Browser rendered useless, svchost.exe problems.

shinsengumi · 07-09-2009, 03:29 PM

(I'm posting for a friend since his browser now completely refuses to work. He keeps losing connection while playing games, his system gets very sluggish/laggy. He told me at one point he had several svchost.exe's that were at massive usage. If there is any specific information we could include to help, we would be more than pleased. Thank you for your time.)

So here is my story, One day the internet is working just fine, browser, modem, and everything else. The next day I come in, I get the 2 following errors over, and over again non-stop.

Error #1
svc.host.exe - Application Error
The instruction at "0x100021d7" referenced memory at "0x30de6000". The Memory could not be "written".
Click on OK to terminate the program
Click on CANCEL to debug the program
Error #2
Generic Host Process for Win32 Services
Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience.
Error Signature
szAppName : svchost.exe szAppVer : 5.1.2600.5512 szModName : podmena.dll
szModVer : 0.0.0.0 offset : 000021d7
Logfile of HijackThis v1.99.1
Scan saved at 6:21:34 PM, on 7/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Well, I get on the internet and my browser is dead pretty much. It takes 15-30 minutes to load a single webpage, such as Google, if it even loads it at all. I figured it had something to do with the modem because my modem is extremely old, so off to bestbuy I go and order a new one. I install it and get the same errors and problems. I decide to keep the modem anyway and take it to a bestbuy geek squader. I pay him $30.00 to fix my problem and when I get home I find out he just disabled some svchost.exes and the problems are still there the next day including my browser being awful. I had a friend google my problem and found you guys. College starts in a few weeks and I need this computer to work, ANY advice or help you can give me will be tremendously appreciated.

DDS (Ver_09-06-26.01) - NTFSx86
Run by Compaq_Administrator at 14:42:21.65 on Thu 07/09/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.633 [GMT -5:00]

AV: Trend Micro PC-cillin Internet Security 2006 *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\srvany.exe
C:\pvsw\bin\w3dbsmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\windows\ld11.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe -k sys
C:\Documents and Settings\Compaq_Administrator\My Documents\download\ferdinkledink\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Microsoft Internet Explorer provided by Bellsouth® Internet Service
uStart Page = hxxp://www.my.att.net/
uDefault_Page_URL = hxxp://home.bellsouth.net
uSearch Bar = hxxp://home.bellsouth.net/brw_minisearch
mDefault_Page_URL = hxxp://home.bellsouth.net
mStart Page = hxxp://home.bellsouth.net
uInternet Connection Wizard,ShellNext = hxxp://accelerator.bellsouth.net/
BHO: MRI_DISABLED - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: BHO: {5b1d95a2-f547-4e5e-8902-622b08354622} - c:\windows\system32\iehelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [WordPerfect Office 1215] c:\program files\wordperfect office 12\programs\Registration.exe /title="WordPerfect Office 12" /date=071109 serial=wa12wrx-0000002-hmd lang=EN
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [sysldtray] c:\windows\ld11.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
LSP: c:\windows\system32\lsp.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://echat.bellsouth.net/sdccommon/download/tgctlcm.cab
DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab
DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} - hxxp://asp.mathxl.com/applets/PearsonInstallAsst.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
Filter: text/html - {3eb98e83-1610-459f-8de8-946e5099c64e} - c:\windows\system32\mst123.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: MRI_DISABLED - c:\windows\system32\__c00E3C7D.dat

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\nkj9z70n.default\
FF - prefs.js: browser.startup.homepage - hxxp://doc.hostingdelivered.com/
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPOJI610.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 driverdrv;driverdrv;c:\program files\driver\driver.sys [2009-6-18 9472]
R1 podmenadrv;podmenadrv;c:\program files\podmena\podmena.sys [2009-6-9 9472]
R1 sysdrv;sysdrv;c:\program files\sys\sys.sys [2009-6-25 9344]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\leapfrog\leapfrog connect\CommandService.exe [2009-2-4 991232]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Pervasive.SQL Workgroup Engine;Pervasive.SQL Workgroup Engine;c:\windows\system32\srvany.exe [2008-8-30 13864]
R2 sys;sys;c:\windows\system32\svchost.exe -k sys [2004-8-10 14336]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-9-26 190480]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-9-26 31248]
R3 acfva;acfva;c:\windows\system32\drivers\ACFVA32.sys [2009-6-23 86656]
R3 dgcfltr;DGC Filter Driver;c:\windows\system32\drivers\ACFDCP32.sys [2009-6-23 28928]
S2 podmena;podmena;c:\windows\system32\svchost.exe -k podmena [2004-8-10 14336]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2005-9-28 340037]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2005-9-12 630845]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2005-9-12 286788]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-4-13 18560]
S3 HSFHWCD2;HSFHWCD2;c:\windows\system32\drivers\HSFHWCD2.sys [2009-6-18 201728]
S3 papycpu;papycpu; [x]
S4 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\ca533av.sys --> c:\windows\system32\drivers\Ca533av.sys [?]
S4 dump_wmimmc;dump_wmimmc;\??\c:\nexon\maplestory\gameguard\dump_wmimmc.sys --> c:\nexon\maplestory\gameguard\dump_wmimmc.sys [?]
S4 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\bulk533.sys --> c:\windows\system32\drivers\Bulk533.sys [?]

=============== Created Last 30 ================

2009-07-01 16:56 33,792 a------- c:\windows\freddy49.exe
2009-06-28 04:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-06-28 04:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCSettings
2009-06-28 04:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-06-28 03:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-06-26 23:56 77,161 a------- c:\windows\War3Unin.dat
2009-06-26 23:56 139,264 a------- c:\windows\War3Unin.exe
2009-06-26 23:56 2,829 a------- c:\windows\War3Unin.pif
2009-06-25 18:42 <DIR> --d----- c:\program files\sys
2009-06-25 18:42 2 a------- c:\windows\010112010146118114.dat
2009-06-25 18:42 15,360 ----h--- c:\windows\ld11.exe
2009-06-24 18:49 <DIR> --d----- c:\windows\Options
2009-06-24 16:50 139 a------- C:\d45.bat
2009-06-24 16:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Geek Squad
2009-06-24 01:49 <DIR> --d----- c:\program files\CONEXANT
2009-06-24 01:49 <DIR> --d----- c:\program files\common files\muvee Technologies
2009-06-23 21:47 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-06-23 21:18 <DIR> --d----- c:\program files\driver
2009-06-23 17:51 16,128 a------- c:\windows\system32\drivers\MODEMCSA.sys
2009-06-23 17:51 16,128 a------- c:\windows\system32\dllcache\modemcsa.sys
2009-06-23 17:50 26,112 a------- c:\windows\system32\drivers\usbser.sys
2009-06-23 17:50 26,112 a------- c:\windows\system32\dllcache\usbser.sys
2009-06-23 17:45 <DIR> --d----- c:\program files\NetWaiting
2009-06-23 17:44 212,992 a------- c:\windows\system32\UCI32C19.dll
2009-06-23 17:44 147,456 a------- c:\windows\system32\TAP32C03.dll
2009-06-23 17:44 94,208 a------- c:\windows\system32\ACFSDK32.dll
2009-06-23 17:44 86,656 a------- c:\windows\system32\drivers\ACFVA32.sys
2009-06-23 17:44 28,928 a------- c:\windows\system32\drivers\ACFDCP32.sys
2009-06-23 17:44 12,672 a------- c:\windows\system32\drivers\ACFSDK32.sys
2009-06-22 02:11 <DIR> --d----- c:\program files\MirageBot
2009-06-22 02:11 <DIR> --d----- c:\docume~1\compaq~1\applic~1\MirageBot
2009-06-22 00:09 2 ----h--- c:\windows\ro122621.dat
2009-06-20 23:22 2 ----h--- c:\windows\ro122597.dat
2009-06-18 18:58 2 ----h--- c:\windows\ro122689.dat
2009-06-18 17:59 201,728 a------- c:\windows\system32\drivers\HSFHWCD2.sys
2009-06-18 17:59 129,012 a------- c:\windows\system32\drivers\HSFProf.cty
2009-06-18 17:59 86,016 a------- c:\windows\system32\mdmxsdk.dll
2009-06-18 17:59 32,218 a------- c:\windows\system32\HSFCI009.dll
2009-06-18 17:59 13,059 a------- c:\windows\system32\drivers\mdmxsdk.sys
2009-06-18 17:59 1,041,536 a------- c:\windows\system32\drivers\HSF_DP.sys
2009-06-18 17:59 682,752 a------- c:\windows\system32\drivers\HSF_CNXT.sys
2009-06-18 17:53 14,848 a------- c:\windows\system32\mpnatapi.dll
2009-06-18 17:51 296 a------- c:\windows\artera.usr
2009-06-18 17:48 494 a------- c:\windows\EReg206.dat
2009-06-18 17:45 552,960 -------- c:\windows\system32\FAST2003.ocx
2009-06-18 17:45 204,800 -------- c:\windows\system32\FAST2006.ocx
2009-06-18 17:45 126,976 -------- c:\windows\system32\FAST2004.dll
2009-06-18 17:45 103,744 -------- c:\windows\system32\MSCOMM32.OCX
2009-06-17 18:40 21,504 a------- c:\windows\system32\hidserv.dll
2009-06-17 18:40 21,504 a------- c:\windows\system32\dllcache\hidserv.dll
2009-06-17 18:40 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2009-06-17 18:40 14,592 a------- c:\windows\system32\dllcache\kbdhid.sys
2009-06-16 19:50 5,632 a------- c:\windows\system32\ptpusb.dll
2009-06-16 19:50 159,232 a------- c:\windows\system32\ptpusd.dll
2009-06-16 18:16 <DIR> --d----- c:\program files\common files\Nikon
2009-06-16 18:16 <DIR> --d----- c:\program files\Nikon
2009-06-16 18:16 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2009-06-12 20:52 2 ----h--- c:\windows\ro123198.dat
2009-06-12 20:52 1 ----h--- c:\windows\bf23567.dat
2009-06-12 19:53 2 ----h--- c:\windows\ro123222.dat
2009-06-12 19:52 2 ----h--- c:\windows\ro123290.dat
2009-06-12 19:48 183,296 a------- c:\windows\system32\lsp.dll
2009-06-12 19:48 96,768 a------- c:\windows\syssvc.exe
2009-06-09 18:17 1 ----h--- c:\windows\f23567.dat
2009-06-09 18:17 2 ----h--- c:\windows\ro122366.dat
2009-06-09 17:57 10,752 a------- c:\windows\system32\iehelper.dll
2009-06-09 17:49 1 ----h--- c:\windows\msmark2.dat
2009-06-09 17:49 2 ----h--- c:\windows\ro122390.dat
2009-06-09 17:49 <DIR> --d----- c:\program files\podmena
2009-06-09 17:49 2 ----h--- c:\windows\ro122458.dat
2009-06-09 17:48 262,672 a------- c:\windows\sysguard.exe
2009-06-09 17:47 43,008 ----h--- c:\windows\ld09.exe

==================== Find3M ====================

2009-06-16 18:16 106,496 a------- c:\windows\system32\ATL71.DLL
2009-05-07 10:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 10:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-05-02 11:54 92,947 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-02 11:54 341,048 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection3.dll
2009-05-02 11:54 163,840 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2009-05-02 11:54 61,440 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2009-05-02 11:54 45,056 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2009-05-02 11:54 44,032 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2009-05-02 11:54 40,960 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2009-05-02 11:54 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2009-05-02 11:54 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2009-04-22 00:18 95,232 a------- c:\windows\system32\msscript.ocx.tmp
2009-04-17 07:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 07:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 09:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 09:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2006-06-02 15:17 0 ac------ c:\docume~1\compaq~1\applic~1\wklnhst.dat

============= FINISH: 14:42:54.93 ===============

forhockey · 07-11-2009, 12:10 AM

Hi shinsengumi,

Sorry for the delay in looking into your log, as we are extremely busy in this section of the forums. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Since its been awhile if you could please re-run DDS and post the resulting logs.

Thanks

shinsengumi · 07-11-2009, 09:36 AM

I'll have him re-run DDS as soon as he gets off work. I'll go subscribe and set it to instant notification, and thank you for your response.

shinsengumi · 07-11-2009, 02:29 PM

DDS (Ver_09-06-26.01) - NTFSx86
Run by Compaq_Administrator at 15:17:12.59 on Sat 07/11/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.688 [GMT -5:00]

AV: Trend Micro PC-cillin Internet Security 2006 *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\WINDOWS\arservice.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\srvany.exe
C:\pvsw\bin\w3dbsmgr.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\windows\ld11.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\windows\pp10.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MirageBot\MirageBot.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe -k sys
C:\WINDOWS\system32\svchost.exe -k podmena
C:\Documents and Settings\Compaq_Administrator\My Documents\download\ferdinkledink\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Microsoft Internet Explorer provided by Bellsouth® Internet Service
uStart Page = hxxp://www.my.att.net/
uDefault_Page_URL = hxxp://home.bellsouth.net
uSearch Bar = hxxp://home.bellsouth.net/brw_minisearch
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://accelerator.bellsouth.net/
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
BHO: MRI_DISABLED - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: BHO: {5b1d95a2-f547-4e5e-8902-622b08354622} - c:\windows\system32\iehelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [WordPerfect Office 1215] c:\program files\wordperfect office 12\programs\Registration.exe /title="WordPerfect Office 12" /date=072609 serial=wa12wrx-0000002-hmd lang=EN
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [sysldtray] c:\windows\ld11.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [pp] c:\windows\pp10.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
LSP: c:\windows\system32\lsp.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://echat.bellsouth.net/sdccommon/download/tgctlcm.cab
DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab
DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} - hxxp://asp.mathxl.com/applets/PearsonInstallAsst.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
TCP: {9F83145F-552A-490E-A765-4B4365BF09E6} = 205.152.132.23 205.152.144.23
Filter: text/html - {3eb98e83-1610-459f-8de8-946e5099c64e} - c:\windows\system32\mst123.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: MRI_DISABLED - c:\windows\system32\__c00E3C7D.dat
LSA: Notification Packages = scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\nkj9z70n.default\
FF - prefs.js: browser.startup.homepage - hxxp://doc.hostingdelivered.com/
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPOJI610.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 driverdrv;driverdrv;c:\program files\driver\driver.sys [2009-6-18 9472]
R1 podmenadrv;podmenadrv;c:\program files\podmena\podmena.sys [2009-6-9 9472]
R1 sysdrv;sysdrv;c:\program files\sys\sys.sys [2009-6-25 9344]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\leapfrog\leapfrog connect\CommandService.exe [2009-2-4 991232]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Pervasive.SQL Workgroup Engine;Pervasive.SQL Workgroup Engine;c:\windows\system32\srvany.exe [2008-8-30 13864]
R2 podmena;podmena;c:\windows\system32\svchost.exe -k podmena [2004-8-10 14336]
R2 sys;sys;c:\windows\system32\svchost.exe -k sys [2004-8-10 14336]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-9-26 190480]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-9-26 31248]
R3 acfva;acfva;c:\windows\system32\drivers\ACFVA32.sys [2009-6-23 86656]
R3 dgcfltr;DGC Filter Driver;c:\windows\system32\drivers\ACFDCP32.sys [2009-6-23 28928]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2005-9-28 340037]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2005-9-12 630845]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2005-9-12 286788]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-4-13 18560]
S3 HSFHWCD2;HSFHWCD2;c:\windows\system32\drivers\HSFHWCD2.sys [2009-6-18 201728]
S3 papycpu;papycpu; [x]
S4 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\ca533av.sys --> c:\windows\system32\drivers\Ca533av.sys [?]
S4 dump_wmimmc;dump_wmimmc;\??\c:\nexon\maplestory\gameguard\dump_wmimmc.sys --> c:\nexon\maplestory\gameguard\dump_wmimmc.sys [?]
S4 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\bulk533.sys --> c:\windows\system32\drivers\Bulk533.sys [?]

=============== Created Last 30 ================

2009-07-10 00:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCSettings
2009-07-10 00:30 <DIR> --d----- c:\program files\sys
2009-07-10 00:29 <DIR> --d----- c:\windows\Options
2009-07-10 00:28 <DIR> --d----- c:\program files\CONEXANT
2009-07-10 00:28 <DIR> --d----- c:\program files\driver
2009-07-10 00:26 <DIR> --d----- c:\program files\common files\muvee Technologies
2009-07-09 23:07 2 a------- c:\windows\0101120101464849.dat
2009-07-09 23:07 1 a------- c:\windows\934fdfg34fgjf23
2009-07-09 23:07 15,360 ----h--- c:\windows\pp10.exe
2009-07-01 16:56 33,792 a------- c:\windows\freddy49.exe
2009-06-28 04:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-06-28 04:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-06-28 03:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-06-26 23:56 77,161 a------- c:\windows\War3Unin.dat
2009-06-26 23:56 139,264 a------- c:\windows\War3Unin.exe
2009-06-26 23:56 2,829 a------- c:\windows\War3Unin.pif
2009-06-25 18:42 2 a------- c:\windows\010112010146118114.dat
2009-06-25 18:42 15,360 ----h--- c:\windows\ld11.exe
2009-06-24 16:50 139 a------- C:\d45.bat
2009-06-24 16:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Geek Squad
2009-06-23 21:47 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-06-23 17:51 16,128 a------- c:\windows\system32\drivers\MODEMCSA.sys
2009-06-23 17:51 16,128 a------- c:\windows\system32\dllcache\modemcsa.sys
2009-06-23 17:50 26,112 a------- c:\windows\system32\drivers\usbser.sys
2009-06-23 17:50 26,112 a------- c:\windows\system32\dllcache\usbser.sys
2009-06-23 17:45 <DIR> --d----- c:\program files\NetWaiting
2009-06-23 17:44 212,992 a------- c:\windows\system32\UCI32C19.dll
2009-06-23 17:44 147,456 a------- c:\windows\system32\TAP32C03.dll
2009-06-23 17:44 94,208 a------- c:\windows\system32\ACFSDK32.dll
2009-06-23 17:44 86,656 a------- c:\windows\system32\drivers\ACFVA32.sys
2009-06-23 17:44 28,928 a------- c:\windows\system32\drivers\ACFDCP32.sys
2009-06-23 17:44 12,672 a------- c:\windows\system32\drivers\ACFSDK32.sys
2009-06-22 02:11 <DIR> --d----- c:\program files\MirageBot
2009-06-22 02:11 <DIR> --d----- c:\docume~1\compaq~1\applic~1\MirageBot
2009-06-22 00:09 2 ----h--- c:\windows\ro122621.dat
2009-06-20 23:22 2 ----h--- c:\windows\ro122597.dat
2009-06-18 18:58 2 ----h--- c:\windows\ro122689.dat
2009-06-18 17:59 201,728 a------- c:\windows\system32\drivers\HSFHWCD2.sys
2009-06-18 17:59 129,012 a------- c:\windows\system32\drivers\HSFProf.cty
2009-06-18 17:59 32,218 a------- c:\windows\system32\HSFCI009.dll
2009-06-18 17:59 1,041,536 a------- c:\windows\system32\drivers\HSF_DP.sys
2009-06-18 17:59 682,752 a------- c:\windows\system32\drivers\HSF_CNXT.sys
2009-06-18 17:53 14,848 a------- c:\windows\system32\mpnatapi.dll
2009-06-18 17:51 296 a------- c:\windows\artera.usr
2009-06-18 17:48 494 a------- c:\windows\EReg206.dat
2009-06-18 17:45 552,960 -------- c:\windows\system32\FAST2003.ocx
2009-06-18 17:45 204,800 -------- c:\windows\system32\FAST2006.ocx
2009-06-18 17:45 126,976 -------- c:\windows\system32\FAST2004.dll
2009-06-18 17:45 103,744 -------- c:\windows\system32\MSCOMM32.OCX
2009-06-17 18:40 21,504 a------- c:\windows\system32\hidserv.dll
2009-06-17 18:40 21,504 a------- c:\windows\system32\dllcache\hidserv.dll
2009-06-17 18:40 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2009-06-17 18:40 14,592 a------- c:\windows\system32\dllcache\kbdhid.sys
2009-06-16 19:50 5,632 a------- c:\windows\system32\ptpusb.dll
2009-06-16 19:50 159,232 a------- c:\windows\system32\ptpusd.dll
2009-06-16 18:16 <DIR> --d----- c:\program files\common files\Nikon
2009-06-16 18:16 <DIR> --d----- c:\program files\Nikon
2009-06-16 18:16 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2009-06-12 20:52 2 ----h--- c:\windows\ro123198.dat
2009-06-12 20:52 1 ----h--- c:\windows\bf23567.dat
2009-06-12 19:53 2 ----h--- c:\windows\ro123222.dat
2009-06-12 19:52 2 ----h--- c:\windows\ro123290.dat
2009-06-12 19:48 183,296 a------- c:\windows\system32\lsp.dll
2009-06-12 19:48 96,768 a------- c:\windows\syssvc.exe

==================== Find3M ====================

2009-07-11 13:19 92,947 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-11 13:18 45,056 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2009-07-11 13:18 44,032 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2009-07-11 13:18 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2009-07-11 13:18 341,048 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection3.dll
2009-07-11 13:18 163,840 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2009-07-11 13:18 61,440 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2009-07-11 13:18 40,960 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2009-07-11 13:18 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2009-06-16 18:16 106,496 a------- c:\windows\system32\ATL71.DLL
2009-06-13 20:41 10,752 a------- c:\windows\system32\iehelper.dll
2009-06-09 17:47 43,008 ----h--- c:\windows\ld09.exe
2009-06-09 17:47 262,672 a------- c:\windows\sysguard.exe
2009-04-22 00:18 95,232 a------- c:\windows\system32\msscript.ocx.tmp
2006-06-02 15:17 0 ac------ c:\docume~1\compaq~1\applic~1\wklnhst.dat

============= FINISH: 15:17:21.12 ===============

forhockey · 07-11-2009, 05:25 PM

Hi shinsengumi,

Quote:

I'll have him re-run DDS as soon as he gets off work. I'll go subscribe and set it to instant notification, and thank you for your response.

Do you have direct access to your friends computer? There will be less of a delay and will be much better if you perform all these steps instead of relaying the instructions to your friend.

---------------------------------------------------------------------------------------------

Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------

Download Combofix from >>Here<<
Save it to your desktop.

--------------------------------------------------------------------

* IMPORTANT !!! Place combo-fix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

You can get help on disabling your protection programs here
Double click on combo-fix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.

Click on Yes, to continue scanning for malware.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you (Located in C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.

shinsengumi · 07-11-2009, 10:29 PM

The log was too long to include in the post itself, I've attached it though. After running ComboFix his browser is currently working again. Thank you for all the help and I'll be sure to direct him to this thread.

forhockey · 07-11-2009, 11:34 PM

Hi shinsengumi,

This is far from over. Please stick with me until I state the system is clean. I'll need you to carry on and reply back with the results when I ask.

I'm currently working on a fix, and will get back to you. Please be patient.

Thanks

shinsengumi · 07-12-2009, 10:26 AM

Sorry, I didn't mean to sound like we thought it was over. Just wanted to let you know that his browser is working again. So there won't be any worries of miscommunication, and you can talk to him directly. I'll still be helping him though, and thank you again.

forhockey · 07-12-2009, 10:57 AM

Hello,

Not a problem. Just because there are no symptoms doesn't technically mean your machine is still clean.

--------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

Code:

http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/393358-browser-rendered-useless-svchost-exe-problems.html#post2231503

KILLALL::
Collect::
C:\d45.bat
DirLook::
c:\documents and settings\All Users\Application Data\PCSettings
c:\windows\Options

Save this as CFScript

Referring to the picture above, drag CFScript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis. Please submit "[4]-Submit_Date_Time.zip" by following the prompts.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

--------------------------------------------------------------

Perform an online scan with Panda ActiveScan

Click on Scan Your PC Now
A "pop up" window will appear, or a new tab will open.
Click on Register
Choose the option you like most, but we recommend the Free Registration.
Click on Register
Enter your e-mail address, and create a password.
Select "I do not want to receive any type of information". (unless you want to receive such information)
Click on Send
Confirm registration, and continue by entering your user name and password, then click on Enter
Select Full Scan, then Click on Scan Now
Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
Please ignore the offer to buy the program. Click on Export To
Export the log and save it to your desktop.
Please attach the contents of that log in your next reply.

* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------

Please reply back with the following:

C:\ComboFix.txt
Panda Active Scan log
How is the system behaving now?

shinsengumi · 07-13-2009, 06:09 PM

(This is from the actual user who is having the troubles with the browser, first off I want to really thank you for your time and effort and more so with your knowledge and patience.)

I am attaching my recent combo fix log after running it again with the script. I also wanted to update you on my pandascan. Pandascan will not work for me for some reason. I don't know if its my browser or Panda itself, but I get an error about 11% into the scan that says "Firefox has encountered an error and needs to close." I have tried to scan 4 different times now, each scan gets further along as far as files scanned but it can never finish. At one point it had scanned 155K files with 12 infected files detected and 5 vulnerable. I will continue to try panda scan until told otherwise and hopefully it will complete sometime.

As far as my actual computer performance, it seems to be working more than okay. I don't get lag anymore and my browser is working better than ever (except for panda scan unfortunately) but the little I can scan with Panda shows more infections.

-------------------------------------------------------------

ComboFix 09-07-09.08 - Compaq_Administrator 07/12/2009 12:48.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.541 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt
AV: Trend Micro PC-cillin Internet Security 2006 *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

file zipped: C:\d45.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\d45.bat

.
((((((((((((((((((((((((( Files Created from 2009-06-12 to 2009-07-12 )))))))))))))))))))))))))))))))
.

2009-07-12 10:20 . 2009-07-12 10:23 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-07-10 05:31 . 2009-07-10 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2009-07-10 05:29 . 2009-07-10 05:29 -------- d-----w- c:\windows\Options
2009-07-10 05:28 . 2009-07-10 05:28 -------- d-----w- c:\program files\CONEXANT
2009-07-10 05:28 . 2009-07-10 05:28 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\InstallShield
2009-07-10 05:26 . 2009-07-10 05:26 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-07-01 21:56 . 2009-07-01 21:56 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Mozilla
2009-06-28 09:08 . 2009-07-10 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-28 09:02 . 2009-07-10 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-06-28 08:59 . 2009-07-10 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-06-27 04:56 . 2009-06-27 12:24 77161 ----a-w- c:\windows\War3Unin.dat
2009-06-27 04:56 . 2009-06-27 05:10 2829 ----a-w- c:\windows\War3Unin.pif
2009-06-27 04:56 . 2009-06-27 05:10 139264 ----a-w- c:\windows\War3Unin.exe
2009-06-27 04:46 . 2009-07-12 17:18 -------- d-----w- c:\program files\Warcraft III
2009-06-24 21:44 . 2009-06-24 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Geek Squad
2009-06-24 02:47 . 2009-06-24 02:47 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-24 02:02 . 2008-04-13 16:44 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
2009-06-23 22:51 . 2001-08-17 18:57 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys
2009-06-23 22:51 . 2001-08-17 18:57 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-06-23 22:50 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-06-23 22:50 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2009-06-23 22:45 . 2009-07-10 05:05 -------- d-----w- c:\program files\NetWaiting
2009-06-23 22:44 . 2007-03-22 05:34 212992 ----a-w- c:\windows\system32\UCI32C19.dll
2009-06-23 22:44 . 2007-04-03 12:00 147456 ----a-w- c:\windows\system32\TAP32C03.dll
2009-06-23 22:44 . 2007-07-10 09:14 28928 ----a-w- c:\windows\system32\drivers\ACFDCP32.sys
2009-06-23 22:44 . 2007-06-29 11:39 86656 ----a-w- c:\windows\system32\drivers\ACFVA32.sys
2009-06-23 22:44 . 2007-03-15 10:52 12672 ----a-w- c:\windows\system32\drivers\ACFSDK32.sys
2009-06-23 22:44 . 2007-03-15 10:52 94208 ----a-w- c:\windows\system32\ACFSDK32.dll
2009-06-22 07:11 . 2009-07-10 05:28 -------- d-----w- c:\program files\MirageBot
2009-06-22 07:11 . 2009-07-10 05:28 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\MirageBot
2009-06-18 22:59 . 2004-04-27 20:23 201728 ----a-w- c:\windows\system32\drivers\HSFHWCD2.sys
2009-06-18 22:59 . 2003-12-17 17:51 32218 ----a-w- c:\windows\system32\HSFCI009.dll
2009-06-18 22:59 . 2004-04-27 20:21 682752 ----a-w- c:\windows\system32\drivers\HSF_CNXT.sys
2009-06-18 22:59 . 2004-04-27 20:19 1041536 ----a-w- c:\windows\system32\drivers\HSF_DP.sys
2009-06-18 22:53 . 2003-12-16 17:48 14848 ----a-w- c:\windows\system32\mpnatapi.dll
2009-06-18 22:48 . 2009-06-18 23:01 494 ----a-w- c:\windows\EReg206.dat
2009-06-18 22:47 . 2009-06-18 22:47 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\BVRP Software
2009-06-18 22:45 . 2000-12-15 14:45 126976 ------w- c:\windows\system32\FAST2004.dll
2009-06-17 23:40 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-06-17 23:40 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2009-06-17 23:40 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-06-17 23:40 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-06-17 00:50 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-17 00:50 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-06-17 00:25 . 2009-06-17 00:25 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Nikon
2009-06-16 23:18 . 2009-06-16 23:18 49152 ----a-r- c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2009-06-16 23:17 . 2009-06-16 23:17 335872 ----a-r- c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
2009-06-16 23:16 . 2009-06-24 06:49 -------- d-----w- c:\program files\Common Files\Nikon
2009-06-16 23:16 . 2009-06-16 23:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon
2009-06-16 23:16 . 2009-06-16 23:16 -------- d-----w- c:\program files\Nikon
2009-06-16 23:16 . 2009-06-16 23:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15
2009-06-16 23:16 . 2009-06-16 23:16 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp
2009-06-16 23:11 . 2009-06-16 23:11 -------- d-----w- c:\program files\ArcSoft
2009-06-13 01:52 . 2009-06-13 01:52 1 ---h--w- c:\windows\bf23567.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-12 03:50 . 2008-08-30 01:12 -------- d-----w- c:\documents and settings\Im A Visitor\Application Data\Antivir64
2009-07-11 19:49 . 2005-11-11 21:15 108640 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-11 18:19 . 2005-01-28 17:40 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-11 18:18 . 2009-07-11 18:18 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-07-11 18:18 . 2009-07-11 18:18 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-07-11 18:18 . 2009-07-11 18:18 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-07-11 18:18 . 2009-07-11 18:18 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-07-11 18:18 . 2009-07-11 18:18 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-07-11 18:18 . 2009-07-11 18:18 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2009-07-11 18:18 . 2009-07-11 18:18 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-07-11 18:18 . 2009-07-11 18:18 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2009-07-10 05:28 . 2007-01-14 22:07 -------- d-----w- c:\program files\Microsoft Games
2009-07-10 05:28 . 2005-11-11 21:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-10 05:25 . 2006-05-24 23:47 -------- d-----w- c:\program files\QuickTime
2009-07-10 05:23 . 2006-05-24 23:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-10 05:22 . 2008-10-25 01:39 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\gtk-2.0
2009-07-10 04:24 . 2007-09-05 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-03 00:02 . 2006-03-09 05:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-07-01 22:36 . 2007-01-12 21:00 -------- d-----w- c:\program files\Starcraft
2009-06-30 04:55 . 2006-03-09 05:50 -------- d-----w- c:\program files\Diablo II
2009-06-24 02:11 . 2005-11-11 21:41 -------- d-----w- c:\program files\Google
2009-06-17 01:32 . 2009-06-16 23:16 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-06-16 23:16 . 2003-03-19 10:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
2009-06-08 01:19 . 2008-10-25 01:09 -------- d-----w- c:\program files\Gimp-2.0
2009-06-07 04:28 . 2007-02-15 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-04-22 05:18 . 2009-04-22 05:18 95232 ----a-w- c:\windows\system32\msscript.ocx.tmp
2009-04-13 21:58 . 2009-04-13 21:58 25742176 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\UPCInstaller.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\PCSettings ----

---- Directory of c:\windows\Options ----

((((((((((((((((((((((((((((( SnapShot@2009-07-12_04.08.48 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-07 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WordPerfect Office 1215"="c:\program files\WordPerfect Office 12\Programs\Registration.exe" [2004-03-08 733184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-11 180269]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-02-05 356352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-11 27136]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"podmena"=2 (0x2)
"driver"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 Pervasive.SQL Workgroup Engine;Pervasive.SQL Workgroup Engine;c:\windows\system32\srvany.exe [8/30/2008 1:27 PM 13864]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [9/26/2005 12:23 AM 190480]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [9/28/2005 8:19 AM 340037]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [9/26/2005 12:23 AM 31248]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [9/12/2005 7:59 AM 286788]
R3 acfva;acfva;c:\windows\system32\drivers\ACFVA32.sys [6/23/2009 5:44 PM 86656]
R3 dgcfltr;DGC Filter Driver;c:\windows\system32\drivers\ACFDCP32.sys [6/23/2009 5:44 PM 28928]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [9/12/2005 7:57 AM 630845]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [4/13/2009 5:22 PM 18560]
S3 HSFHWCD2;HSFHWCD2;c:\windows\system32\drivers\HSFHWCD2.sys [6/18/2009 5:59 PM 201728]
S3 papycpu;papycpu; [x]
S4 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys --> c:\windows\system32\Drivers\Ca533av.sys [?]
S4 dump_wmimmc;dump_wmimmc;\??\c:\nexon\MapleStory\GameGuard\dump_wmimmc.sys --> c:\nexon\MapleStory\GameGuard\dump_wmimmc.sys [?]
S4 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\Drivers\Bulk533.sys --> c:\windows\system32\Drivers\Bulk533.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-06-16 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-09 03:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.my.att.net/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://accelerator.bellsouth.net/
DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\nkj9z70n.default\
FF - prefs.js: browser.startup.homepage - hxxp://doc.hostingdelivered.com/
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-12 12:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3584)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\arservice.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\pvsw\bin\w3dbsmgr.exe
c:\windows\system32\wdfmgr.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\progra~1\TRENDM~1\INTERN~1\pccguide.exe
.
**************************************************************************
.
Completion time: 2009-07-12 12:59 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-12 17:58
ComboFix2.txt 2009-07-12 04:11

Pre-Run: 165,266,042,880 bytes free
Post-Run: 165,240,176,640 bytes free

275 --- E O F --- 2009-04-29 20:14

forhockey · 07-13-2009, 10:44 PM

Try running the scan with Internet Explorer.

You can alternately give ESET online scan a try..

Go here to run an online scannner from ESET.

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic, along with a new HijackThis log and a description of any remaining problems

shinsengumi · 07-14-2009, 08:54 PM

My browser is encountering major problems again. I think it is actually on the verge of going back to the way it was because it is slow and laggy again and to post this reply i had to refresh the page multiple times to get it to load, I finally just had to restart my computer and it brought it right up but VERY slowly.

As for the scans, neither will complete. ESET actually gave me the error "Cannot update, Make sure your proxies are configured and try again"
I have downloaded it but 12% into the scan the error popped up and now it wont load at all because of my browser problems.

(thank you for helping me thus far, and I will gladly donate to this awesome site if I can use this computer's browser normally again.)

forhockey · 07-15-2009, 07:57 PM

Hello,

Are both web browsers slow? (Internet Explorer & Firefox?) I find sometimes this site takes awhile to load. Depends what time of the day you try to access this site.

Is it only certain websites you visit that are "laggy"?

----------------------------------

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now.

Open notepad and copy/paste the text in the quotebox below:
(don't forget to copy and paste REGEDIT4)

Quote:

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"podmena"=-

Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

------------------------------------------------------

IMPORTANT: Do not use the computer, or any programs while scanning with this program.

This next tool tends to be quite aggressive, so please be sure to configure it as shown below. I only want to review what it finds:

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan

Note: You may be prompted to purchase the product. Just close the window.
This will scan the files currently running in memory and when something is found, click the 'yes' button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, we need to change the default settings.
In the Menu Bar, Go to Options>Change Settings.
Click on the Actions tab
Using the drop down menus, change each item under Objects and Malware to Report
Next, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'No to All' if it asks if you want to cure/move the file.
After the scan has completed, in the Dr.Web CureIt menu on top, click File and choose Save Report List
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Post the contents of the log from Dr.Web you saved previously in your next reply.

shinsengumi · 07-16-2009, 11:56 AM

Upon running this scan it encountered a problem just like the other programs. Maybe something isn't allowing me to scan my system? The error on this one said it encountered a problem and needed to close. I was 130K files into the scan with one virus script found, 4 adware, and about 10 infected files. There was a total of 540K files that needed scanned...There were no programs in the background running, absolutely everything was closed.

shinsengumi · 07-17-2009, 08:15 AM

Yay!! I have finally got the Drcureit to finish it's scan and here are the results. I was more infected than I thought.

-------------------------------------------------------------------------

setup.exe\data012;C:\Documents and Settings\Compaq_Administrator\Desktop\Programs\New Folder\New Folder (2)\setup.exe;Tool.Prockill;;
setup.exe;C:\Documents and Settings\Compaq_Administrator\Desktop\Programs\New Folder\New Folder (2);Container contains infected objects;;
www_newd2event_net.zip[1]/setup.exe\data012;C:\Documents and Settings\Compaq_Administrator\Desktop\Programs\New Folder\New Folder (2)\www_newd2event_net.zip[1]/setup.exe;Tool.Prockill;;
setup.exe;C:\Documents and Settings\Compaq_Administrator\Desktop\Programs\New Folder\New Folder (2);Container contains infected objects;;
www_newd2event_net.zip[1];C:\Documents and Settings\Compaq_Administrator\Desktop\Programs\New Folder\New Folder (2);Archive contains infected objects;;
KillWind.exe;C:\hp\bin;Tool.ProcessKill;;
BSInstall5.2.5.1.exe\data021;C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe;Adware.SearchAid.40;;
BSInstall5.2.5.1.exe/data027\clientax.dll;C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe/data027;Adware.Zango;;
data027;C:\Program Files\BearShare\Installer;Archive contains infected objects;;
BSInstall5.2.5.1.exe/data030\data004;C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe/data030;Adware.Websearch.54;;
BSInstall5.2.5.1.exe/data030\data005;C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe/data030;Adware.Msearch;;
data030;C:\Program Files\BearShare\Installer;Container contains infected objects;;
BSInstall5.2.5.1.exe;C:\Program Files\BearShare\Installer;Archive contains infected objects;;
TSsetup.exe\data002;C:\Program Files\Online Services\Aol\Canada\comps\tpspd\TSsetup.exe;Probably DLOADER.Trojan;;
TSsetup.exe;C:\Program Files\Online Services\Aol\Canada\comps\tpspd;Archive contains infected objects;;
aolcinst.exe\core.cab\GTDOWNAO_106.ocx;C:\Program Files\Online Services\Aol\United States\AOL90\comps\coach\aolcinst.exe;Adware.Gdown;;
aolcinst.exe;C:\Program Files\Online Services\Aol\United States\AOL90\comps\coach;Archive contains infected objects;;
aolcinst.exe\core.cab\GTDOWNAO_106.ocx;C:\Program Files\Online Services\Aol\United States\AOL90E\comps\coach\aolcinst.exe;Adware.Gdown;;
aolcinst.exe;C:\Program Files\Online Services\Aol\United States\AOL90E\comps\coach;Archive contains infected objects;;
TSsetup.exe\data002;C:\Program Files\Online Services\Canada\AOL-MAX\comps\tpspd\TSsetup.exe;Probably DLOADER.Trojan;;
TSsetup.exe;C:\Program Files\Online Services\Canada\AOL-MAX\comps\tpspd;Archive contains infected objects;;
PPCInstall.dll;C:\Program Files\Online Services\PeoplePC;Probably STPAGE.Trojan;;
driver.dll.vir;C:\Qoobox\Quarantine\C\Program Files\driver;BackDoor.Siggen.204;;
driver.sys.vir;C:\Qoobox\Quarantine\C\Program Files\driver;BackDoor.Siggen.204;;
sys.dll.vir;C:\Qoobox\Quarantine\C\Program Files\sys;Trojan.DownLoad.38749;;
sys.sys.vir;C:\Qoobox\Quarantine\C\Program Files\sys;Trojan.NtRootKit.3021;;
freddy49.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS;Trojan.DownLoad.39933;;
ld11.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS;Trojan.DownLoad.38934;;
pp10.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS;Trojan.PWS.Brauz.10;;
syssvc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS;Win32.HLLM.Limar.origin;;
iehelper.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Fakealert.4405;;
A0006491.dll;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1;BackDoor.Siggen.204;;
A0006492.sys;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1;BackDoor.Siggen.204;;
A0006496.dll;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1;Trojan.DownLoad.38749;;
A0006497.sys;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1;Trojan.NtRootKit.3021;;
A0006498.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1;Trojan.DownLoad.39933;;
A0006501.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1;Trojan.DownLoad.38934;;
A0006502.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1;Trojan.PWS.Brauz.10;;
A0006504.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1;Win32.HLLM.Limar.origin;;
A0006505.dll;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1;Trojan.Fakealert.4405;;
firstopt.js;D:\I386\Apps\APP18076;Probably SCRIPT.Virus;;

forhockey · 07-17-2009, 06:08 PM

Hi shinsengumi,

Can you please answer the following question from my previous post?

Quote:

Are both web browsers slow? (Internet Explorer & Firefox?)

Is it only certain websites you visit that are "laggy"?

------------------------------------

Go to Start->Run-> Type the following into the text box:

C:\Qoobox\Add-Remove Programs.txt
Click OK

Please reply back with the following:

1. Answer to question
2. Results from notepad.

shinsengumi · 07-17-2009, 09:07 PM

2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Agere Systems PCI-SV92PP Soft Modem
AOL Instant Messenger
ArcSoft Panorama Maker 4
ATI Control Panel
ATI Display Driver
BellSouth Dial Internet Service Setup
Compaq Multimedia Keyboard Software
Connection Enhancement Software(BellSouthNet)
cp_LightScribeConfig
cp_LightScribePlugin
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Customer Experience Enhancement
File Uploader
GIMP 2.6.6
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
HP Boot Optimizer
HP DigitalMedia Archive
HP Software Update
HP Support Overview
HpSdpAppCoreApp
InterVideo WinDVD Player
J2SE Runtime Environment 5.0 Update 5
LeapFrog Connect
LeapFrog Tag Plugin
Lexmark X5100 Series
LG USB Modem Drivers
LightScribe 1.4.52.1
Logitech MouseWare 9.79
Logitech Resource Center
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Away Mode
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MirageBot 9.0 Final
Mozilla Firefox (3.5)
MS Access 97 SP2
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
NetWaiting
Network Play System (Patching)
Nikon Message Center
Nikon Transfer
Otto
PC-Doctor 5 for Windows
Peachtree Accounting 2008
Peachtree Complete Accounting Educational Version 2008
PeachTree Signature Ready Forms
Pervasive Software PSQL v9.1 Client
Pervasive System Analyzer v9.1
PH General Ledger v5
Polaroid i532
PS2
QuickTime
RealPlayer
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Sony USB Driver
Starcraft
StealthBot v2.6 Revision 3 (remove only)
TomTom HOME
Trend Micro PC-cillin Internet Security 2006
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Outlook 2007 Junk Email Filter (kb970012)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
USB Modem
VC_MergeModuleToMSI
Warcraft III: All Products
WebFldrs XP
Windows Communication Foundation
Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB908250
WinZip 12.1
WordPerfect Office 12
XML Paper Specification Shared Components Pack 1.0

--------------------------------------------------------
Firefox is running fine, but IE is the problem, which I don't really use and/or need. IE doesn't load a lot of the time and when it does it is very slow and laggy, but as long as I have my firefox everything is okay with me.

forhockey · 07-18-2009, 01:33 PM

Hi shinsengumi,

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\Documents and Settings\Compaq_Administrator\Desktop\Programs\New Folder\New Folder (2)\setup.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\Programs\New Folder\New Folder (2)\www_newd2event_net.zip
C:\Program Files\BearShare

--------------------------------------------------------------

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Fullscan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

--------------------------------------------------------------

Also, you can try running Internet Explorer as follows to see if it still freezes..

Start -> Programs -> Accessories -> System Tools -> Internet Explorer (No Add-ons)

Let me know if this makes a difference?

shinsengumi · 07-18-2009, 09:24 PM

I have deleted the files you listed and ran the malware scan and here is the log. Also upon running IE (with no addons) it ran just fine. It didn't freeze up or anything like it has been doing.
---------------------------------------------------------------

forhockey · 07-19-2009, 08:52 AM

Hello,

Lets try and get one online scan off with Trend Micro. This online scan is compatible with both IE and Firefox.

Perform an online scan with Trend Micro™ Housecall (by clicking the "Scan Now. It's Free!").

Follow the prompts to install the ActiveX controls
It will say "Loading TrendMicro definitions".
Click "Start Scan"

After it's done scanning, click "Scan Results"

Make sure all items found have a check next to them, then click "Clean Threats Now".
Click Exit.

--------------------------------------------------------------

There must be some add-ons you have running in Internet Explorer which are causing your problems. You'll have to go through and disable your add-ons one-by-one to determine which one is causing your problems. After, if you need assistance with disabling add-ons you can visit our Internet Explorer section of this forum.

-------------------------------------------------------------

Let me know how the scan went.

07-11-2009, 12:10 AM	#2 (permalink)
forhockey Analyst, Security Team Join Date: Sep 2006 Location: Ontario, Canada Posts: 2,942 OS: Windows 7 Ultimate	Re: Browser rendered useless, svchost.exe problems. Hi shinsengumi, Sorry for the delay in looking into your log, as we are extremely busy in this section of the forums. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions. Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription. -------------------------------------------------------------- Since its been awhile if you could please re-run DDS and post the resulting logs. Thanks __________________ Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum

07-11-2009, 09:36 AM	#3 (permalink)
shinsengumi Registered User Join Date: Jul 2009 Posts: 12 OS: win xp	Re: Browser rendered useless, svchost.exe problems. I'll have him re-run DDS as soon as he gets off work. I'll go subscribe and set it to instant notification, and thank you for your response.

07-11-2009, 02:29 PM	#4 (permalink)
shinsengumi Registered User Join Date: Jul 2009 Posts: 12 OS: win xp	Re: Browser rendered useless, svchost.exe problems. DDS (Ver_09-06-26.01) - NTFSx86 Run by Compaq_Administrator at 15:17:12.59 on Sat 07/11/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.688 [GMT -5:00] AV: Trend Micro PC-cillin Internet Security 2006 On-access scanning disabled (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5} FW: Trend Micro PC-cillin Internet Security (Firewall) enabled {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE svchost.exe C:\WINDOWS\arservice.exe C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\srvany.exe C:\pvsw\bin\w3dbsmgr.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe C:\windows\ld11.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\windows\pp10.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\MirageBot\MirageBot.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\svchost.exe -k sys C:\WINDOWS\system32\svchost.exe -k podmena C:\Documents and Settings\Compaq_Administrator\My Documents\download\ferdinkledink\dds.scr ============== Pseudo HJT Report =============== uWindow Title = Microsoft Internet Explorer provided by Bellsouth® Internet Service uStart Page = hxxp://www.my.att.net/ uDefault_Page_URL = hxxp://home.bellsouth.net uSearch Bar = hxxp://home.bellsouth.net/brw_minisearch mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop uInternet Connection Wizard,ShellNext = hxxp://accelerator.bellsouth.net/ mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop BHO: MRI_DISABLED - No File BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: BHO: {5b1d95a2-f547-4e5e-8902-622b08354622} - c:\windows\system32\iehelper.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe mRun: [WordPerfect Office 1215] c:\program files\wordperfect office 12\programs\Registration.exe /title="WordPerfect Office 12" /date=072609 serial=wa12wrx-0000002-hmd lang=EN mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe" mRun: [sysldtray] c:\windows\ld11.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe mRun: [Logitech Utility] Logi_MwX.Exe mRun: [pp] c:\windows\pp10.exe mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL LSP: c:\windows\system32\lsp.dll DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://echat.bellsouth.net/sdccommon/download/tgctlcm.cab DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} - hxxp://asp.mathxl.com/applets/PearsonInstallAsst.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab TCP: {9F83145F-552A-490E-A765-4B4365BF09E6} = 205.152.132.23 205.152.144.23 Filter: text/html - {3eb98e83-1610-459f-8de8-946e5099c64e} - c:\windows\system32\mst123.dll Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: MRI_DISABLED - c:\windows\system32\__c00E3C7D.dat LSA: Notification Packages = scecli ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\nkj9z70n.default\ FF - prefs.js: browser.startup.homepage - hxxp://doc.hostingdelivered.com/ FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava11.dll FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava12.dll FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava13.dll FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava14.dll FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava32.dll FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJPI150_05.dll FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPOJI610.dll ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R1 driverdrv;driverdrv;c:\program files\driver\driver.sys [2009-6-18 9472] R1 podmenadrv;podmenadrv;c:\program files\podmena\podmena.sys [2009-6-9 9472] R1 sysdrv;sysdrv;c:\program files\sys\sys.sys [2009-6-25 9344] R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\leapfrog\leapfrog connect\CommandService.exe [2009-2-4 991232] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 Pervasive.SQL Workgroup Engine;Pervasive.SQL Workgroup Engine;c:\windows\system32\srvany.exe [2008-8-30 13864] R2 podmena;podmena;c:\windows\system32\svchost.exe -k podmena [2004-8-10 14336] R2 sys;sys;c:\windows\system32\svchost.exe -k sys [2004-8-10 14336] R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-9-26 190480] R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-9-26 31248] R3 acfva;acfva;c:\windows\system32\drivers\ACFVA32.sys [2009-6-23 86656] R3 dgcfltr;DGC Filter Driver;c:\windows\system32\drivers\ACFDCP32.sys [2009-6-23 28928] S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2005-9-28 340037] S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2005-9-12 630845] S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2005-9-12 286788] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-4-13 18560] S3 HSFHWCD2;HSFHWCD2;c:\windows\system32\drivers\HSFHWCD2.sys [2009-6-18 201728] S3 papycpu;papycpu; [x] S4 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\ca533av.sys --> c:\windows\system32\drivers\Ca533av.sys [?] S4 dump_wmimmc;dump_wmimmc;\??\c:\nexon\maplestory\gameguard\dump_wmimmc.sys --> c:\nexon\maplestory\gameguard\dump_wmimmc.sys [?] S4 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\bulk533.sys --> c:\windows\system32\drivers\Bulk533.sys [?] =============== Created Last 30 ================ 2009-07-10 00:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCSettings 2009-07-10 00:30 <DIR> --d----- c:\program files\sys 2009-07-10 00:29 <DIR> --d----- c:\windows\Options 2009-07-10 00:28 <DIR> --d----- c:\program files\CONEXANT 2009-07-10 00:28 <DIR> --d----- c:\program files\driver 2009-07-10 00:26 <DIR> --d----- c:\program files\common files\muvee Technologies 2009-07-09 23:07 2 a------- c:\windows\0101120101464849.dat 2009-07-09 23:07 1 a------- c:\windows\934fdfg34fgjf23 2009-07-09 23:07 15,360 ----h--- c:\windows\pp10.exe 2009-07-01 16:56 33,792 a------- c:\windows\freddy49.exe 2009-06-28 04:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec 2009-06-28 04:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton 2009-06-28 03:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller 2009-06-26 23:56 77,161 a------- c:\windows\War3Unin.dat 2009-06-26 23:56 139,264 a------- c:\windows\War3Unin.exe 2009-06-26 23:56 2,829 a------- c:\windows\War3Unin.pif 2009-06-25 18:42 2 a------- c:\windows\010112010146118114.dat 2009-06-25 18:42 15,360 ----h--- c:\windows\ld11.exe 2009-06-24 16:50 139 a------- C:\d45.bat 2009-06-24 16:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Geek Squad 2009-06-23 21:47 <DIR> --d----- c:\windows\system32\wbem\Repository 2009-06-23 17:51 16,128 a------- c:\windows\system32\drivers\MODEMCSA.sys 2009-06-23 17:51 16,128 a------- c:\windows\system32\dllcache\modemcsa.sys 2009-06-23 17:50 26,112 a------- c:\windows\system32\drivers\usbser.sys 2009-06-23 17:50 26,112 a------- c:\windows\system32\dllcache\usbser.sys 2009-06-23 17:45 <DIR> --d----- c:\program files\NetWaiting 2009-06-23 17:44 212,992 a------- c:\windows\system32\UCI32C19.dll 2009-06-23 17:44 147,456 a------- c:\windows\system32\TAP32C03.dll 2009-06-23 17:44 94,208 a------- c:\windows\system32\ACFSDK32.dll 2009-06-23 17:44 86,656 a------- c:\windows\system32\drivers\ACFVA32.sys 2009-06-23 17:44 28,928 a------- c:\windows\system32\drivers\ACFDCP32.sys 2009-06-23 17:44 12,672 a------- c:\windows\system32\drivers\ACFSDK32.sys 2009-06-22 02:11 <DIR> --d----- c:\program files\MirageBot 2009-06-22 02:11 <DIR> --d----- c:\docume~1\compaq~1\applic~1\MirageBot 2009-06-22 00:09 2 ----h--- c:\windows\ro122621.dat 2009-06-20 23:22 2 ----h--- c:\windows\ro122597.dat 2009-06-18 18:58 2 ----h--- c:\windows\ro122689.dat 2009-06-18 17:59 201,728 a------- c:\windows\system32\drivers\HSFHWCD2.sys 2009-06-18 17:59 129,012 a------- c:\windows\system32\drivers\HSFProf.cty 2009-06-18 17:59 32,218 a------- c:\windows\system32\HSFCI009.dll 2009-06-18 17:59 1,041,536 a------- c:\windows\system32\drivers\HSF_DP.sys 2009-06-18 17:59 682,752 a------- c:\windows\system32\drivers\HSF_CNXT.sys 2009-06-18 17:53 14,848 a------- c:\windows\system32\mpnatapi.dll 2009-06-18 17:51 296 a------- c:\windows\artera.usr 2009-06-18 17:48 494 a------- c:\windows\EReg206.dat 2009-06-18 17:45 552,960 -------- c:\windows\system32\FAST2003.ocx 2009-06-18 17:45 204,800 -------- c:\windows\system32\FAST2006.ocx 2009-06-18 17:45 126,976 -------- c:\windows\system32\FAST2004.dll 2009-06-18 17:45 103,744 -------- c:\windows\system32\MSCOMM32.OCX 2009-06-17 18:40 21,504 a------- c:\windows\system32\hidserv.dll 2009-06-17 18:40 21,504 a------- c:\windows\system32\dllcache\hidserv.dll 2009-06-17 18:40 14,592 a------- c:\windows\system32\drivers\kbdhid.sys 2009-06-17 18:40 14,592 a------- c:\windows\system32\dllcache\kbdhid.sys 2009-06-16 19:50 5,632 a------- c:\windows\system32\ptpusb.dll 2009-06-16 19:50 159,232 a------- c:\windows\system32\ptpusd.dll 2009-06-16 18:16 <DIR> --d----- c:\program files\common files\Nikon 2009-06-16 18:16 <DIR> --d----- c:\program files\Nikon 2009-06-16 18:16 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT 2009-06-12 20:52 2 ----h--- c:\windows\ro123198.dat 2009-06-12 20:52 1 ----h--- c:\windows\bf23567.dat 2009-06-12 19:53 2 ----h--- c:\windows\ro123222.dat 2009-06-12 19:52 2 ----h--- c:\windows\ro123290.dat 2009-06-12 19:48 183,296 a------- c:\windows\system32\lsp.dll 2009-06-12 19:48 96,768 a------- c:\windows\syssvc.exe ==================== Find3M ==================== 2009-07-11 13:19 92,947 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-07-11 13:18 45,056 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe 2009-07-11 13:18 44,032 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe 2009-07-11 13:18 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll 2009-07-11 13:18 341,048 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection3.dll 2009-07-11 13:18 163,840 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll 2009-07-11 13:18 61,440 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll 2009-07-11 13:18 40,960 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll 2009-07-11 13:18 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll 2009-06-16 18:16 106,496 a------- c:\windows\system32\ATL71.DLL 2009-06-13 20:41 10,752 a------- c:\windows\system32\iehelper.dll 2009-06-09 17:47 43,008 ----h--- c:\windows\ld09.exe 2009-06-09 17:47 262,672 a------- c:\windows\sysguard.exe 2009-04-22 00:18 95,232 a------- c:\windows\system32\msscript.ocx.tmp 2006-06-02 15:17 0 ac------ c:\docume~1\compaq~1\applic~1\wklnhst.dat ============= FINISH: 15:17:21.12 ===============

07-11-2009, 11:34 PM	#7 (permalink)
forhockey Analyst, Security Team Join Date: Sep 2006 Location: Ontario, Canada Posts: 2,942 OS: Windows 7 Ultimate	Re: Browser rendered useless, svchost.exe problems. Hi shinsengumi, This is far from over. Please stick with me until I state the system is clean. I'll need you to carry on and reply back with the results when I ask. I'm currently working on a fix, and will get back to you. Please be patient. Thanks __________________ Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum

07-12-2009, 10:26 AM	#8 (permalink)
shinsengumi Registered User Join Date: Jul 2009 Posts: 12 OS: win xp	Re: Browser rendered useless, svchost.exe problems. Sorry, I didn't mean to sound like we thought it was over. Just wanted to let you know that his browser is working again. So there won't be any worries of miscommunication, and you can talk to him directly. I'll still be helping him though, and thank you again.

07-12-2009, 10:57 AM	#9 (permalink)
forhockey Analyst, Security Team Join Date: Sep 2006 Location: Ontario, Canada Posts: 2,942 OS: Windows 7 Ultimate	Re: Browser rendered useless, svchost.exe problems. Hello, Not a problem. Just because there are no symptoms doesn't technically mean your machine is still clean. -------------------------------------------------------------- Open notepad and copy/paste the text in the quotebox below into it: Code: http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/393358-browser-rendered-useless-svchost-exe-problems.html#post2231503 KILLALL:: Collect:: C:\d45.bat DirLook:: c:\documents and settings\All Users\Application Data\PCSettings c:\windows\Options Save this as CFScript Referring to the picture above, drag CFScript into ComboFix.exe Follow the prompts, and post the resulting log, C:\ComboFix.txt Warning: Do not mouseclick combofix's window whilst it's running. That may cause it to stall When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis. Please submit "[4]-Submit_Date_Time.zip" by following the prompts. Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file. -------------------------------------------------------------- Perform an online scan with Panda ActiveScan Click on Scan Your PC Now A "pop up" window will appear, or a new tab will open. Click on Register Choose the option you like most, but we recommend the Free Registration. Click on Register Enter your e-mail address, and create a password. Select "I do not want to receive any type of information". (unless you want to receive such information) Click on Send Confirm registration, and continue by entering your user name and password, then click on Enter Select Full Scan, then Click on Scan Now Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser. If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect Please ignore the offer to buy the program. Click on Export To Export the log and save it to your desktop. Please attach the contents of that log in your next reply. * Turn off the real time scanner of any existing antivirus program while performing the online scan -------------------------------------------------------------- Please reply back with the following: C:\ComboFix.txt Panda Active Scan log How is the system behaving now? __________________ Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum Last edited by forhockey; 07-12-2009 at 11:02 AM.

07-13-2009, 10:44 PM	#11 (permalink)
forhockey Analyst, Security Team Join Date: Sep 2006 Location: Ontario, Canada Posts: 2,942 OS: Windows 7 Ultimate	Re: Browser rendered useless, svchost.exe problems. Try running the scan with Internet Explorer. You can alternately give ESET online scan a try.. Go here to run an online scannner from ESET. Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Click Start Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked Click Scan Wait for the scan to finish Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt Copy and paste that log as a reply to this topic, along with a new HijackThis log and a description of any remaining problems __________________ Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum Last edited by forhockey; 07-13-2009 at 10:45 PM.

07-14-2009, 08:54 PM	#12 (permalink)
shinsengumi Registered User Join Date: Jul 2009 Posts: 12 OS: win xp	Re: Browser rendered useless, svchost.exe problems. My browser is encountering major problems again. I think it is actually on the verge of going back to the way it was because it is slow and laggy again and to post this reply i had to refresh the page multiple times to get it to load, I finally just had to restart my computer and it brought it right up but VERY slowly. As for the scans, neither will complete. ESET actually gave me the error "Cannot update, Make sure your proxies are configured and try again" I have downloaded it but 12% into the scan the error popped up and now it wont load at all because of my browser problems. (thank you for helping me thus far, and I will gladly donate to this awesome site if I can use this computer's browser normally again.)

07-16-2009, 11:56 AM	#14 (permalink)
shinsengumi Registered User Join Date: Jul 2009 Posts: 12 OS: win xp	Re: Browser rendered useless, svchost.exe problems. Upon running this scan it encountered a problem just like the other programs. Maybe something isn't allowing me to scan my system? The error on this one said it encountered a problem and needed to close. I was 130K files into the scan with one virus script found, 4 adware, and about 10 infected files. There was a total of 540K files that needed scanned...There were no programs in the background running, absolutely everything was closed.

07-17-2009, 08:15 AM	#15 (permalink)
shinsengumi Registered User Join Date: Jul 2009 Posts: 12 OS: win xp	Re: Browser rendered useless, svchost.exe problems. Yay!! I have finally got the Drcureit to finish it's scan and here are the results. I was more infected than I thought. ------------------------------------------------------------------------- setup.exe\data012;C:\Documents and Settings\Compaq_Administrator\Desktop\Programs\New Folder\New Folder (2)\setup.exe;Tool.Prockill;; setup.exe;C:\Documents and Settings\Compaq_Administrator\Desktop\Programs\New Folder\New Folder (2);Container contains infected objects;; www_newd2event_net.zip[1]/setup.exe\data012;C:\Documents and Settings\Compaq_Administrator\Desktop\Programs\New Folder\New Folder (2)\www_newd2event_net.zip[1]/setup.exe;Tool.Prockill;; setup.exe;C:\Documents and Settings\Compaq_Administrator\Desktop\Programs\New Folder\New Folder (2);Container contains infected objects;; www_newd2event_net.zip[1];C:\Documents and Settings\Compaq_Administrator\Desktop\Programs\New Folder\New Folder (2);Archive contains infected objects;; KillWind.exe;C:\hp\bin;Tool.ProcessKill;; BSInstall5.2.5.1.exe\data021;C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe;Adware.SearchAid.40;; BSInstall5.2.5.1.exe/data027\clientax.dll;C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe/data027;Adware.Zango;; data027;C:\Program Files\BearShare\Installer;Archive contains infected objects;; BSInstall5.2.5.1.exe/data030\data004;C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe/data030;Adware.Websearch.54;; BSInstall5.2.5.1.exe/data030\data005;C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe/data030;Adware.Msearch;; data030;C:\Program Files\BearShare\Installer;Container contains infected objects;; BSInstall5.2.5.1.exe;C:\Program Files\BearShare\Installer;Archive contains infected objects;; TSsetup.exe\data002;C:\Program Files\Online Services\Aol\Canada\comps\tpspd\TSsetup.exe;Probably DLOADER.Trojan;; TSsetup.exe;C:\Program Files\Online Services\Aol\Canada\comps\tpspd;Archive contains infected objects;; aolcinst.exe\core.cab\GTDOWNAO_106.ocx;C:\Program Files\Online Services\Aol\United States\AOL90\comps\coach\aolcinst.exe;Adware.Gdown;; aolcinst.exe;C:\Program Files\Online Services\Aol\United States\AOL90\comps\coach;Archive contains infected objects;; aolcinst.exe\core.cab\GTDOWNAO_106.ocx;C:\Program Files\Online Services\Aol\United States\AOL90E\comps\coach\aolcinst.exe;Adware.Gdown;; aolcinst.exe;C:\Program Files\Online Services\Aol\United States\AOL90E\comps\coach;Archive contains infected objects;; TSsetup.exe\data002;C:\Program Files\Online Services\Canada\AOL-MAX\comps\tpspd\TSsetup.exe;Probably DLOADER.Trojan;; TSsetup.exe;C:\Program Files\Online Services\Canada\AOL-MAX\comps\tpspd;Archive contains infected objects;; PPCInstall.dll;C:\Program Files\Online Services\PeoplePC;Probably STPAGE.Trojan;; driver.dll.vir;C:\Qoobox\Quarantine\C\Program Files\driver;BackDoor.Siggen.204;; driver.sys.vir;C:\Qoobox\Quarantine\C\Program Files\driver;BackDoor.Siggen.204;; sys.dll.vir;C:\Qoobox\Quarantine\C\Program Files\sys;Trojan.DownLoad.38749;; sys.sys.vir;C:\Qoobox\Quarantine\C\Program Files\sys;Trojan.NtRootKit.3021;; freddy49.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS;Trojan.DownLoad.39933;; ld11.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS;Trojan.DownLoad.38934;; pp10.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS;Trojan.PWS.Brauz.10;; syssvc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS;Win32.HLLM.Limar.origin;; iehelper.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Fakealert.4405;; A0006491.dll;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1;BackDoor.Siggen.204;; A0006492.sys;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1;BackDoor.Siggen.204;; A0006496.dll;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1;Trojan.DownLoad.38749;; A0006497.sys;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1;Trojan.NtRootKit.3021;; A0006498.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1;Trojan.DownLoad.39933;; A0006501.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1;Trojan.DownLoad.38934;; A0006502.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1;Trojan.PWS.Brauz.10;; A0006504.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1;Win32.HLLM.Limar.origin;; A0006505.dll;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1;Trojan.Fakealert.4405;; firstopt.js;D:\I386\Apps\APP18076;Probably SCRIPT.Virus;;

07-17-2009, 09:07 PM	#17 (permalink)
shinsengumi Registered User Join Date: Jul 2009 Posts: 12 OS: win xp	Re: Browser rendered useless, svchost.exe problems. 2007 Microsoft Office Suite Service Pack 1 (SP1) Adobe Download Manager 2.0 (Remove Only) Adobe Flash Player 10 ActiveX Adobe Reader 7.0 Agere Systems PCI-SV92PP Soft Modem AOL Instant Messenger ArcSoft Panorama Maker 4 ATI Control Panel ATI Display Driver BellSouth Dial Internet Service Setup Compaq Multimedia Keyboard Software Connection Enhancement Software(BellSouthNet) cp_LightScribeConfig cp_LightScribePlugin CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 Customer Experience Enhancement File Uploader GIMP 2.6.6 Google Toolbar for Internet Explorer High Definition Audio Driver Package - KB888111 HijackThis 1.99.1 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows XP (KB888795) Hotfix for Windows XP (KB891593) Hotfix for Windows XP (KB895961) Hotfix for Windows XP (KB899337) Hotfix for Windows XP (KB899510) Hotfix for Windows XP (KB902841) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB952287) HP Boot Optimizer HP DigitalMedia Archive HP Software Update HP Support Overview HpSdpAppCoreApp InterVideo WinDVD Player J2SE Runtime Environment 5.0 Update 5 LeapFrog Connect LeapFrog Tag Plugin Lexmark X5100 Series LG USB Modem Drivers LightScribe 1.4.52.1 Logitech MouseWare 9.79 Logitech Resource Center Microsoft .NET Framework 1.0 Hotfix (KB887998) Microsoft .NET Framework 1.0 Hotfix (KB930494) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft Away Mode Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional 2007 Microsoft Office Professional 2007 Trial Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Standard Edition 2003 Microsoft Office Word MUI (English) 2007 Microsoft Software Update for Web Folders (English) 12 Microsoft Visual C++ 2005 Redistributable Microsoft Works MirageBot 9.0 Final Mozilla Firefox (3.5) MS Access 97 SP2 MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 6 Service Pack 2 (KB954459) NetWaiting Network Play System (Patching) Nikon Message Center Nikon Transfer Otto PC-Doctor 5 for Windows Peachtree Accounting 2008 Peachtree Complete Accounting Educational Version 2008 PeachTree Signature Ready Forms Pervasive Software PSQL v9.1 Client Pervasive System Analyzer v9.1 PH General Ledger v5 Polaroid i532 PS2 QuickTime RealPlayer Security Update for 2007 Microsoft Office System (KB951550) Security Update for 2007 Microsoft Office System (KB951944) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB969679) Security Update for CAPICOM (KB931906) Security Update for Microsoft Office Excel 2007 (KB959997) Security Update for Microsoft Office PowerPoint 2007 (KB957789) Security Update for Microsoft Office Publisher 2007 (KB950114) Security Update for Microsoft Office system 2007 (KB954326) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office Word 2007 (KB956358) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Visio 2007 (KB947590) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB929969) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931768) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933566) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937143) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939653) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB942615) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944338) Security Update for Windows XP (KB944533) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB947864) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Sony USB Driver Starcraft StealthBot v2.6 Revision 3 (remove only) TomTom HOME Trend Micro PC-cillin Internet Security 2006 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office Outlook 2007 (KB952142) Update for Outlook 2007 Junk Email Filter (kb970012) Update for Windows Media Player 10 (KB910393) Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB925720) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB932823-v3) Update for Windows XP (KB933360) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB942840) Update for Windows XP (KB946627) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB953356) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update Rollup 2 for Windows XP Media Center Edition 2005 USB Modem VC_MergeModuleToMSI Warcraft III: All Products WebFldrs XP Windows Communication Foundation Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6) Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Media Format Runtime Windows Presentation Foundation Windows Workflow Foundation Windows XP Hotfix - KB873339 Windows XP Hotfix - KB883667 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB892050 Windows XP Hotfix - KB893066 Windows XP Media Center Edition 2005 KB908250 WinZip 12.1 WordPerfect Office 12 XML Paper Specification Shared Components Pack 1.0 -------------------------------------------------------- Firefox is running fine, but IE is the problem, which I don't really use and/or need. IE doesn't load a lot of the time and when it does it is very slow and laggy, but as long as I have my firefox everything is okay with me.

07-18-2009, 01:33 PM	#18 (permalink)
forhockey Analyst, Security Team Join Date: Sep 2006 Location: Ontario, Canada Posts: 2,942 OS: Windows 7 Ultimate	Re: Browser rendered useless, svchost.exe problems. Hi shinsengumi, Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\Documents and Settings\Compaq_Administrator\Desktop\Programs\New Folder\New Folder (2)\setup.exe C:\Documents and Settings\Compaq_Administrator\Desktop\Programs\New Folder\New Folder (2)\www_newd2event_net.zip C:\Program Files\BearShare -------------------------------------------------------------- Please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform Fullscan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply. -------------------------------------------------------------- Also, you can try running Internet Explorer as follows to see if it still freezes.. Start -> Programs -> Accessories -> System Tools -> Internet Explorer (No Add-ons) Let me know if this makes a difference? __________________ Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum

07-19-2009, 08:52 AM	#20 (permalink)
forhockey Analyst, Security Team Join Date: Sep 2006 Location: Ontario, Canada Posts: 2,942 OS: Windows 7 Ultimate	Re: Browser rendered useless, svchost.exe problems. Hello, Lets try and get one online scan off with Trend Micro. This online scan is compatible with both IE and Firefox. Perform an online scan with Trend Micro™ Housecall (by clicking the "Scan Now. It's Free!"). Follow the prompts to install the ActiveX controls It will say "Loading TrendMicro definitions". Click "Start Scan" After it's done scanning, click "Scan Results" Make sure all items found have a check next to them, then click "Clean Threats Now". Click Exit. -------------------------------------------------------------- There must be some add-ons you have running in Internet Explorer which are causing your problems. You'll have to go through and disable your add-ons one-by-one to determine which one is causing your problems. After, if you need assistance with disabling add-ons you can visit our Internet Explorer section of this forum. ------------------------------------------------------------- Let me know how the scan went. __________________ Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum