Help with hijackthis please

Hi, it seems that I have some malware on my computer and need some help in removing it.
my computer has slowed way down so, I did the 8 step process in hope of removing it.
Here is what is happining : uppon booting up everything is ok after about 10 minutes
of operation everything slows way down. PC-Cillin pop up says this winsecure.006 winsecure.007.
any ideas on what this is? Here is my hijack this log.Any help in resolving this will
be greatly appreaciated.


Logfile of HijackThis v1.99.1
Scan saved at 2:19:24 PM, on 02/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
D:\Installed Programs\NERO\InCD\InCDsrv.exe
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\cisvc.exe
D:\Installed Programs\Executive Software\DkService.exe
D:\Installed Programs\PC-Cillin 2006\pccguide.exe
D:\Installed Programs\adobie acrobat 6.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\RunDLL32.exe
D:\Installed Programs\Java\bin\jusched.exe
D:\INSTAL~1\NERO\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\INSTALLED PROGRAMS\HP 4180\DIGITAL IMAGING\BIN\HPQTRA08.EXE
D:\INSTAL~1\PC-CIL~1\PCCTLCOM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
D:\INSTAL~1\PC-CIL~1\Tmntsrv.exe
C:\WINDOWS\system32\mqsvc.exe
D:\INSTAL~1\PC-CIL~1\TMPFW.EXE
D:\Installed Programs\HP 4180\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\mqtgsvc.exe
D:\Installed Programs\HP 4180\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\notepad.exe
D:\INSTAL~1\PC-CIL~1\TMPROXY.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\inetsrv\DavCData.exe
D:\Installed Programs\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - {D8DD89F5-4A18-69EE-1F34-4AC62E4360B0} - (no file)
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - D:\INSTAL~1\PC-CIL~1\PccIeBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Installed Programs\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Installed Programs\Java\bin\ssv.dll
O2 - BHO: (no name) - {D8DD89F5-4A18-69EE-1F34-4AC62E4360B0} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Installed Programs\adobie acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - D:\Installed Programs\WebFerret\FerretBand.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - D:\INSTAL~1\PC-CIL~1\PccIeBar.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [pccguide.exe] "D:\Installed Programs\PC-Cillin 2006\pccguide.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Installed Programs\Executive Software\DkIcon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Installed Programs\adobie acrobat 6.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Installed Programs\Java\bin\jusched.exe"
O4 - HKCU\..\Run: [NBJ] "D:\Installed Programs\NERO\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] D:\INSTAL~1\NERO\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Weather] D:\Installed Programs\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Installed Programs\HP 4180\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = D:\Installed Programs\HP 4180\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &ieSpell Options - res://D:\Installed Programs\spell check\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://D:\Installed Programs\spell check\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Installed Programs\adobie acrobat 6.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Installed Programs\adobie acrobat 6.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Installed Programs\adobie acrobat 6.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Installed Programs\adobie acrobat 6.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Installed Programs\adobie acrobat 6.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Installed Programs\adobie acrobat 6.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Installed Programs\adobie acrobat 6.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Installed Programs\adobie acrobat 6.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Installed Programs\Java\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Installed Programs\Java\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Installed Programs\spell check\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Installed Programs\spell check\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Installed Programs\spell check\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Installed Programs\spell check\ieSpell\iespell.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134985033625
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0001291 (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Installed Programs\Executive Software\DkService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Installed Programs\NERO\InCD\InCDsrv.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - D:\INSTAL~1\PC-CIL~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Installed Programs\sisoftsandra 2005\SiSoftware Sandra Professional 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Installed Programs\sisoftsandra 2005\SiSoftware Sandra Professional 2005.SR3\RpcSandraSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - D:\INSTAL~1\PC-CIL~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - D:\INSTAL~1\PC-CIL~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - D:\INSTAL~1\PC-CIL~1\tmproxy.exe

Any help or advice will be greatly appreaciated.

Thank you,
HammerHeadHank

Comments

  • CrunchieCrunchie Mandurah. Western Australia. Member
    edited February 2007
    Can you please do the following.

    Download
    SDFix
    and save it to your desktop.

    Please then reboot your computer in Safe Mode by doing the
    following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the
      Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    • In Safe Mode, right click the SDFix.zip folder and choose Extract
      All
      ,
    • Open the extracted folder and double click RunThis.bat to
      start the script.
    • Type Y to begin the script.
    • It will remove the Trojan Services then make some repairs to the
      registry and prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • Your system will take longer that normal to restart as the fixtool
      will be running and removing files.
    • When the desktop loads the Fixtool will complete the removal and
      display Finished, then press any key to end the script and load
      your desktop icons.
    • Finally open the SDFix folder on your desktop and copy and paste the
      contents of the results file Report.txt back onto the forum with
      a new HijackThis log
  • edited February 2007
    HI, and thank you for your response. Here is an updated log for an analysis.


    SDFix: Version 1.63

    05/02/2007 - 1:43:58.28

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\Documents and Settings\Mark\Desktop\SDFix

    Safe Mode:
    Checking Services:

    Name:
    COM+ Messages

    Path:

    COM+ Messages Deleted

    Restoring Windows Registry Entries
    Restoring Default Hosts File


    Rebooting...

    Normal Mode:
    Checking Files:

    Below files will be copied to Backups folder then removed:

    C:\WINDOWS\system32\plugin1.dat - Deleted
    C:\WINDOWS\system32\SysPr.prx - Deleted



    ADS Check:

    C:\WINDOWS\system32
    No streams found.

    Final Check:

    Remaining Services:


    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "D:\\Installed Programs\\sisoftsandra 2005\\SiSoftware Sandra Professional 2005.SR3\\sandra.exe"="D:\\Installed Programs\\sisoftsandra 2005\\SiSoftware Sandra Professional 2005.SR3\\sandra.exe:*:Enabled:SiSoftware Sandra Professional"
    "D:\\Installed Programs\\sisoftsandra 2005\\SiSoftware Sandra Professional 2005.SR3\\RpcSandraSrv.exe"="D:\\Installed Programs\\sisoftsandra 2005\\SiSoftware Sandra Professional 2005.SR3\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Professional"
    "D:\\Installed Programs\\sisoftsandra 2005\\SiSoftware Sandra Professional 2005.SR3\\RpcDataSrv.exe"="D:\\Installed Programs\\sisoftsandra 2005\\SiSoftware Sandra Professional 2005.SR3\\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Professional"
    "C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "D:\\Installed Programs\\HP 4180\\Digital Imaging\\bin\\hpqtra08.exe"="D:\\Installed Programs\\HP 4180\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "D:\\Installed Programs\\HP 4180\\Digital Imaging\\bin\\hpqste08.exe"="D:\\Installed Programs\\HP 4180\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
    "D:\\Installed Programs\\HP 4180\\Digital Imaging\\bin\\hpofxm08.exe"="D:\\Installed Programs\\HP 4180\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "D:\\Installed Programs\\HP 4180\\Digital Imaging\\bin\\hposfx08.exe"="D:\\Installed Programs\\HP 4180\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
    "D:\\Installed Programs\\HP 4180\\Digital Imaging\\bin\\hposid01.exe"="D:\\Installed Programs\\HP 4180\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
    "D:\\Installed Programs\\HP 4180\\Digital Imaging\\bin\\hpqscnvw.exe"="D:\\Installed Programs\\HP 4180\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "D:\\Installed Programs\\HP 4180\\Digital Imaging\\bin\\hpqkygrp.exe"="D:\\Installed Programs\\HP 4180\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "D:\\Installed Programs\\HP 4180\\Digital Imaging\\bin\\hpqCopy.exe"="D:\\Installed Programs\\HP 4180\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
    "D:\\Installed Programs\\HP 4180\\Digital Imaging\\bin\\hpfccopy.exe"="D:\\Installed Programs\\HP 4180\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "D:\\Installed Programs\\HP 4180\\Digital Imaging\\bin\\hpzwiz01.exe"="D:\\Installed Programs\\HP 4180\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "D:\\Installed Programs\\HP 4180\\Digital Imaging\\Unload\\HpqPhUnl.exe"="D:\\Installed Programs\\HP 4180\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
    "D:\\Installed Programs\\HP 4180\\Digital Imaging\\Unload\\HpqDIA.exe"="D:\\Installed Programs\\HP 4180\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
    "D:\\Installed Programs\\HP 4180\\Digital Imaging\\bin\\hpoews01.exe"="D:\\Installed Programs\\HP 4180\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
    "D:\\Installed Programs\\HP 4180\\Digital Imaging\\bin\\hpqnrs08.exe"="D:\\Installed Programs\\HP 4180\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
    "C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
    "D:\\Installed Programs\\Turbo Tax 2006\\TurboTax Premier 2006\\32bit\\ttax.exe"="D:\\Installed Programs\\Turbo Tax 2006\\TurboTax Premier 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
    "D:\\Installed Programs\\Turbo Tax 2006\\TurboTax Premier 2006\\32bit\\updatemgr.exe"="D:\\Installed Programs\\Turbo Tax 2006\\TurboTax Premier 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "D:\\Installed Programs\\sisoftsandra 2005\\SiSoftware Sandra Professional 2005.SR3\\sandra.exe"="D:\\Installed Programs\\sisoftsandra 2005\\SiSoftware Sandra Professional 2005.SR3\\sandra.exe:*:Enabled:SiSoftware Sandra Professional"
    "D:\\Installed Programs\\sisoftsandra 2005\\SiSoftware Sandra Professional 2005.SR3\\RpcSandraSrv.exe"="D:\\Installed Programs\\sisoftsandra 2005\\SiSoftware Sandra Professional 2005.SR3\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Professional"
    "D:\\Installed Programs\\sisoftsandra 2005\\SiSoftware Sandra Professional 2005.SR3\\RpcDataSrv.exe"="D:\\Installed Programs\\sisoftsandra 2005\\SiSoftware Sandra Professional 2005.SR3\\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Professional"
    "C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


    Remaining Files:

    Backups Folder: - C:\DOCUME~1\Mark\Desktop\SDFix\backups\backups.zip


    Checking For Files with Hidden Attributes :

    C:\Program Files\Messenger\msmsgs.exe
    C:\hiberfil.sys
    C:\WINDOWS\system32\F3F29C210C.sys
    C:\WINDOWS\system32\KGyGaAvL.sys

    Finished

    Here is an updated log for HijackThis.

    Logfile of HijackThis v1.99.1
    Scan saved at 12:48:31 PM, on 05/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\SVCHOST.EXE
    D:\Installed Programs\NERO\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\system32\DllHost.exe
    D:\Installed Programs\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\cisvc.exe
    D:\Installed Programs\Executive Software\DkService.exe
    D:\Installed Programs\PC-Cillin 2006\pccguide.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    D:\Installed Programs\adobie acrobat 6.0\Distillr\Acrotray.exe
    C:\WINDOWS\system32\RunDLL32.exe
    D:\Installed Programs\Java\bin\jusched.exe
    D:\INSTALLED PROGRAMS\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    D:\INSTAL~1\NERO\NEROPH~2\data\Xtras\mssysmgr.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    D:\INSTAL~1\PC-CIL~1\PCCTLCOM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    D:\INSTAL~1\PC-CIL~1\Tmntsrv.exe
    D:\INSTALLED PROGRAMS\HP 4180\DIGITAL IMAGING\BIN\HPQTRA08.EXE
    D:\INSTAL~1\PC-CIL~1\TMPROXY.EXE
    C:\WINDOWS\system32\mqsvc.exe
    D:\INSTAL~1\PC-CIL~1\TMPFW.EXE
    D:\Installed Programs\HP 4180\Digital Imaging\bin\hpqimzone.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    D:\Installed Programs\HP 4180\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\system32\cidaemon.exe
    D:\Installed Programs\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R3 - URLSearchHook: (no name) - {D8DD89F5-4A18-69EE-1F34-4AC62E4360B0} - (no file)
    O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - D:\INSTAL~1\PC-CIL~1\PccIeBar.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Installed Programs\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Installed Programs\Java\bin\ssv.dll
    O2 - BHO: (no name) - {D8DD89F5-4A18-69EE-1F34-4AC62E4360B0} - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Installed Programs\adobie acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - D:\Installed Programs\WebFerret\FerretBand.dll
    O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - D:\INSTAL~1\PC-CIL~1\PccIeBar.dll
    O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [pccguide.exe] "D:\Installed Programs\PC-Cillin 2006\pccguide.exe"
    O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Installed Programs\Executive Software\DkIcon.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Installed Programs\adobie acrobat 6.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Installed Programs\Java\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\INSTALLED PROGRAMS\AVG ANTI-SPYWARE 7.5\AVGAS.EXE" /minimized
    O4 - HKCU\..\Run: [NBJ] "D:\Installed Programs\NERO\Nero BackItUp\nbj.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] D:\INSTAL~1\NERO\NEROPH~2\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Installed Programs\HP 4180\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = D:\Installed Programs\HP 4180\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: &ieSpell Options - res://D:\Installed Programs\spell check\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://D:\Installed Programs\spell check\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Installed Programs\adobie acrobat 6.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Installed Programs\adobie acrobat 6.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Installed Programs\adobie acrobat 6.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Installed Programs\adobie acrobat 6.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Installed Programs\adobie acrobat 6.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Installed Programs\adobie acrobat 6.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Installed Programs\adobie acrobat 6.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://D:\Installed Programs\adobie acrobat 6.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Installed Programs\Java\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Installed Programs\Java\bin\ssv.dll
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Installed Programs\spell check\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Installed Programs\spell check\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Installed Programs\spell check\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Installed Programs\spell check\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134985033625
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Installed Programs\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - D:\Installed Programs\Executive Software\DkService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Installed Programs\NERO\InCD\InCDsrv.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - D:\INSTAL~1\PC-CIL~1\PcCtlCom.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Installed Programs\sisoftsandra 2005\SiSoftware Sandra Professional 2005.SR3\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Installed Programs\sisoftsandra 2005\SiSoftware Sandra Professional 2005.SR3\RpcSandraSrv.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - D:\INSTAL~1\PC-CIL~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - D:\INSTAL~1\PC-CIL~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - D:\INSTAL~1\PC-CIL~1\tmproxy.exe

    If there are any infections here please advise on how to remove them.

    Thank You,HammerHeadHank
  • CrunchieCrunchie Mandurah. Western Australia. Member
    edited February 2007
    Can you please do the following.


    ===============

    Scan with HijackThis and then place a check next to all the following, if present:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    R3 - URLSearchHook: (no name) - {D8DD89F5-4A18-69EE-1F34-4AC62E4360B0} - (no file)

    O2 - BHO: (no name) - {D8DD89F5-4A18-69EE-1F34-4AC62E4360B0} - (no file)

    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

    O11 - Options group: [INTERNATIONAL] International*


    Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

    ===============

    After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
  • edited February 2007
    Crunchie wrote: »
    Can you please do the following.


    ===============

    Scan with HijackThis and then place a check next to all the following, if present:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    R3 - URLSearchHook: (no name) - {D8DD89F5-4A18-69EE-1F34-4AC62E4360B0} - (no file)

    O2 - BHO: (no name) - {D8DD89F5-4A18-69EE-1F34-4AC62E4360B0} - (no file)

    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

    O11 - Options group: [INTERNATIONAL] International*


    Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

    ===============

    After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

    Hi,Crunchie everything seems to be operating at top notch,But noticed that after fixing the entries on the HJT log that you recommended my floppy seems to initialiaze for no apparent reason,It is just an inconvience.It just happens on its own.In closing I am very happy with the help you provided.THANK YOU!!

    Here is an updated HJT LOG for review:

    Logfile of HijackThis v1.99.1
    Scan saved at 2:35:24 PM, on 11/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\SVCHOST.EXE
    D:\Installed Programs\NERO\InCD\InCDsrv.exe
    D:\Installed Programs\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\cisvc.exe
    D:\Installed Programs\Executive Software\DkService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    D:\INSTAL~1\PC-CIL~1\PCCTLCOM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\snmp.exe
    D:\INSTAL~1\PC-CIL~1\Tmntsrv.exe
    C:\WINDOWS\system32\mqsvc.exe
    D:\INSTAL~1\PC-CIL~1\TMPFW.EXE
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\system32\DllHost.exe
    D:\Installed Programs\PC-Cillin 2006\pccguide.exe
    D:\Installed Programs\adobie acrobat 6.0\Distillr\Acrotray.exe
    C:\WINDOWS\system32\RunDLL32.exe
    D:\Installed Programs\Java\bin\jusched.exe
    D:\INSTALLED PROGRAMS\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
    D:\INSTAL~1\NERO\NEROPH~2\data\Xtras\mssysmgr.exe
    C:\Program Files\Creative\Shared Files\CamTray.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\WgaTray.exe
    D:\INSTALLED PROGRAMS\HP 4180\DIGITAL IMAGING\BIN\HPQTRA08.EXE
    D:\Installed Programs\HP 4180\Digital Imaging\bin\hpqimzone.exe
    D:\Installed Programs\HP 4180\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\inetsrv\DavCData.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\taskmgr.exe
    D:\INSTAL~1\PC-CIL~1\TMPROXY.EXE
    C:\WINDOWS\system32\cidaemon.exe
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    D:\Installed Programs\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - D:\INSTAL~1\PC-CIL~1\PccIeBar.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Installed Programs\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Installed Programs\Java\bin\ssv.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Installed Programs\adobie acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - D:\Installed Programs\WebFerret\FerretBand.dll
    O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - D:\INSTAL~1\PC-CIL~1\PccIeBar.dll
    O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [pccguide.exe] "D:\Installed Programs\PC-Cillin 2006\pccguide.exe"
    O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Installed Programs\Executive Software\DkIcon.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Installed Programs\adobie acrobat 6.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Installed Programs\Java\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\INSTALLED PROGRAMS\AVG ANTI-SPYWARE 7.5\AVGAS.EXE" /minimized
    O4 - HKCU\..\Run: [NBJ] "D:\Installed Programs\NERO\Nero BackItUp\nbj.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] D:\INSTAL~1\NERO\NEROPH~2\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Installed Programs\HP 4180\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = D:\Installed Programs\HP 4180\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: &ieSpell Options - res://D:\Installed Programs\spell check\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://D:\Installed Programs\spell check\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Installed Programs\adobie acrobat 6.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Installed Programs\adobie acrobat 6.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Installed Programs\adobie acrobat 6.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Installed Programs\adobie acrobat 6.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Installed Programs\adobie acrobat 6.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Installed Programs\adobie acrobat 6.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Installed Programs\adobie acrobat 6.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://D:\Installed Programs\adobie acrobat 6.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Installed Programs\Java\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Installed Programs\Java\bin\ssv.dll
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Installed Programs\spell check\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Installed Programs\spell check\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Installed Programs\spell check\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Installed Programs\spell check\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134985033625
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Installed Programs\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - D:\Installed Programs\Executive Software\DkService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Installed Programs\NERO\InCD\InCDsrv.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - D:\INSTAL~1\PC-CIL~1\PcCtlCom.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Installed Programs\sisoftsandra 2005\SiSoftware Sandra Professional 2005.SR3\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Installed Programs\sisoftsandra 2005\SiSoftware Sandra Professional 2005.SR3\RpcSandraSrv.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - D:\INSTAL~1\PC-CIL~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - D:\INSTAL~1\PC-CIL~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - D:\INSTAL~1\PC-CIL~1\tmproxy.exe

    Thanks again,HammerHeadHank
  • CrunchieCrunchie Mandurah. Western Australia. Member
    edited February 2007
    Not sure what happened there, or even if it is related? Those entries had nothing to do with the drive.
    What you could try if you wish is to restore those entries using hijackthis, then delete them again and see what happens.
Sign In or Register to comment.