We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
hijack this please
nikiyoung
Posts: 576 Forumite
in Techie Stuff
[FONT="]Help me pls computer running slow any suggestions?[/FONT]
[FONT="]this is my Hijack this log
[/FONT]
[FONT="]
[/FONT]
[FONT="]Logfile of Trend Micro HijackThis v2.0.2[/FONT]
[FONT="]Scan saved at 15:05:23, on 04/05/2009[/FONT]
[FONT="]Platform: Windows XP SP2 (WinNT 5.01.2600)[/FONT]
[FONT="]MSIE: Internet Explorer v8.00 (8.00.6001.18241)[/FONT]
[FONT="]Boot mode: Normal[/FONT]
[FONT="] [/FONT]
[FONT="]Running processes:[/FONT]
[FONT="]C:\WINDOWS\System32\smss.exe[/FONT]
[FONT="]C:\WINDOWS\system32\winlogon.exe[/FONT]
[FONT="]C:\WINDOWS\system32\services.exe[/FONT]
[FONT="]C:\WINDOWS\system32\lsass.exe[/FONT]
[FONT="]C:\WINDOWS\system32\svchost.exe[/FONT]
[FONT="]C:\Program Files\Windows Defender\MsMpEng.exe[/FONT]
[FONT="]C:\WINDOWS\System32\svchost.exe[/FONT]
[FONT="]C:\WINDOWS\system32\spoolsv.exe[/FONT]
[FONT="]C:\WINDOWS\Explorer.EXE[/FONT]
[FONT="]C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[/FONT]
[FONT="]C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[/FONT]
[FONT="]C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[/FONT]
[FONT="]C:\Program Files\Bonjour\mDNSResponder.exe[/FONT]
[FONT="]C:\windows\system\hpsysdrv.exe[/FONT]
[FONT="]C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[/FONT]
[FONT="]C:\WINDOWS\System32\svchost.exe[/FONT]
[FONT="]C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe[/FONT]
[FONT="]C:\Program Files\Windows Defender\MSASCui.exe[/FONT]
[FONT="]C:\Program Files\Java\jre6\bin\jqs.exe[/FONT]
[FONT="]C:\PROGRA~1\BTBROA~1\SMARTB~1\BTHelpNotifier.exe[/FONT]
[FONT="]C:\Program Files\btbb_wcm\McciTrayApp.exe[/FONT]
[FONT="]C:\WINDOWS\tsnp2std.exe[/FONT]
[FONT="]C:\WINDOWS\vsnp2std.exe[/FONT]
[FONT="]C:\WINDOWS\Mixer.exe[/FONT]
[FONT="]C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[/FONT]
[FONT="]C:\PROGRA~1\Yahoo!\browser\ycommon.exe[/FONT]
[FONT="]C:\PROGRA~1\AVG\AVG8\avgtray.exe[/FONT]
[FONT="]C:\WINDOWS\System32\svchost.exe[/FONT]
[FONT="]C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[/FONT]
[FONT="]C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[/FONT]
[FONT="]C:\Program Files\BT Auto Backup\VaultClientSRV.exe[/FONT]
[FONT="]C:\WINDOWS\system32\SearchIndexer.exe[/FONT]
[FONT="]C:\Program Files\Java\jre6\bin\jusched.exe[/FONT]
[FONT="]C:\Program Files\Common Files\Real\Update_OB\realsched.exe[/FONT]
[FONT="]C:\Program Files\iTunes\iTunesHelper.exe[/FONT]
[FONT="]C:\PROGRA~1\AVG\AVG8\avgrsx.exe[/FONT]
[FONT="]C:\WINDOWS\system32\ctfmon.exe[/FONT]
[FONT="]C:\PROGRA~1\AVG\AVG8\avgemc.exe[/FONT]
[FONT="]C:\PROGRA~1\AVG\AVG8\avgnsx.exe[/FONT]
[FONT="]C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[/FONT]
[FONT="]C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[/FONT]
[FONT="]C:\Program Files\Windows Media Player\WMPNSCFG.exe[/FONT]
[FONT="]C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[/FONT]
[FONT="]C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[/FONT]
[FONT="]C:\Program Files\AVG\AVG8\avgcsrvx.exe[/FONT]
[FONT="]C:\Program Files\Windows Desktop Search\WindowsSearch.exe[/FONT]
[FONT="]C:\Program Files\iPod\bin\iPodService.exe[/FONT]
[FONT="]C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[/FONT]
[FONT="]C:\Program Files\Trend Micro\HijackThis\HijackThis.exe[/FONT]
[FONT="] [/FONT]
[FONT="]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb10.hpwis.com/[/FONT]
[FONT="]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html[/FONT]
[FONT="]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/[/FONT]
[FONT="]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tesco.com/superstore/frames/default.asp?buttons=&url=/superstore/frames/main.asp[/FONT]
[FONT="]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157[/FONT]
[FONT="]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896[/FONT]
[FONT="]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html[/FONT]
[FONT="]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896[/FONT]
[FONT="]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157[/FONT]
[FONT="]R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/[/FONT]
[FONT="]R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local[/FONT]
[FONT="]R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll[/FONT]
[FONT="]O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll[/FONT]
[FONT="]O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll[/FONT]
[FONT="]O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll[/FONT]
[FONT="]O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll[/FONT]
[FONT="]O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll[/FONT]
[FONT="]O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll[/FONT]
[FONT="]O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll[/FONT]
[FONT="]O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll[/FONT]
[FONT="]O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll[/FONT]
[FONT="]O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll[/FONT]
[FONT="]O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll[/FONT]
[FONT="]O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll[/FONT]
[FONT="]O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe[/FONT]
[FONT="]O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"[/FONT]
[FONT="]O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE[/FONT]
[FONT="]O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup[/FONT]
[FONT="]O4 - HKLM\..\Run: [nwiz] nwiz.exe /install[/FONT]
[FONT="]O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit[/FONT]
[FONT="]O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe[/FONT]
[FONT="]O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe[/FONT]
[FONT="]O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide[/FONT]
[FONT="]O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~1\SMARTB~1\BTHelpNotifier.exe[/FONT]
[FONT="]O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe[/FONT]
[FONT="]O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe[/FONT]
[FONT="]O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe[/FONT]
[FONT="]O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup[/FONT]
[FONT="]O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"[/FONT]
[FONT="]O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe[/FONT]
[FONT="]O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[/FONT]
[FONT="]O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"[/FONT]
[FONT="]O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"[/FONT]
[FONT="]O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime[/FONT]
[FONT="]O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"[/FONT]
[FONT="]O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot[/FONT]
[FONT="]O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"[/FONT]
[FONT="]O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe[/FONT]
[FONT="]O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe[/FONT]
[FONT="]O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"[/FONT]
[FONT="]O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[/FONT]
[FONT="]O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[/FONT]
[FONT="]O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe[/FONT]
[FONT="]O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c[/FONT]
[FONT="]O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet[/FONT]
[FONT="]O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GoogleT5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2)" -"http://www.bbc.co.uk/cbbc/games/musicart/#/lb/games/play/buildaband"[/FONT]
[FONT="]O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')[/FONT]
[FONT="]O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')[/FONT]
[FONT="]O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')[/FONT]
[FONT="]O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')[/FONT]
[FONT="]O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe[/FONT]
[FONT="]O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe[/FONT]
[FONT="]O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM[/FONT]
[FONT="]O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm[/FONT]
[FONT="]O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200[/FONT]
[FONT="]O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM[/FONT]
[FONT="]O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000[/FONT]
[FONT="]O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM[/FONT]
[FONT="]O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM[/FONT]
[FONT="]O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm[/FONT]
[FONT="]O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm[/FONT]
[FONT="]O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm[/FONT]
[FONT="]O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll[/FONT]
[FONT="]O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll[/FONT]
[FONT="]O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll[/FONT]
[FONT="]O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll[/FONT]
[FONT="]O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll[/FONT]
[FONT="]O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll[/FONT]
[FONT="]O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll[/FONT]
[FONT="]O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL[/FONT]
[FONT="]O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe[/FONT]
[FONT="]O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe[/FONT]
[FONT="]O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe[/FONT]
[FONT="]O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe[/FONT]
[FONT="]O16 - DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} (PhotoBox uploader) - http://static.photobox.co.uk/sg/common/ImageUploader4.cab[/FONT]
[FONT="]O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab[/FONT]
[FONT="]O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab[/FONT]
[FONT="]O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll[/FONT]
[FONT="]O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab[/FONT]
[FONT="]O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab[/FONT]
[FONT="]O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab[/FONT]
[FONT="]O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/FONT]
[FONT="]O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.photobox.co.uk/sg/common/ImageUploader4.cab[/FONT]
[FONT="]O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab[/FONT]
[FONT="]O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab[/FONT]
[FONT="]O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab[/FONT]
[FONT="]O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.tescophoto.com/wpp/tesco//app/opcuploader.cab[/FONT]
[FONT="]O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab[/FONT]
[FONT="]O16 - DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} - http://www.gomusic.ru/cabs/xdownloader.cab[/FONT]
[FONT="]O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/FONT]
[FONT="]O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx[/FONT]
[FONT="]O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://213.129.66.245:8081/activex/AMC.cab[/FONT]
[FONT="]O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab[/FONT]
[FONT="]O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll[/FONT]
[FONT="]O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll[/FONT]
[FONT="]O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll[/FONT]
[FONT="]O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL[/FONT]
[FONT="]O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll[/FONT]
[FONT="]O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[/FONT]
[FONT="]O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)[/FONT]
[FONT="]O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[/FONT]
[FONT="]O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe[/FONT]
[FONT="]O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[/FONT]
[FONT="]O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe[/FONT]
[FONT="]O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe[/FONT]
[FONT="]O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe[/FONT]
[FONT="]O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[/FONT]
[FONT="]O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe[/FONT]
[FONT="]O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe[/FONT]
[FONT="]O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe[/FONT]
[FONT="]O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe[/FONT]
[FONT="]O23 - Service: BT Auto Backup Service (VaultClientSRV) - Unknown owner - C:\Program Files\BT Auto Backup\VaultClientSRV.exe[/FONT]
[FONT="] [/FONT]
[FONT="]--[/FONT]
[FONT="]End of file - 16649 bytes[/FONT]
thanks
Niki
[FONT="][/FONT]
[FONT="]this is my Hijack this log
[/FONT]
[FONT="]
[/FONT]
[FONT="]Logfile of Trend Micro HijackThis v2.0.2[/FONT]
[FONT="]Scan saved at 15:05:23, on 04/05/2009[/FONT]
[FONT="]Platform: Windows XP SP2 (WinNT 5.01.2600)[/FONT]
[FONT="]MSIE: Internet Explorer v8.00 (8.00.6001.18241)[/FONT]
[FONT="]Boot mode: Normal[/FONT]
[FONT="] [/FONT]
[FONT="]Running processes:[/FONT]
[FONT="]C:\WINDOWS\System32\smss.exe[/FONT]
[FONT="]C:\WINDOWS\system32\winlogon.exe[/FONT]
[FONT="]C:\WINDOWS\system32\services.exe[/FONT]
[FONT="]C:\WINDOWS\system32\lsass.exe[/FONT]
[FONT="]C:\WINDOWS\system32\svchost.exe[/FONT]
[FONT="]C:\Program Files\Windows Defender\MsMpEng.exe[/FONT]
[FONT="]C:\WINDOWS\System32\svchost.exe[/FONT]
[FONT="]C:\WINDOWS\system32\spoolsv.exe[/FONT]
[FONT="]C:\WINDOWS\Explorer.EXE[/FONT]
[FONT="]C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[/FONT]
[FONT="]C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[/FONT]
[FONT="]C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[/FONT]
[FONT="]C:\Program Files\Bonjour\mDNSResponder.exe[/FONT]
[FONT="]C:\windows\system\hpsysdrv.exe[/FONT]
[FONT="]C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[/FONT]
[FONT="]C:\WINDOWS\System32\svchost.exe[/FONT]
[FONT="]C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe[/FONT]
[FONT="]C:\Program Files\Windows Defender\MSASCui.exe[/FONT]
[FONT="]C:\Program Files\Java\jre6\bin\jqs.exe[/FONT]
[FONT="]C:\PROGRA~1\BTBROA~1\SMARTB~1\BTHelpNotifier.exe[/FONT]
[FONT="]C:\Program Files\btbb_wcm\McciTrayApp.exe[/FONT]
[FONT="]C:\WINDOWS\tsnp2std.exe[/FONT]
[FONT="]C:\WINDOWS\vsnp2std.exe[/FONT]
[FONT="]C:\WINDOWS\Mixer.exe[/FONT]
[FONT="]C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[/FONT]
[FONT="]C:\PROGRA~1\Yahoo!\browser\ycommon.exe[/FONT]
[FONT="]C:\PROGRA~1\AVG\AVG8\avgtray.exe[/FONT]
[FONT="]C:\WINDOWS\System32\svchost.exe[/FONT]
[FONT="]C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[/FONT]
[FONT="]C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[/FONT]
[FONT="]C:\Program Files\BT Auto Backup\VaultClientSRV.exe[/FONT]
[FONT="]C:\WINDOWS\system32\SearchIndexer.exe[/FONT]
[FONT="]C:\Program Files\Java\jre6\bin\jusched.exe[/FONT]
[FONT="]C:\Program Files\Common Files\Real\Update_OB\realsched.exe[/FONT]
[FONT="]C:\Program Files\iTunes\iTunesHelper.exe[/FONT]
[FONT="]C:\PROGRA~1\AVG\AVG8\avgrsx.exe[/FONT]
[FONT="]C:\WINDOWS\system32\ctfmon.exe[/FONT]
[FONT="]C:\PROGRA~1\AVG\AVG8\avgemc.exe[/FONT]
[FONT="]C:\PROGRA~1\AVG\AVG8\avgnsx.exe[/FONT]
[FONT="]C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[/FONT]
[FONT="]C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[/FONT]
[FONT="]C:\Program Files\Windows Media Player\WMPNSCFG.exe[/FONT]
[FONT="]C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[/FONT]
[FONT="]C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[/FONT]
[FONT="]C:\Program Files\AVG\AVG8\avgcsrvx.exe[/FONT]
[FONT="]C:\Program Files\Windows Desktop Search\WindowsSearch.exe[/FONT]
[FONT="]C:\Program Files\iPod\bin\iPodService.exe[/FONT]
[FONT="]C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[/FONT]
[FONT="]C:\Program Files\Trend Micro\HijackThis\HijackThis.exe[/FONT]
[FONT="] [/FONT]
[FONT="]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb10.hpwis.com/[/FONT]
[FONT="]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html[/FONT]
[FONT="]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/[/FONT]
[FONT="]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tesco.com/superstore/frames/default.asp?buttons=&url=/superstore/frames/main.asp[/FONT]
[FONT="]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157[/FONT]
[FONT="]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896[/FONT]
[FONT="]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html[/FONT]
[FONT="]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896[/FONT]
[FONT="]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157[/FONT]
[FONT="]R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/[/FONT]
[FONT="]R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local[/FONT]
[FONT="]R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll[/FONT]
[FONT="]O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll[/FONT]
[FONT="]O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll[/FONT]
[FONT="]O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll[/FONT]
[FONT="]O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll[/FONT]
[FONT="]O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll[/FONT]
[FONT="]O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll[/FONT]
[FONT="]O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll[/FONT]
[FONT="]O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll[/FONT]
[FONT="]O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll[/FONT]
[FONT="]O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll[/FONT]
[FONT="]O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll[/FONT]
[FONT="]O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll[/FONT]
[FONT="]O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe[/FONT]
[FONT="]O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"[/FONT]
[FONT="]O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE[/FONT]
[FONT="]O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup[/FONT]
[FONT="]O4 - HKLM\..\Run: [nwiz] nwiz.exe /install[/FONT]
[FONT="]O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit[/FONT]
[FONT="]O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe[/FONT]
[FONT="]O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe[/FONT]
[FONT="]O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide[/FONT]
[FONT="]O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~1\SMARTB~1\BTHelpNotifier.exe[/FONT]
[FONT="]O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe[/FONT]
[FONT="]O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe[/FONT]
[FONT="]O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe[/FONT]
[FONT="]O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup[/FONT]
[FONT="]O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"[/FONT]
[FONT="]O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe[/FONT]
[FONT="]O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[/FONT]
[FONT="]O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"[/FONT]
[FONT="]O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"[/FONT]
[FONT="]O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime[/FONT]
[FONT="]O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"[/FONT]
[FONT="]O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot[/FONT]
[FONT="]O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"[/FONT]
[FONT="]O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe[/FONT]
[FONT="]O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe[/FONT]
[FONT="]O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"[/FONT]
[FONT="]O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[/FONT]
[FONT="]O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[/FONT]
[FONT="]O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe[/FONT]
[FONT="]O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c[/FONT]
[FONT="]O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet[/FONT]
[FONT="]O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GoogleT5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2)" -"http://www.bbc.co.uk/cbbc/games/musicart/#/lb/games/play/buildaband"[/FONT]
[FONT="]O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')[/FONT]
[FONT="]O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')[/FONT]
[FONT="]O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')[/FONT]
[FONT="]O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')[/FONT]
[FONT="]O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe[/FONT]
[FONT="]O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe[/FONT]
[FONT="]O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM[/FONT]
[FONT="]O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm[/FONT]
[FONT="]O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200[/FONT]
[FONT="]O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM[/FONT]
[FONT="]O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000[/FONT]
[FONT="]O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM[/FONT]
[FONT="]O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM[/FONT]
[FONT="]O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm[/FONT]
[FONT="]O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm[/FONT]
[FONT="]O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm[/FONT]
[FONT="]O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll[/FONT]
[FONT="]O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll[/FONT]
[FONT="]O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll[/FONT]
[FONT="]O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll[/FONT]
[FONT="]O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll[/FONT]
[FONT="]O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll[/FONT]
[FONT="]O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll[/FONT]
[FONT="]O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL[/FONT]
[FONT="]O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe[/FONT]
[FONT="]O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe[/FONT]
[FONT="]O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe[/FONT]
[FONT="]O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe[/FONT]
[FONT="]O16 - DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} (PhotoBox uploader) - http://static.photobox.co.uk/sg/common/ImageUploader4.cab[/FONT]
[FONT="]O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab[/FONT]
[FONT="]O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab[/FONT]
[FONT="]O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll[/FONT]
[FONT="]O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab[/FONT]
[FONT="]O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab[/FONT]
[FONT="]O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab[/FONT]
[FONT="]O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/FONT]
[FONT="]O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.photobox.co.uk/sg/common/ImageUploader4.cab[/FONT]
[FONT="]O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab[/FONT]
[FONT="]O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab[/FONT]
[FONT="]O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab[/FONT]
[FONT="]O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.tescophoto.com/wpp/tesco//app/opcuploader.cab[/FONT]
[FONT="]O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab[/FONT]
[FONT="]O16 - DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} - http://www.gomusic.ru/cabs/xdownloader.cab[/FONT]
[FONT="]O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/FONT]
[FONT="]O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx[/FONT]
[FONT="]O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://213.129.66.245:8081/activex/AMC.cab[/FONT]
[FONT="]O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab[/FONT]
[FONT="]O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll[/FONT]
[FONT="]O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll[/FONT]
[FONT="]O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll[/FONT]
[FONT="]O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL[/FONT]
[FONT="]O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll[/FONT]
[FONT="]O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[/FONT]
[FONT="]O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)[/FONT]
[FONT="]O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[/FONT]
[FONT="]O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe[/FONT]
[FONT="]O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[/FONT]
[FONT="]O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe[/FONT]
[FONT="]O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe[/FONT]
[FONT="]O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe[/FONT]
[FONT="]O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[/FONT]
[FONT="]O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe[/FONT]
[FONT="]O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe[/FONT]
[FONT="]O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe[/FONT]
[FONT="]O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe[/FONT]
[FONT="]O23 - Service: BT Auto Backup Service (VaultClientSRV) - Unknown owner - C:\Program Files\BT Auto Backup\VaultClientSRV.exe[/FONT]
[FONT="] [/FONT]
[FONT="]--[/FONT]
[FONT="]End of file - 16649 bytes[/FONT]
thanks
Niki
[FONT="][/FONT]
:wave:
0
Comments
-
FIX these with hijack ~
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:PROGRA~1COMMON~1AOLAOLSPY~1\aolserv.exe (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O16 - DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} - http://www.gomusic.ru/cabs/xdownloader.cab
Download MALWAREBYTES (Make sure you click 'DOWNLOAD NOW')
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
UPDATE and FULL SCAN
Post the log here AFTER youve deleted everything it finds:idea:0 -
Ok malwarebytes log:
Malwarebytes' Anti-Malware 1.36
Database version: 2071
Windows 5.1.2600 Service Pack 2
04/05/2009 18:55:04
mbam-log-2009-05-04 (18-55-04).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 224921
Time elapsed: 1 hour(s), 15 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected):wave:0 -
its firefox that is taking forever to open - any ideas??:wave:0
-
You got any add ons for firefox, what version of firefox are you using0
-
Have you tried updating firefox?
It could be something to do with you only having Service Pack 2 when you SHOULD be on SP3 (Security updates etc)
Aside from that id follow the above advice and look into the firefox 'add ons' you use:idea:0 -
how do i get sp3??
tried windows updater but it hasn't registered that i need a update on the service pack
x:wave:0 -
Some computers do fail on that for some reason (I forgets the possibles off top of my head)
heres the link through microsoft ~
http://www.microsoft.com/downloads/details.aspx?FamilyId=5B33B5A8-5E76-401F-BE08-1E1555D4F3D4&displaylang=en
Switch EVERYTHING off you can when you atempt to install it:idea:0 -
ok now on sp3 thanks
firefox has no add ons now just mail, spelling and auto-fill.
still takes some time getting windows starting up any ideas?
faster than it was though :wave:0 -
Download CCLEANER (Click 'DOWNLOAD LATEST VERSION' ~ UNTICK the yahoo toolbar)
http://www.filehippo.com/download_ccleaner/
Run the top 2 scans (Backup the registry when it asks)
Then goto TOOLS and STARTUP and untick everything thats not needed at startup (Yahoo toolbar, itunes, quicktime etc etc etc):idea:0 -
hmm trying to work out what i need and dont need - i would paste a "zap grab" but firefox and ie8 wont let me
itunes helper?
windows search?
BT Broadband Desktop help?
TkBellExe?
Groove monitor?
Arcsoft connection service?
AVG8 (think I need this?)
YBrowser?
Motive Smartbridge?
btbb_wcm_McciTrayApp?
Nerofilter check?
NvMediaCenter?
nwiz?
NvCplDaemon?
AlcxMonitor?
hpsysdrv?
shockwave updater?
WMPNSCFG?
swg?
NBJ?
ctfom.exe?
BackupNotify?
EPSON Stylus Photo R220 Series?
tsnp2std?
C-Media Mixer?
please can you tell me which ones i should remove please.
Thanks in advance
Niki:wave:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.3K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.3K Work, Benefits & Business
- 601K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards