Free Malware Removal Forum

[HMG1K]

Hi

I've pasted in my Hijack This log below - and would appreciate help in removing any unwanted / unneeded entries.

My home PC takes a full 5-minutes to get to a working state - from the moment I see my desktop wallpaper (just the desktop wallpaper) to when all icons, etc, have loaded and it allows me to start using it.

It seems as if something is trying to connect to the net as nothing happens for 4 minutes, then the last minute the icons load. The whole process before would take 90-seconds or so.

I'm running XP SP2 on an HP Workstation, dual 3.2Ghz Xenon processor machine; with 2GB RAM. I'm very clean and tidy with running AdAware, Malware Bytes, and Spybot, etc, once a week and registery cleaners (Eusing) to make sure I haven't any junk on the machine.

Thanks in advance for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:44:38, on 02/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\WINDOWS\System32\aniServ.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\atiisrgl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\uphclean\uphclean.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\HydraVision\HydraMD.exe
C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\CPQHKey.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Documents and Settings\Philip XXXXXX\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Philip XXXXXX\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Philip XXXXXX\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Documents and Settings\Philip XXXXXX\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Philip XXXXXX\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Philip Chryssikos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = news.bbc.co.uk/1/hi/default.stm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_8BB2992914609B0A.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [HydraVisionViewPort] C:\Program Files\ATI Technologies\HydraVision\HydraMD.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [frymxins] atiimxgl
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [CPQAPP] CPQHKey.exe
O4 - HKLM\..\Run: [SetKbd] SetKbd.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Belkin Wireless Client Utility.lnk = C:\Program Files\Belkin\Belkin Wireless Utility\wcu.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - click here
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - click here
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - click here
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = unique.lan.int
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = unique.lan.int
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = unique.lan.int
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FGLRYUTIL (FGLRYUtil) - ATI Technologies, Inc. - C:\WINDOWS\System32\atiisrgl.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8795 bytes

[askey127]

Hi HMG1K,
Sorry for the delay.
The older versions of Adobe Acrobat may have a "broken" updater that never stops trying to update. It can seriously slow down or hang a PC.
Older versions of Acrobat and Reader are also vulnerable to various pdf exploits.
You can keep your older, full version of Adobe Acrobat, but you should use it for editing and creation of pdf's only, NOT for opening pdf's on the net.
You can still call Adobe Acrobat from Start, All Programs
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - click here
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - click here
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - click here
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
REBOOT Your Machine I know it's no fun!
-----------------------------------------------------------
Retrieve the List of Installed programs Using HJT
Open HijackThis, click Open The Misc Tools Section. Then scroll down the list if you need to, click Open Uninstall Manager and Save List...
The List of installed programs will automatically be saved as uninstall_list.txt in your HiJackThis folder. In addition, the list opens in Notepad so you can also save as another name in another location if you wish. Please paste the contents into your next reply.
-----------------------------------------------------------
Post a New HiJackThis Log
Start HijackThis
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.

We will update Java and Adobe apps shortly.
If it begins to boot faster, let me know.
askey127

[HMG1K]

Hi asky127

Thanks for your help. I tried what you said and checked, deleted and restarted - hasn't made a difference to start up. It still shows my desktop wall paper, waits for 5 / 6 minutes and then frantically loads everything as normal.

Below is the HijackThis add-remove programs file that I ran after I deleted the items you suggested:

32 Bit HP CIO Components Installer
Ad-Aware
Ad-Aware
Add/Remove 4Good
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0.1 Professional
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Acrobat and Reader 6.0.6 Update
Adobe Anchor Service CS3
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Audition 3.0
Adobe Bridge CS3
Adobe Bridge CS3
Adobe Default Language CS3
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe GoLive 6.0 (ENG)
Adobe Help Viewer CS3
Adobe Illustrator 10 Tryout
Adobe LiveMotion
Adobe MPEG Encoder
Adobe Photoshop CS
Adobe Premiere 6.5
Adobe Setup
Adobe SVG Viewer 3.0
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Advanced RealMedia Export Plug-in for Premiere 6.0
AoA DVD Ripper
Apple Mobile Device Support
Apple Software Update
AT&T Labs' Natural Voices(tm) Desktop 1.2.1
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI FGL Display Component Uninstall
AVG Free 8.5
Belkin Bluetooth Software
Belkin Bluetooth Software
Belkin Wireless Client Utility
BlackBerry Desktop Software 4.7
BlackBerry Desktop Software 4.7
BlackBerry Device Software v4.7.0 for the BlackBerry 9500 smartphone
Bonjour
Broadcom Management Programs
Canon CanoScan Toolbox 4.1
CCleaner (remove only)
Choice Guard
Compaq Monitor Driver (INF) Software 3.00
Compatibility Pack for the 2007 Office system
Diagnostics for Windows
Eusing Free Registry Cleaner
GEAR 32bit Driver Installer
Glary Utilities 2.14.0.711
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HDValet
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
HP DeskJet 1120C Printer
HP Document Viewer 5.3
HP Image Zone 5.3
HP Imaging Device Functions 10.0
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Photosmart Essential 3.5
HP Smart Web Printing
HP Wireless Keyboard Plus Mouse
HP Workstation Configuration and Application Tuning Framework
HydraVision
InCD
InterActual Player
InterVideo WinDVD
iPod for Windows 2006-03-23
iTunes
iTunes Art Importer
iWatermark 2.1.3
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 7
Junk Mail filter update
L&H Simply Translating
LaBelLe Toolbox v1.5.2
Logitech Z-series Software 1.03
Macrogaming SweetIM 1.2a
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Bootvis
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Office Sounds
Microsoft Producer for Microsoft Office PowerPoint 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero 6
Nero Digital
Nero Media Player
Nokia Connectivity Cable Driver
OCR Software by I.R.I.S. 10.0
Pdf995
PdfEdit995
PhatHack DMS Tools
PhatNoise CAS Speech Support
PhatNoise Media Manager
PhatNoise Music Manager
PowerQuest PartitionMagic 8.0
PsiWin 2.3
Publisher WordArt Compatibility Add-In
QuickTime
RealPlayer
Registry Mechanic 7.0
Rights Management Add-on for Internet Explorer
ScanSoft OmniPage SE 4.0
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Segoe UI
SiSoftware Sandra Lite XI.SP2 (Win64/32/CE)
Software Setup
Sony Media Manager 2.0
Sony Vegas 6.0d
SoundMAX
Speech
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
TomTom HOME 2.6.2.1586
TomTom HOME Visual Studio Merge Modules
TPP Storage Driver Installation
Turbo Lister 2
Tweak UI
USB Storage Adapter V2 (TPP)
User Profile Hive Cleanup Service
VC 9.0 Runtime
VC 9.0 Runtime
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPN Client
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Resource Kit Tools - SubInAcl.exe
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
WinZip
Wisecroft Ripper
YouSendIt Express
YouSendIt Express
ZiO CompactFlash Adapter Ver 4.2.3.3
ZoneAlarm

[HMG1K]

And here's my fresh HijackThis log. Thank you!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:29:41, on 09/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\WINDOWS\System32\aniServ.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\atiisrgl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\uphclean\uphclean.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\ATI Technologies\HydraVision\HydraMD.exe
C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\CPQHKey.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Belkin Wireless Utility\wcu.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Philip Chryssikos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Philip Chryssikos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Philip Chryssikos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Philip Chryssikos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Philip Chryssikos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Philip Chryssikos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Philip Chryssikos\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = news.bbc.co.uk/1/hi/default.stm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_8BB2992914609B0A.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [HydraVisionViewPort] C:\Program Files\ATI Technologies\HydraVision\HydraMD.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [frymxins] atiimxgl
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [CPQAPP] CPQHKey.exe
O4 - HKLM\..\Run: [SetKbd] SetKbd.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Belkin Wireless Client Utility.lnk = C:\Program Files\Belkin\Belkin Wireless Utility\wcu.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = unique.lan.int
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = unique.lan.int
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = unique.lan.int
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FGLRYUTIL (FGLRYUtil) - ATI Technologies, Inc. - C:\WINDOWS\System32\atiisrgl.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7210 bytes

[askey127]

HMG1K,
You can replace Spybot after we are through, although it's not absolutely necessary with Malwarebytes on board.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 7
Registry Mechanic 7.0
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into Keeping the program.
------------------------------------------------------------
Download the latest version of Java Runtime Environment here : http://java.sun.com/javase/downloads/index.jsp, and install it to your computer.
It is currently the 5th item on the page (the page changes often), called JRE 6 Update 15
Select Windows and multi-language, and check to agree to the license.
Choose Windows Offline installation version.
Download it, choose Save, and save it to your desktop.
Then doubleclick it, and it will install the newest version of Java for you to use.
You can then remove the Installer from your desktop.
--------------------------------------------------------
You should download and install the newest version of the free Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.1 are vulnerable.

• Go here and click on AdbeRdr910_en_US.exe to download the latest version of Adobe Acrobat Reader.
• Save this file to your desktop and run it to install the latest version of Adobe Reader.

-----------------------------------------------------------
Submit a file to Jotti
Please go here : http://virusscan.jotti.org/
On top of the page there is a field to add the filepath.
Copy and paste this filepath:

C:\WINDOWS\system32\atiisrgl.exe

Then hit Submit or Upload, depending on the scanner.
The scan will take a while before the result comes up so please be patient.
Then copy and/or save the result and post it here in this thread.

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustotal.com/xhtml/index_en.html
or virus.org here: http://scanner.virus.org/

askey127

[NonSuch]

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.