TechSpot

Late night removal Hijack log

By scottpanic
Aug 5, 2011
  1. I see the Avg file.I uninstalled it and it keeps repopulating. No regenerate file, unless I don't see it. I see other things not sure of as well. My system takes forever to load and lags bad. The windows music plays while I hang on the welcome window sometimes for a min or so. I have Cs4. Do you see anything else?

    Sent new File as requested

    Edit: Bold attributes removed by Bobbye
     
  2. scottpanic

    scottpanic TS Rookie Topic Starter

    Start up Lag Gone. Files repopulate

    I read there is a conflict with ATI and the latest windows update

    Removed C:\WINDOWS\eHome\ehSched.exe and renamed ehRecvr.exe. The ehSched.exe keeps repopulating.

    However the lag at start up is gone. What can I do to remove these two. Is it a ATI / windows issue?
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! You have posted in the Virus and Malware forum. We do not use HijackThis to 'screen' for malware.

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    ================================================
    If problems are found that are not related to malware, the your question should be posted in a more appropriate forum. The is an abundance of information available for slow computer, slow startup or shutdown, both on TechSpot and the internet.
    ==============================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
     
  4. scottpanic

    scottpanic TS Rookie Topic Starter

    Thank you

    Use Second Batch Loaded Comodo and nothing worked. Uninstalled . Sitting tight now...
     

    Attached Files:

  5. scottpanic

    scottpanic TS Rookie Topic Starter

    New Files - I will wait till you respond..

    These are the new files. System became unstable when I loaded comodo firewall. Just using windows firewall now. System conflicts ?
     

    Attached Files:

  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please read instructions:

     
  7. scottpanic

    scottpanic TS Rookie Topic Starter

    So Sorry. I hope I got it .... Thanks

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Home1 at 9:33:26 on 2011-08-05
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1221 [GMT -7:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    svchost.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\System32\snmp.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
    C:\Documents and Settings\Home1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Home1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Home1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Home1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Home1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Home1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Documents and Settings\Home1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
    mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
    mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
    mRun: [Run StartupMonitor] StartupMonitor.exe
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    uPolicies-explorer: <NO NAME> =
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
    TCP: Interfaces\{F6BBE61C-C41B-45EB-A7F5-C63DB13D1876} : DhcpNameServer = 167.206.254.1 167.206.254.2
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-4 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-8-4 309848]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-8-4 19544]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-8-4 42184]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2011-3-21 231424]
    S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidseh.sys --> c:\windows\system32\drivers\AVGIDSEH.Sys [?]
    S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys --> c:\windows\system32\drivers\avgrkx86.sys [?]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]
    S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]
    S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-4 136176]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriver.sys --> c:\windows\system32\drivers\AVGIDSDriver.Sys [?]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilter.sys --> c:\windows\system32\drivers\AVGIDSFilter.Sys [?]
    S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshim.sys --> c:\windows\system32\drivers\AVGIDSShim.Sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-4 136176]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 AVGIDSAgent;AVGIDSAgent;"c:\program files\avg\avg10\identity protection\agent\bin\avgidsagent.exe" --> c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [?]
    S4 avgwd;AVG WatchDog;"c:\program files\avg\avg10\avgwdsvc.exe" --> c:\program files\avg\avg10\avgwdsvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-08-05 04:58:19 22 --sha-w- c:\documents and settings\home1\application data\Sys2662.Config.Repository.bin
    2011-08-05 04:57:48 -------- d-----w- c:\program files\jv16 PowerTools 2011
    2011-08-05 01:33:29 -------- d-----w- C:\tempfont
    2011-08-04 22:30:49 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-08-04 22:30:12 40112 ----a-w- c:\windows\avastSS.scr
    2011-08-04 22:29:55 -------- d-----w- c:\program files\AVAST Software
    2011-08-04 22:29:55 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
    2011-08-04 15:38:05 -------- d-----w- c:\windows\IIS Temporary Compressed Files
    2011-08-04 15:36:42 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
    2011-08-04 15:34:47 -------- d-----w- C:\Inetpub
    2011-08-04 14:39:37 -------- d-----w- c:\windows\Internet Logs
    2011-08-03 21:41:42 -------- d-----w- c:\documents and settings\home1\application data\CyberScrub
    2011-08-03 21:41:32 -------- d-----w- c:\program files\CyberScrub Professional
    2011-08-03 20:04:08 -------- d-----w- c:\documents and settings\home1\application data\CheckPoint
    2011-08-03 20:03:32 -------- d-----w- c:\documents and settings\home1\local settings\application data\Conduit
    2011-08-03 20:02:24 -------- d-----w- c:\program files\CheckPoint
    2011-08-03 18:40:16 -------- d-----w- c:\windows\system32\LogFiles
    2011-08-03 18:06:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-08-03 18:00:42 -------- d-----w- c:\windows\system32\appmgmt
    2011-08-03 16:57:30 388096 ----a-r- c:\documents and settings\home1\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-08-03 16:57:28 -------- d-----w- c:\program files\Trend Micro
    2011-08-03 16:37:48 -------- d-----w- c:\windows\pss
    2011-08-03 14:12:23 -------- d-----w- c:\documents and settings\home1\application data\Malwarebytes
    2011-08-03 14:12:18 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-03 14:12:17 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-08-03 14:12:14 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-03 14:12:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-02 23:35:16 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-08-02 23:35:16 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-08-02 22:54:30 -------- d-----w- C:\cmdcons
    2011-08-02 18:48:08 -------- d-----w- c:\documents and settings\home1\local settings\application data\Google
    2011-08-02 18:42:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-08-02 18:42:34 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
    2011-07-30 13:13:56 -------- d--h--w- c:\windows\system32\GroupPolicy
    2011-07-26 18:25:36 -------- d-----w- C:\wordpress-3.2.1
    2011-07-26 18:01:37 -------- d-----w- C:\Joomla_1.7.0-Stable-Full_Package
    2011-07-22 04:02:33 -------- d-----w- c:\documents and settings\home1\local settings\application data\QuickPlay
    .
    ==================== Find3M ====================
    .
    2011-08-04 17:19:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-08-03 18:05:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 9:37:15.54 ===============

    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/21/2011 10:07:39 PM
    System Uptime: 8/5/2011 6:05:25 AM (3 hours ago)
    .
    Motherboard: Hewlett-Packard | | 30A4
    Processor: AMD Turion(tm) 64 Mobile Technology ML-37 | U23 | 1595/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 99 GiB total, 68.965 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 11.946 GiB free.
    E: is CDROM ()
    F: is FIXED (NTFS) - 1863 GiB total, 1113.124 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}
    Description: HP Integrated Module
    Device ID: USB\VID_03F0&PID_171D\5&2B9568F6&0&4
    Manufacturer:
    Name: HP Integrated Module
    PNP Device ID: USB\VID_03F0&PID_171D\5&2B9568F6&0&4
    Service:
    .
    ==== System Restore Points ===================
    .
    RP148: 7/31/2011 7:51:11 AM - System Checkpoint
    RP149: 8/1/2011 12:16:27 AM - Installed StartupMonitor
    RP150: 8/1/2011 5:48:25 PM - Installed Java(TM) 6 Update 26
    RP151: 8/2/2011 3:14:55 PM - Removed Adobe Flash Player 10 ActiveX.
    RP152: 8/2/2011 4:32:50 PM - Restore Operation
    RP153: 8/2/2011 4:45:12 PM - Software Distribution Service 3.0
    RP154: 8/3/2011 9:05:35 AM - Aug 3 Good
    RP155: 8/3/2011 9:11:49 AM - Installed StartupMonitor
    RP156: 8/3/2011 9:57:26 AM - Installed HiJackThis
    RP157: 8/3/2011 10:59:36 AM - Removed Java(TM) 6 Update 24
    RP158: 8/3/2011 11:01:09 AM - Removed J2SE Runtime Environment 5.0 Update 6
    RP159: 8/3/2011 11:05:45 AM - Installed Java(TM) 6 Update 26
    RP160: 8/3/2011 1:21:52 PM - The Works
    RP161: 8/4/2011 10:23:26 AM - Removed AVG 2011
    RP162: 8/4/2011 10:26:56 AM - Removed AVG 2011
    RP163: 8/4/2011 3:29:55 PM - avast! Free Antivirus Setup
    RP164: 8/4/2011 11:26:40 PM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    .
    7-Zip 9.20
    ACE Mega CoDecS Pack
    Acrobat.com
    Adobe Acrobat 9 Pro - English, Français, Deutsch
    Adobe After Effects CS4
    Adobe After Effects CS4 Presets
    Adobe After Effects CS4 Third Party Content
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Asset Services CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles AE CS4
    Adobe Color Video Profiles CS CS4
    Adobe Contribute CS4
    Adobe Creative Suite 4 Master Collection
    Adobe CS4 American English Speech Analysis Models
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Dreamweaver CS4
    Adobe Drive CS4
    Adobe Dynamiclink Support
    Adobe Encore CS4
    Adobe Encore CS4 Codecs
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Fireworks CS4
    Adobe Flash CS4
    Adobe Flash CS4 Extension - Flash Lite STI en
    Adobe Flash CS4 STI-en
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Illustrator CS4
    Adobe InDesign CS4
    Adobe InDesign CS4 Application Feature Set Files (Roman)
    Adobe InDesign CS4 Common Base Files
    Adobe InDesign CS4 Icon Handler
    Adobe Linguistics CS4
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Additional Exporter
    Adobe Media Encoder CS4 Dolby
    Adobe Media Encoder CS4 Exporter
    Adobe Media Encoder CS4 Importer
    Adobe Media Player
    Adobe MotionPicture Color Files CS4
    Adobe OnLocation CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Premiere Pro CS4
    Adobe Premiere Pro CS4 Functional Content
    Adobe Premiere Pro CS4 Third Party Content
    Adobe Reader X (10.1.0)
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe SGM CS4
    Adobe SING CS4
    Adobe Soundbooth CS4
    Adobe Soundbooth CS4 Codecs
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe Version Cue CS4 Server
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Athlon 64 Processor Driver
    ATI - Software Uninstall Utility
    ATI Control Panel
    ATI Display Driver
    Audio Converter 3.0 (Limited Edition)
    avast! Free Antivirus
    AVG 2011
    Bonus Pack Documentation
    Broadcom 802.11 Wireless LAN Adapter
    BufferChm
    CCleaner
    Conexant AC-Link Audio
    Connect
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    cp_LightScribeConfig
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    cp_PosterPrintConfig
    cp_UpdateProjectsConfig
    CueTour
    CyberScrub Professional 3.5
    Destinations
    DeviceManagementQFolder
    EPSON Printer Software
    EPSON Scan
    FullDPAppQFolder
    Google Chrome
    Google Update Helper
    HammerHead Rhythm Station
    HiJackThis
    Hotfix for Windows Media Player 10 (KB903157)
    HP Help and Support
    HP Imaging Device Functions 6.0
    HP Integrated Module with Bluetooth wireless technology
    HP Photosmart Premier Software 6.0
    HP QuickPlay 2.0
    HP Software Update
    HP User Guides--System Recovery
    HP User Guides 0025
    HP Wireless Assistant 2.00 C1
    InstantShareDevices
    Java Auto Updater
    Java(TM) 6 Update 26
    jv16 PowerTools 2011
    kuler
    LightScribe 1.4.56.1
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser
    muvee autoProducer 4.5
    OptionalContentQFolder
    PDF Settings CS4
    PhotoGallery
    Photoshop Camera Raw
    Pixel Bender Toolkit
    Quick Launch Buttons 5.20 G1
    RandMap
    REALTEK Gigabit and Fast Ethernet NIC Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    SkinsHP1
    Soft Data Fax Modem with SmartCP
    Sonic_PrimoSDK
    StartupMonitor
    Suite Shared Configuration CS4
    Switch Sound File Converter
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    Unload
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Windows Internet Explorer 8 (KB976662)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    WebFldrs XP
    WinAMP Skin Importer
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media 7 PowerToys
    Windows Media Format Runtime
    Windows XP Service Pack 3
    Wireless Home Network Setup
    YouTube Downloader 2.7.1
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/5/2011 7:23:55 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1.
    8/4/2011 7:16:49 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    8/4/2011 2:55:12 PM, error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The system cannot find the path specified.
    8/4/2011 2:38:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSEH Avgldx86 Avgmfx86 Avgrkx86 Avgtdix
    8/4/2011 2:37:59 PM, error: Service Control Manager [7001] - The AVGIDSFilter service depends on the AVGIDSShim service which failed to start because of the following error: The system cannot find the file specified.
    8/4/2011 2:37:59 PM, error: Service Control Manager [7001] - The AVGIDSDriver service depends on the AVGIDSFilter service which failed to start because of the following error: The dependency service or group failed to start.
    8/4/2011 2:37:59 PM, error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: The dependency service or group failed to start.
    8/4/2011 2:37:59 PM, error: Service Control Manager [7000] - The AVGIDSShim service failed to start due to the following error: The system cannot find the file specified.
    8/4/2011 12:39:47 PM, error: Service Control Manager [7034] - The World Wide Web Publishing service terminated unexpectedly. It has done this 5 time(s).
    8/4/2011 12:39:47 PM, error: Service Control Manager [7034] - The Simple Mail Transfer Protocol (SMTP) service terminated unexpectedly. It has done this 5 time(s).
    8/4/2011 12:39:47 PM, error: Service Control Manager [7031] - The IIS Admin service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 1 milliseconds: Run the configured recovery program.
    8/4/2011 12:39:47 PM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    8/4/2011 12:39:46 PM, error: Service Control Manager [7034] - The World Wide Web Publishing service terminated unexpectedly. It has done this 4 time(s).
    8/4/2011 12:39:46 PM, error: Service Control Manager [7034] - The World Wide Web Publishing service terminated unexpectedly. It has done this 3 time(s).
    8/4/2011 12:39:46 PM, error: Service Control Manager [7034] - The Simple Mail Transfer Protocol (SMTP) service terminated unexpectedly. It has done this 4 time(s).
    8/4/2011 12:39:46 PM, error: Service Control Manager [7034] - The Simple Mail Transfer Protocol (SMTP) service terminated unexpectedly. It has done this 3 time(s).
    8/4/2011 12:39:46 PM, error: Service Control Manager [7031] - The IIS Admin service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 1 milliseconds: Run the configured recovery program.
    8/4/2011 12:39:46 PM, error: Service Control Manager [7031] - The IIS Admin service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 1 milliseconds: Run the configured recovery program.
    8/4/2011 12:39:42 PM, error: Service Control Manager [7034] - The World Wide Web Publishing service terminated unexpectedly. It has done this 2 time(s).
    8/4/2011 12:39:42 PM, error: Service Control Manager [7034] - The Simple Mail Transfer Protocol (SMTP) service terminated unexpectedly. It has done this 2 time(s).
    8/4/2011 12:39:42 PM, error: Service Control Manager [7031] - The IIS Admin service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1 milliseconds: Run the configured recovery program.
    8/4/2011 12:39:30 PM, error: Service Control Manager [7034] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 3 time(s).
    8/4/2011 12:39:29 PM, error: Service Control Manager [7031] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    8/4/2011 12:36:17 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000369' while processing the file 'Clean_tool.exe' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    8/4/2011 11:03:41 PM, error: Service Control Manager [7031] - The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    8/4/2011 11:03:36 PM, error: Service Control Manager [7034] - The Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
    8/4/2011 10:17:43 AM, error: Service Control Manager [7034] - The AVGIDSAgent service terminated unexpectedly. It has done this 1 time(s).
    8/3/2011 2:15:05 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
    8/3/2011 12:23:43 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
    8/2/2011 6:25:22 PM, error: Dhcp [1002] - The IP address lease 192.168.1.115 for the Network Card with network address 0014A54E8F1E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    8/2/2011 10:25:14 AM, error: PlugPlayManager [12] - The device 'HL-DT-ST DVDRAM GSA-4084N' (IDE\CdRomHL-DT-ST_DVDRAM_GSA-4084N_______________KQ09____\3131373231363835443935392020202020202020) disappeared from the system without first being prepared for removal.
    8/2/2011 10:03:16 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000D' while processing the file 'BOOT.INI' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume.
    8/2/2011 10:03:14 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.
    .
    ==== End Of File ===========================

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7364

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    8/5/2011 2:38:06 PM
    mbam-log-2011-08-05 (14-38-06).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 317784
    Time elapsed: 1 hour(s), 39 minute(s), 18 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I knew you'd figure it out! From your description, all I'm getting is that you want to uninstall AVG. Is that correct?

    Either of these should work to do that:
    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.
    ===================or==================
    AVG Remover eliminates all the parts of your AVG installation from your computer, including registry items, installation files, user files, etc.
    Note:
    • AVG user settings will be removed.
    • Virus Vault contents will be removed.
    • All other items related to AVG installation and use will be removed.
    • You will be asked during the removal procedure to restart your computer. Please do so.
    • Make sure there is no open work in process prior to launching AVG Remover.
    Use the appropriate download for your system for the AVG Remover: AVG Remover:32bit
    AVG Remover:64 bit
    =====================================
    It is possible that your attempts to remove AVG have damaged the uninstaller. If that is the case, you can run the Windows Installer Cleanup Utility HERE.

    You will have to let me know if these are other issues.
     
  9. scottpanic

    scottpanic TS Rookie Topic Starter

    Did you Notice anything out of the norm?

    Downing loading app-remover now. Is there anything else you see I need to take care of?
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Sorry- I missed the part about the music. IF this is Windows playing while you load, it's not from malware. I see some entries in the logs which should be removed.

    If you want to continue on with this, please run the following:
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ====================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ========================================
    Slow load depend on how much has to load. Slow surfing can be a combination of what loads on startup and how many temporary internet files you pick up. The system has to be rebooted occasionally to free up the RAM. I'll know more when I see the 2 logs in your next reply.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...