes haywire. It tries to open programs and run them and opens the start menu and opens programs from that. The only way to stop it is to wait for 20 seconds until it stops and then close down the open programs, hit the ESC key which sometimes stops it or reboot.Very annoying when the kids are doing homework and the program they are using closes on them. I am running XP SP3 & IE 8.

I am also running NIS 2009 & spyware terminator. Neither program is picking up anything.

Anyone with any ideas would be appreciated.
This is the 4th attempt to post as "it" keeps closing IE down







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:57 PM, on 17/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\wisco\BackupOutlook\BackupOutlook.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\VideoMate\ComproRemote.exe
C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN\Toolbar\3.0.1203.0\msntask.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ninemsn.com.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: BTjunkie Toolbar - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTj1.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BTjunkie Toolbar - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTj1.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BTjunkie Toolbar - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTj1.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BackupOutlook] "C:\Program Files\wisco\BackupOutlook\BackupOutlook.exe" silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ComproRemote.lnk
O4 - Global Startup: ComproSchedulerDTV.lnk = C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
O4 - Global Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222386794109
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: 30112d3c573 - C:\WINDOWS\System32\divx_xx0732.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 10354 bytes


Malwarebytes' Anti-Malware 1.40
Database version: 2747
Windows 5.1.2600 Service Pack 3

6/09/2009 2:54:24 PM
mbam-log-2009-09-06 (14-54-12).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 185445
Time elapsed: 1 hour(s), 0 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 20
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 4
Files Infected: 132

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\tbsb09835.ietoolbar (Adware.BullseyeToolbar) -> No action taken.
HKEY_CLASSES_ROOT\tbsb09835.ietoolbar.1 (Adware.BullseyeToolbar) -> No action taken.
HKEY_CLASSES_ROOT\tbsb09835.tbsb09835 (Adware.BullseyeToolbar) -> No action taken.
HKEY_CLASSES_ROOT\toolbar3.tbsb09835 (Adware.BullseyeToolbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{255c13ae-4bb0-45c3-bae1-ba6c088c43b3} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8fbb0d9a-1f7b-465b-8292-1593b880e92a} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6226ba26-c017-4007-928c-de9715c6fa67} (Adware.BullseyeToolbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d97fc677-694d-4a75-ac89-a5b85c2bcfed} (Adware.BullseyeToolbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\imwrvsfusmkvcmsc (Adware.AdRotator) -> No action taken.
HKEY_CLASSES_ROOT\tbsb05288.ietoolbar (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\tbsb05288.ietoolbar.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\tbsb05288.tbsb05288 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\toolbar3.tbsb05288 (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\TBSB05288 (Adware.IEToolbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\runit (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\runit (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{6226ba26-c017-4007-928c-de9715c6fa67} (Adware.BullseyeToolbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.SearchPage) -> Bad: (http://www.iesearch.com/) Good: (http://www.Google.com/) -> No action taken.

Folders Infected:
C:\Program Files\runit (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Start Menu\Programs\BitDownload (Trojan.Swizzor) -> No action taken.
C:\WINDOWS\system32\LocalService32 (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32 (Worm.Archive) -> No action taken.

Files Infected:
C:\Documents and Settings\Administrator\Local Settings\Temp\wopsetqfvb.tmp (Rootkit.TDSS) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\BASH\Clone\BHCFB.tmp (Rootkit.TDSS) -> No action taken.
C:\Program Files\runit\runit_32.exe (Trojan.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1957994488-1645522239-725345543-500\Dc53.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{70DB4145-2119-4107-9DA1-50CD64812B1E}\RP438\A0167372.exe (Adware.AdRotator) -> No action taken.
C:\System Volume Information\_restore{70DB4145-2119-4107-9DA1-50CD64812B1E}\RP438\A0167417.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\ojaee2878.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\hqpb8081.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\vvvxq62447.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\lkug77003.exe (Trojan.Dropper) -> No action taken.
C:\WINDOWS\qomut5121.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\qpbl08125.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\kbiwkmfjpexnsv.dll (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\kbiwkmxvpopset.dll (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\imwrvsfusmkvcmsc.exe (Adware.AdRotator) -> No action taken.
C:\Program Files\runit\config.txt (Trojan.Agent) -> No action taken.
C:\Program Files\runit\runitu_32.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Start Menu\Programs\BitDownload\BitDownload Downloads.lnk (Trojan.Swizzor) -> No action taken.
C:\WINDOWS\system32\LocalService32\48.music.mp3.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService32\49.music.snd.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService32\50.crack.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService32\50.crack.zip.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService32\51.keygen.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService32\51.keygen.zip.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService32\52.keymaker.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService32\52.keymaker.zip.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService32\53.serial.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService32\53.serial.zip.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService32\54.setup.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService32\54.setup.zip.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService32\55.unpack.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\LocalService32\55.unpack.zip.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\101.crack.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\101.crack.zip.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\102.keygen.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\102.keygen.zip.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\103.serial.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\103.serial.zip.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\104.setup.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\104.setup.zip.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\105.music.mp3.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\106.music.snd.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\107.music.au.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\108.video.wmv.kwd (Worm.Archive) -> No action taken.
C:\Documents and Settings\Administrator\Desktop\BitDownload Downloads.lnk (Trojan.Swizzor) -> No action taken.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runit_32.lnk (Rogue.Link) -> No action taken.
C:\WINDOWS\system32\els3232.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\atmlib32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\batt32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\bitsprx232.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\BROWSELC32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\camocx32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\CATSRVUT32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\CERTCLI32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\clbcatex32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\clbcatq32.dll (Trojan.Tracur) -> No action taken.
C:\WINDOWS\system32\CLICONFG32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\cmdial3232.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\cmutil32.dll (Trojan.Tracur) -> No action taken.
C:\WINDOWS\system32\CNBJMON32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\cnvfat32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\COMADDIN32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\comctl3232.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\compobj32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\comrepl32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\confmsp32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\corpol32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\CRYPT3232.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\cryptui32.dll (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\cscdll32.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\cscui32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\csrsrv32.dll (Trojan.Tracur) -> No action taken.
C:\WINDOWS\system32\D3D8THK32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\d3dim32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\D3DPMESH32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\d3drm32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\danim32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dbgeng32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\DBMSRPCN32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dbnmpntw32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\DDRAWEX32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\deskadp32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\deskperf32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\DFRGRES32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dfrgui32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dgrpsetu32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\DHCPMON32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dhcpsapi32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\digest32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\DINPUT832.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dispex32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dmdlgs32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dmime32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\DMLOADER32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\DMSCRIPT32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\DMSYNTH32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dmutil32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dnsrslvr32.dll (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\dot3api32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dplayx32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\DPNADDR32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\DPNHPAST32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dpnlobby32.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\DPSERIAL32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\DPVOICE32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\DPWSOCK32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drmclien32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ds32gt32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dsdmo32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dskquoui32.dll (Trojan.Tracur) -> No action taken.
C:\WINDOWS\system32\DSOUND3D32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\DSPRPRES32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dssec32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dswave32.dll (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\dx7vb32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dxdiagn32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dxtmsft32.dll (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\els32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\encdec32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\es32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\esent9732.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\eventcls32.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\expsrv32.dll (Trojan.Tracur) -> No action taken.
C:\WINDOWS\system32\fde32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\feclient32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\fltlib32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\fontext32.dll (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\framebuf32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\GroupPolicy000.dat (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\kbiwkmqswativu.dat (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\kdiue732.txt (Malware.Trace) -> No action taken.


----------



## aviation_man

You have many things wrong with your system32 and your Registry. It's probably because of all those keygens, keymakers, cracks and serials you downloaded (which are very illegal). I'm surprised your system hasn't 'exploded' with all the malware that's on it.
Read this first:http://www.computerforum.com/52038-forum-rules.html Forum rules regarding cracks, keygens etc...
Then read this: http://www.computerforum.com/131398-important-please-read-before-posting.html


----------



## kimsland

I would suggest the thread is locked by a Mod, instead of support members trying to help someone with "cracks" in their log

But I'll just squeeze this info in:
Malwarebytes is up to Database version: 2814 and Program version: 1.41
Yours is *too *old, and you need to update the program then then database, and then scan again

Also: "_No action taken._" on Malwarebytes scan. Means that you did not select Next at the end of the scan and remove all found Malwares, therefore the scan was a waste of time (I note you scanned for 1 Hour)

Update Malwarebytes fully
Then run a new full scan
And remove all Malwares at the end of the scan


----------



## hayimj

*remove trojan with free adaware*

hi,
You should install Ad-Aware, this is the best free adware.
(I'm not working ther..)
you can download free hear myFixPc/

Good Luck :good:


----------



## BCs

Have updated and re run Malware See following:

Malwarebytes' Anti-Malware 1.41
Database version: 2818
Windows 5.1.2600 Service Pack 3

18/09/2009 4:10:08 PM
mbam-log-2009-09-18 (16-10-08).txt

Scan type: Quick Scan
Objects scanned: 109482
Time elapsed: 9 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

This was run as a quick scan as distinct from the previous one which was run as a full scan.


----------



## kimsland

Please download Combofix, direct link here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Disable your antivirus or just allow the process to run (ie if Norton pops up a warning just allow Combofix to run)
Combofix will save a log file to C:\Combofix folder, please attach > 
	

	
	
		
		

		
			
		
		
	


	




 this log to a new reply.

By the way running uTorrent and Norton Internet Security together probably will never work 
Utorrent is a filesharing program that can easily allow Malware into your computer. Disable (close) this first, or ideally uninstall it (I would)

And Norton (IS) is probably good at slowing computers down and that's about all. This can be proved specifically by the mess you are presently in (a good example of this poor antivirus)
Ideally un-install it and then run the removal tool (as Norton will not uninstall fully without this: http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039)

Then download and install free Avira: http://www.free-av.com/
Install; update and run a full scan
Once Avira removes all the remaining Viruses you'll never pay for an Antivirus again. But if you want to revert back to Norton afterwards that's your choice.


----------



## BCs

Ok here is the log from combo fix.


ComboFix 09-09-18.02 - Administrator 19/09/2009  9:57.1.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3326.2567 [GMT 10:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\020000008ccd966e548C.manifest
c:\documents and settings\Administrator\Application Data\020000008ccd966e548O.manifest
c:\documents and settings\Administrator\Application Data\020000008ccd966e548P.manifest
c:\documents and settings\Administrator\Application Data\020000008ccd966e548S.manifest
c:\documents and settings\Administrator\Application Data\020000008ccd966e573C.manifest
c:\documents and settings\Administrator\Application Data\020000008ccd966e573O.manifest
c:\documents and settings\Administrator\Application Data\020000008ccd966e573P.manifest
c:\documents and settings\Administrator\Application Data\020000008ccd966e573S.manifest
c:\documents and settings\Administrator\Application Data\inst.exe
c:\windows\Alcmtr.exe
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\Downloaded Program Files\ODCTOOLS\ef6b26db-344d-4ad3-ba24-aca0bdaa999a.cab
c:\windows\Downloaded Program Files\ODCTOOLS\f04d289f-c60a-422b-8396-6c372047042e.cab
c:\windows\system32\ATIDEMGX32.dll
c:\windows\system32\atikvmag32.dll
c:\windows\system32\atipdlxx32.dll
c:\windows\system32\ativcoxx32.dll
c:\windows\system32\ativvaxx32.dll
c:\windows\system32\atl32.dll
c:\windows\system32\atrace32.dll
c:\windows\system32\audiosrv32.dll
c:\windows\system32\avifile32.dll
c:\windows\system32\avtapi32.dll
c:\windows\system32\azroles32.dll
c:\windows\system32\bdco1ins32.dll
c:\windows\system32\bitsprx432.dll
c:\windows\system32\browseui32.dll
c:\windows\system32\bthci32.dll
c:\windows\system32\btpanui32.dll
c:\windows\system32\capicom32.dll
c:\windows\system32\catsrv32.dll
c:\windows\system32\cdintf25132.dll
c:\windows\system32\cdmodem32.dll
c:\windows\system32\cfgbkend32.dll
c:\windows\system32\ciadmin32.dll
c:\windows\system32\ciodm32.dll
c:\windows\system32\clusapi32.dll
c:\windows\system32\clusapi3232.dll
c:\windows\system32\cmprops32.dll
c:\windows\system32\cmsetacl32.dll
c:\windows\system32\cnbjmon3232.dll
c:\windows\system32\comcat32.dll
c:\windows\system32\comdlg3232.dll
c:\windows\system32\comdlg323232.dll
c:\windows\system32\COMMTB3232.dll
c:\windows\system32\compobj3232.dll
c:\windows\system32\comres32.dll
c:\windows\system32\comres3232.dll
c:\windows\system32\comsvcs32.dll
c:\windows\system32\confmsp3232.dll
c:\windows\system32\credssp32.dll
c:\windows\system32\credui32.dll
c:\windows\system32\credui3232.dll
c:\windows\system32\crypt323232.dll
c:\windows\system32\cryptdll32.dll
c:\windows\system32\cryptnet32.dll
c:\windows\system32\csrsrv3232.dll
c:\windows\system32\ctl3d3232.dll
c:\windows\system32\d3dx9_3232.dll
c:\windows\system32\DATAZAP32.dll
c:\windows\system32\DATZAP1632.dll
c:\windows\system32\DDAO3632.dll
c:\windows\system32\dfsshlex32.dll
c:\windows\system32\dimsntfy32.dll
c:\windows\system32\dmcompos32.dll
c:\windows\system32\DOCOBJ32.dll
c:\windows\system32\dot3dlg32.dll
c:\windows\system32\dot3msm32.dll
c:\windows\system32\dot3ui32.dll
c:\windows\system32\eapp3hst32.dll
c:\windows\system32\eappgnui32.dll
c:\windows\system32\eappprxy32.dll
c:\windows\system32\eapsvc32.dll
c:\windows\system32\EMLCNS3232.dll
c:\windows\system32\exts32.dll
c:\windows\system32\fdco132.dll
c:\windows\system32\FM20ENU32.dll
c:\windows\system32\private.inf
c:\windows\winhelp.ini
I:\autorun.inf
J:\Autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2009-08-19 to 2009-09-19  )))))))))))))))))))))))))))))))
.

2009-09-18 14:00 . 2009-09-18 14:00	664	----a-w-	c:\windows\system32\d3d9caps.dat
2009-09-18 07:47 . 1999-12-17 12:43	86016	----a-w-	c:\windows\unvise32.exe
2009-09-18 07:47 . 2009-09-18 13:26	--------	d-----w-	c:\program files\RegistryPatrol3.0
2009-09-10 21:49 . 2009-06-21 21:44	153088	-c----w-	c:\windows\system32\dllcache\triedit.dll
2009-09-06 05:14 . 2009-09-06 05:14	--------	d-----w-	c:\program files\Trend Micro
2009-09-06 03:51 . 2009-09-06 03:51	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-06 03:51 . 2009-09-10 04:54	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-06 03:51 . 2009-09-18 06:17	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-09-06 03:51 . 2009-09-10 04:53	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-09-06 03:51 . 2009-09-06 03:51	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-31 09:49 . 2008-11-11 03:42	24832	----a-w-	c:\windows\system32\drivers\lgusbmodem.sys
2009-08-31 09:49 . 2008-11-11 03:41	19968	----a-w-	c:\windows\system32\drivers\lgusbdiag.sys
2009-08-31 09:49 . 2008-11-11 03:41	13056	----a-w-	c:\windows\system32\drivers\lgusbbus.sys
2009-08-31 09:49 . 2009-08-31 09:49	--------	d-----w-	c:\program files\LG Electronics
2009-08-25 08:52 . 2009-08-25 08:52	--------	d-----w-	C:\Sounds
2009-08-25 08:48 . 2009-09-07 04:07	--------	d-----w-	C:\Temp
2009-08-25 08:18 . 2009-08-25 08:18	--------	d-----w-	c:\documents and settings\Administrator\Application Data\LG Electronics
2009-08-24 07:35 . 2009-08-24 07:35	--------	d-----w-	c:\program files\BurnAware Free
2009-08-24 07:13 . 2005-03-11 08:37	1986560	----a-w-	c:\windows\system32\AudFile.dll
2009-08-24 07:13 . 2005-02-24 03:11	1212416	----a-w-	c:\windows\system32\AudioInfos.dll
2009-08-24 07:13 . 2005-02-24 02:51	348160	----a-w-	c:\windows\system32\WMAFile.dll
2009-08-24 07:13 . 2000-10-01 08:00	119568	----a-w-	c:\windows\system32\VB6FR.DLL
2009-08-24 07:13 . 1999-03-25 08:00	101888	----a-w-	c:\windows\system32\VB6STKIT.DLL
2009-08-24 07:13 . 1998-07-12 12:00	15360	----a-w-	c:\windows\system32\inetfr.DLL
2009-08-24 07:13 . 2003-04-18 05:29	44544	----a-w-	c:\windows\system32\msxml4a.dll
2009-08-24 07:13 . 1998-07-12 12:00	141312	----a-w-	c:\windows\system32\MSCMCFR.DLL
2009-08-24 07:13 . 1998-07-12 08:00	32768	----a-w-	c:\windows\system32\CMDLGFR.DLL
2009-08-24 06:45 . 2004-07-02 22:08	139264	----a-w-	c:\windows\system32\xvidvfw.dll
2009-08-24 06:45 . 2004-07-02 21:59	524288	----a-w-	c:\windows\system32\xvidcore.dll
2009-08-24 06:45 . 2009-09-07 04:16	--------	d-----w-	c:\program files\Extra DVD Ripper Free

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-19 00:03 . 2008-09-19 06:49	--------	d-----w-	c:\documents and settings\Administrator\Application Data\uTorrent
2009-09-19 00:03 . 2008-09-25 01:22	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2009-09-18 05:47 . 2009-04-22 03:41	--------	d-----w-	c:\program files\Spyware Terminator
2009-09-18 05:47 . 2009-04-22 03:41	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-09-18 05:45 . 2009-04-22 03:41	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Spyware Terminator
2009-09-11 23:51 . 2008-09-23 04:05	--------	d-----w-	c:\program files\Microsoft Silverlight
2009-09-07 06:44 . 2009-05-14 10:52	148200	----a-w-	c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-01 04:49 . 2008-08-11 02:37	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-08-25 08:39 . 2009-04-08 10:19	--------	d-----w-	c:\program files\DivX
2009-08-24 07:25 . 2009-05-14 08:50	--------	d-----w-	c:\program files\NCH Swift Sound
2009-08-21 05:36 . 2009-07-19 04:20	--------	d-----w-	c:\program files\Burn4Free
2009-08-19 07:36 . 2009-08-19 07:36	--------	d-----r-	c:\program files\Norton Support
2009-08-19 06:12 . 2008-09-18 07:58	--------	d-----w-	c:\program files\Symantec
2009-08-19 06:12 . 2009-08-16 08:50	806	----a-w-	c:\windows\system32\drivers\SYMEVENT.INF
2009-08-19 06:12 . 2009-08-16 08:50	7456	----a-w-	c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-19 06:12 . 2009-08-16 08:50	60808	----a-w-	c:\windows\system32\S32EVNT1.DLL
2009-08-19 06:12 . 2009-08-16 08:50	124976	----a-w-	c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-18 19:11 . 2009-08-16 08:50	36400	----a-r-	c:\windows\system32\drivers\SymIM.sys
2009-08-17 08:40 . 2008-09-19 02:05	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2009-08-16 08:50 . 2008-10-23 04:38	--------	d-----w-	c:\program files\Norton Internet Security
2009-08-16 08:50 . 2008-10-22 17:25	--------	d-----w-	c:\documents and settings\All Users\Application Data\Norton
2009-08-16 08:50 . 2009-08-16 08:50	--------	d-----w-	c:\program files\Windows Sidebar
2009-08-16 08:50 . 2008-09-19 02:05	--------	d-----w-	c:\documents and settings\All Users\Application Data\Symantec
2009-08-16 08:49 . 2008-10-22 17:24	--------	d-----w-	c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-15 12:46 . 2009-01-14 11:04	--------	d-----w-	c:\program files\Windows Live
2009-08-15 12:46 . 2009-08-15 12:46	--------	d-----w-	c:\program files\Microsoft Sync Framework
2009-08-09 06:40 . 2009-08-08 04:53	--------	d-----w-	c:\program files\NortonInstaller
2009-08-08 05:31 . 2009-03-07 04:55	--------	d-----w-	c:\documents and settings\All Users\Application Data\WinZip
2009-08-07 09:32 . 2009-06-23 06:02	--------	d-----w-	c:\program files\Bitcollider
2009-08-05 09:24 . 2008-09-18 07:12	--------	d-----w-	c:\program files\Java
2009-08-05 09:01 . 2007-07-27 12:00	204800	----a-w-	c:\windows\system32\mswebdvd.dll
2009-08-03 07:31 . 2009-08-03 07:16	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2009-08-03 07:16 . 2009-08-03 07:16	--------	d-----w-	c:\program files\AskBarDis
2009-07-24 19:23 . 2008-12-16 10:11	411368	----a-w-	c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2007-07-27 12:00	58880	----a-w-	c:\windows\system32\atl.dll
2009-07-17 05:42 . 2008-09-28 06:02	47360	----a-w-	c:\documents and settings\Administrator\Application Data\pcouffin.sys
2009-07-17 05:41 . 2008-09-28 06:02	47360	----a-w-	c:\windows\system32\drivers\pcouffin.sys
2009-07-13 13:43 . 2007-07-27 12:00	286208	----a-w-	c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2007-07-27 12:00	915456	----a-w-	c:\windows\system32\wininet.dll
2008-12-25 08:33 . 2008-12-25 08:33	713526	----a-w-	c:\program files\dvd43.zip
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1a71246c-3eb0-4d6c-af77-3ab756017c3a}"= "c:\program files\BTjunkie\tbBTj1.dll" [2009-07-08 2215960]

[HKEY_CLASSES_ROOT\clsid\{1a71246c-3eb0-4d6c-af77-3ab756017c3a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1a71246c-3eb0-4d6c-af77-3ab756017c3a}]
2009-07-08 03:55	2215960	----a-w-	c:\program files\BTjunkie\tbBTj1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1a71246c-3eb0-4d6c-af77-3ab756017c3a}"= "c:\program files\BTjunkie\tbBTj1.dll" [2009-07-08 2215960]

[HKEY_CLASSES_ROOT\clsid\{1a71246c-3eb0-4d6c-af77-3ab756017c3a}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1A71246C-3EB0-4D6C-AF77-3AB756017C3A}"= "c:\program files\BTjunkie\tbBTj1.dll" [2009-07-08 2215960]

[HKEY_CLASSES_ROOT\clsid\{1a71246c-3eb0-4d6c-af77-3ab756017c3a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupOutlook"="c:\program files\wisco\BackupOutlook\BackupOutlook.exe" [2008-09-11 1146232]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-09-16 288560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Lexmark 2200 Series"="c:\program files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 57344]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2008-04-09 826880]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2009-07-18 2173440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-27 16844800]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-08-03 1826816]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ComproRemote.lnk - c:\program files\Common Files\VideoMate\ComproRemote.exe [2008-9-19 147456]
ComproSchedulerDTV.lnk - c:\program files\Common Files\VideoMate\ComproSchedulerDTV.exe [2008-9-19 77824]
Microsoft Office Fast Start.lnk - c:\msoffice\Office\FASTBOOT.EXE [1995-10-6 14848]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-4-29 969792]
Smart Wizard Wireless Settings.lnk - c:\program files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe [2008-9-25 1044572]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008-09\\QBDBMgrN.exe"=
"c:\\Program Files\\Joost Plugin\\joostws.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1007020.00B\SymEFA.sys [16/09/2009 1:49 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1007020.00B\BHDrvx86.sys [16/09/2009 1:49 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1007020.00B\cchpx86.sys [16/09/2009 1:49 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090916.003\IDSXpx86.sys [17/09/2009 1:31 PM 329080]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [22/04/2009 1:41 PM 142592]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [24/02/2009 3:08 PM 55152]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [16/09/2009 1:49 PM 117640]
R3 ComproDTVNet;Compro DTV Ethernet;c:\windows\system32\drivers\CpDTVNet.sys [19/09/2008 1:43 PM 20992]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26/08/2009 6:00 PM 102448]
R3 VMHybrid;VMHybrid service;c:\windows\system32\drivers\VMHybrid.sys [25/08/2008 12:31 PM 947840]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6/02/2009 5:08 PM 533360]
S3 Usbnic;OTi Network Driver Module;c:\windows\system32\drivers\Usbnic.sys [18/09/2008 2:39 PM 11536]
S3 W35UND;IS89C35 802.11bg WLAN USB Adapter Driver;c:\windows\system32\drivers\W35UND.SYS [12/09/2006 4:18 PM 117632]
.
Contents of the 'Scheduled Tasks' folder

2009-09-18 c:\windows\Tasks\NeroLiveEpgUpdate-BRENDAN_Administrator.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 03:51]

2009-09-18 c:\windows\Tasks\User_Feed_Synchronization-{9D0D8826-48B5-4844-9723-FA73C8CB0539}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ninemsn.com.au/
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
Trusted Zone: myspace.com\www
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} - hxxp://www.nero.com/doc/NeroVersionCheckerControl.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
Notify-30112d3c573 - c:\windows\System32\divx_xx0732.dll
AddRemove-3da8b6e7-2867-a7ba-194f-8cf8ad7397fb - c:\windows\system32\3da8b6e7-2867-a7ba-194f-8cf8ad7397fb.exe
AddRemove-HijackThis - c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KKSKUPUP\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-19 10:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1957994488-1645522239-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,b0,2f,cb,40,67,01,4d,bf,2f,5c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,63,8a,41,73,f2,b3,48,be,00,73,\

[HKEY_USERS\S-1-5-21-1957994488-1645522239-725345543-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1957994488-1645522239-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*"*Å*#\OpenWithList]
@Class="Shell"

[HKEY_USERS\S-1-5-21-1957994488-1645522239-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*;*C*b%\OpenWithList]
@Class="Shell"

[HKEY_USERS\S-1-5-21-1957994488-1645522239-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*"*v*]
@Class="Shell"

[HKEY_USERS\S-1-5-21-1957994488-1645522239-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*"*v*\OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1436)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4028)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Lexmark 2200 Series\lxbvbmon.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-19 10:06 - machine was rebooted




ComboFix-quarantined-files.txt  2009-09-19 00:06

Pre-Run: 435,846,311,936 bytes free
Post-Run: 441,732,681,728 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

334	--- E O F ---	2009-09-11 13:33


----------



## kimsland

Wow that worked really well and removed lots of horrible stuff
Please Start > Run > *Combofix /U* to uninstall it (Note: It will look like its about to run again but it won't )

Please Restart (if haven't done already)

Then download and run CCleaner 
And also run CCleaner "Registry" fix buuton (run this fix and repair all (without backup) at least 3 times

Then restart again

Then provide a new HJT log again
By the way I have to go out, but will check back later 
Also you decided to keep Norton, are you also still running File Share programs too?


----------



## BCs

Have run Ccleaner and seemed to work well. Latest log from Hijack this is attached. Problem i now have is from time of shutdown restart to machine actually restsrting is now 7 minutes. Never been more than ~ 90 secs.
My turn to head out now. Brother in laws 50th Bday have to set up some gear
Cheers

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:24 PM, on 19/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\wisco\BackupOutlook\BackupOutlook.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\VideoMate\ComproRemote.exe
C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN\Toolbar\3.0.1203.0\msntask.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\Companion\Installs\cpn\ytbb.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: BTjunkie Toolbar - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTj1.dll
R3 - URLSearchHook: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BTjunkie Toolbar - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTj1.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: BTjunkie Toolbar - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTj1.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BackupOutlook] "C:\Program Files\wisco\BackupOutlook\BackupOutlook.exe" silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ComproRemote.lnk
O4 - Global Startup: ComproSchedulerDTV.lnk = C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
O4 - Global Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222386794109
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 10465 bytes


----------



## johnb35

You were very infected.  Most likely being that infected has caused some windows file issues now and is causing the slow down.  You might want to think about doing a clean install of windows now.  Back up any data you want saved though.


----------



## BCs

Thanks for that thought. It had actually already crossed my mind that it might be a good option.
Also interested in thoughts on Spyware Terminator and Malwarebytes.
Especially malware as i ran a full scan overnight and came back 10 H later and time was till ticking away yet the program had stopped scanning because of an error code 721 (0, 5)


----------



## kimsland

BCs said:


> Problem i now have is from time of shutdown restart to machine actually restsrting is now 7 minutes. Never been more than ~ 90 secs.


Yes, I'd say another Restart may fix that a bit 

But johnb35 has a good point, you were very infected and both Spyware Terminator and Norton IS really didn't help (except to continually keep your system slow) How attached are you to these programs? (Note I did suggest already, to use free Avira)

You have a number of startups still loading that are just not required, and I'm also concerned about how much resource Lexmark printer software is taking in Task Manager
There is a good tool here called Startup Control Panel that can help you to remove some of these not required startups http://www.mlin.net/StartupCPL.shtml
Note that disabling the startup may still leave services startups happening with Windows (ie Spyware Terminator)

Did you end up uninstalling uTorrent, or is it presently closed? (I think you may have uninstalled it, and if so well done, especially whilst tring to remove malware

It may be a good time to clean out any System Restore points as well
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx


----------



## BCs

OK,

We have run both programs and have shaved acouple of minutes
 of reboot time - but still unacceptableby high.
U torrent and terminator have been terminated. NIS I like as a product mainly because it blocks my long lost uncles/aunts from Nigeria who constantly want to give me their millions of dollars from their long lost relatives via the package that Fed Ex is holding for me (still)!!

We are still being hijacked but they may be on an extermal hard drive that has now bwcome corrupt and unreadble. I will format the external drive and see how we go from there.
:good:


----------



## BCs

No luck formatting the external hard drice. Ureadble/corrupt.
Thoughts as we are still being hijacked ? Just ran Malware in sfe mode nothing showing but was hijaked at the end.


----------



## kimsland

If you're willing to hang in there we are slowly but surely getting through this

Download SDFix, SDFix Instructions can be found HERE. But here's a quick rundown: 
 Download SDFix
 Double click on SDFix, it will automatically extract to *C:\SDFix* folder
 Restart to Safe Mode
 Start > Run > *C:\SDFix\RunThis.bat*
 When requested, press "Y" key, then Enter
 The scan will begin and eventually your computer will restart to Normal Mode
 A Notepad log will automatically open, please save this log to your Desktop, and then attach it to a new reply


----------



## BCs

Sd fix has been run & log is attached:

b]SDFix: Version 1.240 [/b]
Run by Administrator on Mon 21/09/2009 at 02:45 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\sdfix

*Checking Services *:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


*Checking Files *: 

No Trojan Files Found






Removing Temp Files

*ADS Check *:



*Final Check *:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-21 15:01:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


*Remaining Services *:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Intuit\\QuickBooks 2008-09\\QBDBMgrN.exe"="C:\\Program Files\\Intuit\\QuickBooks 2008-09\\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager"
"C:\\Program Files\\Joost Plugin\\joostws.exe"="C:\\Program Files\\Joost Plugin\\joostws.exe:*:Enabled:joostws"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

*Remaining Files *:



*Files with Hidden Attributes *:

Mon 22 Oct 2007        25,600 A..H. --- "C:\Documents and Settings\My Documents\~WRL0001.tmp"
Fri 28 Sep 2007       113,664 A..H. --- "C:\Documents and Settings\My Documents\~WRL0002.tmp"
Thu 13 Dec 2007        19,456 A..H. --- "C:\Documents and Settings\My Documents\~WRL0003.tmp"
Mon  1 Oct 2007        20,480 A..H. --- "C:\Documents and Settings\My Documents\~WRL0004.tmp"
Mon 12 Nov 2007     1,112,064 A..H. --- "C:\Documents and Settings\My Documents\~WRL0005.tmp"
Wed 27 Feb 2008        20,480 A..H. --- "C:\Documents and Settings\My Documents\~WRL0006.tmp"
Mon 21 Apr 2008        29,696 A..H. --- "C:\Documents and Settings\My Documents\~WRL0165.tmp"
Mon 23 Jun 2008        24,064 A..H. --- "C:\Documents and Settings\My Documents\~WRL1687.tmp"
Sun 19 Aug 2007        19,968 A..H. --- "C:\Documents and Settings\My Documents\~WRL2660.tmp"
Mon 14 Apr 2008     1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Mon 14 Apr 2008        60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Sun  2 Nov 2008         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 20 Oct 2008             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 18 Aug 2008        20,992 A..H. --- "C:\Documents and Settings\My Documents\Alex's school work\english literature\~WRL3993.tmp"
Thu 15 Jan 2009            13 ...H. --- "C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Silverlight\BIT2.tmp"

*Finished!*


----------



## kimsland

Please fully uninstall LimeWire
Then run CCleaner again
Then restart
Is it fast now?

You can re-install LimeWire if you still want this File Sharing program installed


----------



## BCs

Having difficulty opening add/remove programs. been waiting 15 minutes instead of 10 seconds.


----------



## kimsland

Try Safe Mode instead (F8 at system startup)

You know all this is probably happened due to File Sharing (that and norton)


----------



## BCs

Same result


----------



## kimsland

Go to Task manager (Ctrl + Alt + Del) and check which process is taking up the most system resource and close it (actually not Explorer.exe though )


----------



## BCs

Done that and still no good. This time i waited 40 mins. Able to access all other menu items under add/remove but not add remove, It just says populating list


----------



## kimsland

Please run > Memtest on your Ram
Note: If you have a Ram (memory) fault, then NIS would be escalating it
Generally running Internet Security software requires higher Ram amounts anyway (ideally 2 gig on Windows with Norton - minimum)


----------



## BCs

Thats done, with a lot of bels and whistles at the end. very Impressive they were!

Here is the log... 

16:03:04 ImgBurn Version 2.5.0.0 started!
I 16:03:04 Microsoft Windows XP Professional (5.1, Build 2600 : Service Pack 3)
I 16:03:04 Total Physical Memory: 3,406,316 KB  -  Available: 2,594,892 KB
I 16:03:04 Initialising SPTI...
I 16:03:04 Searching for SCSI / ATAPI devices...
I 16:03:04 Found 1 DVD±RW/RAM!
I 16:04:06 Operation Started!
I 16:04:06 Source File: C:\Documents and Settings\Administrator\Desktop\memtest86+-2.11.iso
I 16:04:06 Source File Sectors: 898 (MODE1/2048)
I 16:04:06 Source File Size: 1,839,104 bytes
I 16:04:06 Source File Volume Identifier: MT201
I 16:04:06 Source File Application Identifier: MKISOFS 1.1.2
I 16:04:06 Source File File System(s): ISO9660 (Bootable)
I 16:04:06 Destination Device: [1:1:0] PIONEER DVD-RW  DVR-212 1.21 (D (ATA)
I 16:04:06 Destination Media Type: DVD-R (Disc ID: TTH02) (Speeds: 4x, 6x, 8x, 12x, 16x)
I 16:04:06 Destination Media Sectors: 2,297,888
I 16:04:06 Write Mode: DVD
I 16:04:06 Write Type: DAO
I 16:04:06 Write Speed: MAX
I 16:04:06 Link Size: Auto
I 16:04:06 Lock Volume: Yes
I 16:04:06 Test Mode: No
I 16:04:06 OPC: No
I 16:04:06 BURN-Proof: Enabled
I 16:04:08 Advanced Settings - Optimal Writing Speed: No
I 16:04:08 Filling Buffer... (40 MB)
I 16:04:09 Writing LeadIn...
I 16:04:41 Writing Session 1 of 1... (1 Track, LBA: 0 - 897)
I 16:04:41 Writing Track 1 of 1... (MODE1/2048, LBA: 0 - 897)
I 16:04:41 Synchronising Cache...
I 16:06:20 Exporting Graph Data...
I 16:06:20 Graph Data File: C:\Documents and Settings\Administrator\Application Data\ImgBurn\Graph Data Files\PIONEER_DVD-RW_DVR-212_1.21_TUESDAY-22-SEPTEMBER-2009_4-04_PM_TTH02_MAX.ibg
I 16:06:20 Export Successfully Completed!
I 16:06:20 Operation Successfully Completed! - Duration: 00:02:14
I 16:06:20 Average Write Rate: N/A - Maximum Write Rate: N/A
I 16:06:20 Cycling Tray before Verify...
I 16:06:43 Device Ready!
I 16:06:43 Operation Started!
I 16:06:43 Source Device: [1:1:0] PIONEER DVD-RW  DVR-212 1.21 (D (ATA)
I 16:06:43 Source Media Type: DVD-R (Book Type: DVD-R) (Disc ID: TTH02) (Speeds: 4x, 6x, 8x, 12x, 16x)
I 16:06:43 Image File: C:\Documents and Settings\Administrator\Desktop\memtest86+-2.11.iso
I 16:06:43 Image File Sectors: 898 (MODE1/2048)
I 16:06:43 Image File Size: 1,839,104 bytes
I 16:06:43 Image File Volume Identifier: MT201
I 16:06:43 Image File Application Identifier: MKISOFS 1.1.2
I 16:06:43 Image File File System(s): ISO9660 (Bootable)
I 16:06:43 Read Speed (Data/Audio): MAX / MAX
I 16:06:43 Verifying Session 1 of 1... (1 Track, LBA: 0 - 897)
I 16:06:43 Verifying Track 1 of 1... (MODE1/2048, LBA: 0 - 897)
I 16:06:44 Exporting Graph Data...
I 16:06:44 Graph Data File: C:\Documents and Settings\Administrator\Application Data\ImgBurn\Graph Data Files\PIONEER_DVD-RW_DVR-212_1.21_TUESDAY-22-SEPTEMBER-2009_4-04_PM_TTH02_MAX.ibg
I 16:06:44 Export Successfully Completed!
I 16:06:44 Operation Successfully Completed! - Duration: 00:00:00
I 16:06:44 Average Verify Rate: N/A - Maximum Verify Rate: N/A
!


----------



## kimsland

Why are you posting the ImgBurn log ?


kimsland said:


> I would suggest the thread is locked by a Mod, instead of support members trying to help someone with "cracks" in their log
> 
> But I'll just squeeze this info in...


Maybe its best someone else decides to help you
When I state simple requests I expect that you will likely follow them, unless you are just not interested

Have a nice day


----------



## BCs

I thought i was doing the right thing. Once i rebooted then i realised it wasn't as the program ran. It came up complete no errors. I am not trying to be a smart a**. I have followed every instruction you have given me and am entirely grateful to people like yourselves who have the knowledge to share with others who have PC issues.


The system has its speed back, but still have the issue of it openiong closing programs. I have also run Ccleaner again and it is coming up clean. Getting there.

:good:


----------



## kimsland

Well you boot from your newly created BootCD being Memtest CD you just created, anyway it's all in the Guide

Try this:
Start > Run > *SFC /ScanNow*
(Note: 1 space after _SFC_)

The System File Checker will confirm all Windows System Files are intact, you may need your Windows CD during the scan (ie if any Windows system files are not intact)
Note: It does not hurt anything by running this command


----------



## BCs

Good to have you back!
Thats done. Windows only wanted to fix one error.


----------



## kimsland

How's it performing now?

You can also disable unwanted startups with Startup Control Panel: http://www.mlin.net/StartupCPL.shtml

And you never got to scan your Ram with Memtest BootCD?


----------



## BCs

Performing well now. Speed back to normal. can access all programs.
Ran memtest from the CD no issues.
Did i not already diable some things @ startup ? I remember you talking about Lexmark.

Have had no issues today but yesterday went i went to post it opend up programs and closed down this one. 

Looking good


----------



## kimsland

Thanks for the update

You could provide one more HJT log if you want
Are you going to using File Sharing programs in the future? If so, I suggest you use free BootCDs like Ubuntu Live BootCd, and things like that for downloading files and programs that could have already been compromised.

Generally though, if your Antivirus is up to date and you have completed all Windows Security Updates, then you could just run an updated Malwarebytes scan (even a quick ~ 5min scan) every week or so


----------



## BCs

Ok here is the HJT log.
NIS has removed 1 tracking cookie & a virus this afternoon (W32.Wandaph) & blocked a Trojan horse in the windows temp folder.

Anti virus is up to date, Wis set to "Auto." I will confine my file sharing to Limewire and will check out your recommendations.

Cheers


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:15:24 PM, on 23/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\wisco\BackupOutlook\BackupOutlook.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN\Toolbar\3.0.1203.0\msntask.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: BTjunkie Toolbar - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTj1.dll
R3 - URLSearchHook: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BTjunkie Toolbar - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTj1.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: BTjunkie Toolbar - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTj1.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BackupOutlook] "C:\Program Files\wisco\BackupOutlook\BackupOutlook.exe" silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222386794109
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe

--
End of file - 9791 bytes


----------



## kimsland

Please close all Internet browsers
Startup HJT and do a scan only
Place a check mark next to the following entry, and select Fix:


> R3 - URLSearchHook: BTjunkie Toolbar - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTj1.dll



Once completed, close HJT and Restart
That's about all 

I spoke about Limewire HERE, personally I don't like it


----------



## BCs

The latest log from HJT after the checkmark.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:25:40 PM, on 24/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\wisco\BackupOutlook\BackupOutlook.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN\Toolbar\3.0.1203.0\msntask.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BTjunkie Toolbar - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTj1.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: BTjunkie Toolbar - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTj1.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BackupOutlook] "C:\Program Files\wisco\BackupOutlook\BackupOutlook.exe" silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222386794109
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe

--
End of file - 9644 bytes

:good:


----------



## kimsland

Oops missed one
Please also fix this one


> O3 - Toolbar: BTjunkie Toolbar - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTj1.dll



Actually, you could fix these as well: (they just slow down your system all the time)


> O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
> O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
> O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
> O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
> O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
> O4 - Global Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
> O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe


----------



## BCs

Ok done. But what have i fixed ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:44:06 PM, on 24/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\wisco\BackupOutlook\BackupOutlook.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BTjunkie Toolbar - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTj1.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BackupOutlook] "C:\Program Files\wisco\BackupOutlook\BackupOutlook.exe" silent
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222386794109
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe

--
End of file - 8626 bytes


----------



## kimsland

BCs said:


> Ok done. But what have i fixed ?


Damn I'm still not happy with the result
I'm going to go a few more steps: (please do *all* of them)

IE8 Reset Fixit Tool: 



Upgrade your Java Version here: http://java.com/en/download/inc/windows_upgrade_ie.jsp
Once installed, download >> JavaRa
After selecting "English" language, then select "Remove Older Versions"

Run HJT again
And place a check next to the following and press Fix:


> O2 - BHO: BTjunkie Toolbar - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTj1.dll
> O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
> O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
> O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
> O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe


Close HJT

*Restart*

Download this Hosts file: http://mvps.org/winhelp2002/hosts.zip
Unzip, then run *MVPS.bat*

Then. Start > Run > *services.msc*
 Scroll down to "DNS Client", Right-click and select: Properties 
Click the drop-down arrow for "Startup type" 
Select: Manual click Apply/Ok
 Scroll down to "Help and Support", Right-click and select: Properties 
Click the drop-down arrow for "Startup type" 
Select: Manual click Apply...
Then click on the Recovery Tab (still in "Help and Support" service)
Change the 3 failure boxes to "Take No Action"
Click Apply > OK
Close Services Window

Then Start > Run > CHKDSK /R (note: 1 space before "/") >OK
Type "Y" (without the quotes)
Close the command window

*Restart*
Your computer will automatically run a Check Disk, do not press any keys
Your computer may restart once more at the end of the scan

Once started again
Run CCleaner, to clean out all temp files
Then (still in CCleaner) click on the large "Registry" button
Click on "Scan for issues" then Fix all found issues (backup not required)
Run "Scan for issues" and "Fix" another two more times (it takes about 3 times, to get it all )
Close CCleaner

Go to Start > Run > Control Panel > Scheduled Tasks
Right click on any tasks (including Norton) and remove (delete) *all* tasks
Close Scheduled Tasks window

Open IE (note: you may need to run through the MS settings, I usually select custom and disable everything)
Download >> Smart Defrag
Install, but remove the two ticks on Yahoo, during installation
Once installed, click on "Schedule" button, and remove "Enable Schedule" check mark
Click on "Options" button, and remove "Auto start with Windows"
Apply > OK
Then run a "Deep Optimize" (note this part may take a while, possibly 2 hours, you may want to turn off Internet (modem) and also stop any screen saver)

*Restart*

All done
Your computer should now be more responsive (the only thing holding it back now is horrible Norton)


----------



## BCs

All done. And here is the latest HJT


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:52 AM, on 26/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\wisco\BackupOutlook\BackupOutlook.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKCU\..\Run: [BackupOutlook] "C:\Program Files\wisco\BackupOutlook\BackupOutlook.exe" silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222386794109
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe

--
End of file - 8002 bytes


----------



## kimsland

Looks good
How's it performing?
And just one more question, you are stuck on Norton obviously? And that's that?


----------



## BCs

Performing well, althoufg it has become a tad slower on boot up than it was 3 days ago.


----------



## kimsland

Well there is one more (old but good) free program, that may help bootup speed

Bootvis: http://majorgeeks.com/download.php?det=664

Download > Install > Run (its in Start > All Programs)
On the menu toolbar, click "Trace" > "Optimize System" > Restart (actually it may do this automatically)
Wait for Bootvis to finish optimizing (don't press any keys or run any programs) It may take a while, but it will eventually just close by itself

Then restart and check if its any quicker
Note this program doesn't always speed up start time
Also if you run the Bootvis downloaded program again it will uninstall

Also I don't need another HJT log


----------



## BCs

No better, From shutdown to system being ready for use 7 mins.


----------



## kimsland

The only thing I can suggest (other than another memtest or possibly Hard Drive diagnostic test)
Is to uninstall Norton fully, and then test again. Note: you can even back up the key, all info here: http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039


----------



## BCs

I know you hate NIS, but we had this problem earlier in the posts. We have never uninstalled NIS and the boot time came back to normal. I know little but i doubt very much whether it is NIS.

This all started again after the defrag.Before that we had boot time back to normal. It is even taking another 30 seconds plus to load desktop once it boots in to windows.


----------



## kimsland

Start > Run > *ncpa.cpl*
Right click on your network icon > Select *Disable*

Restart

Now is it quick?

to revert: You need to Start > Run > *ncpa.cpl* > Right click again > *Enable*

please report


----------



## BCs

No still 6 mins...


----------



## johnb35

Sounds like you are better off just backing up any data you need saved and do a fresh install of windows.  You could have a piece of hardware that is bad or going bad causing the slowdown


----------



## BCs

I think you may be right. As i see it the only way to fix this problem is going to be a clean install. But the most frustrating part about all this is I still have the original problwm where something is taking over the system and causing files and programs to open randomlt abd then freezing the system for several minutes. It even takes contril of the mouse !!


----------

