Computer bogging

[jerabel]

Hello Jerabel here

Having probs with freezes, redirects, and slowing down of my computer

Here are the logs hope u can help

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 06/14/2012 at 08:58 PM

Application Version : 5.1.1002

Core Rules Database Version : 8733
Trace Rules Database Version: 6545

Scan type : Quick Scan
Total Scan Time : 00:11:08

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 621
Memory threats detected : 0
Registry items scanned : 29345
Registry threats detected : 0
File items scanned : 8429
File threats detected : 153

Adware.Tracking Cookie
C:\Documents and Settings\Jerabel\Cookies\jerabel@247realmedia[1].txt [ /247realmedia ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@2o7[2].txt [ /2o7 ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@ad.wsod[2].txt [ /ad.wsod ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@ad.yieldmanager[2].txt [ /ad.yieldmanager ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@ad.yieldmanager[3].txt [ /ad.yieldmanager ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@ad1.clickhype[1].txt [ /ad1.clickhype ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@adbrite[1].txt [ /adbrite ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@adbrite[3].txt [ /adbrite ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@ads.admaxasia[2].txt [ /ads.admaxasia ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@ads.ak.facebook[1].txt [ /ads.ak.facebook ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@ads.as4x.tmcs.ticketmaster[1].txt [ /ads.as4x.tmcs.ticketmaster ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@ads.associatedcontent[2].txt [ /ads.associatedcontent ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@ads.audxch[2].txt [ /ads.audxch ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@ads.backads[1].txt [ /ads.backads ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@ads.bittorrent[1].txt [ /ads.bittorrent ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@ads.bootcampmedia[2].txt [ /ads.bootcampmedia ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@ads.contactmusic[2].txt [ /ads.contactmusic ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@ads.fulldls[2].txt [ /ads.fulldls ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@ads.t5m[2].txt [ /ads.t5m ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@ads.torrentreactor[2].txt [ /ads.torrentreactor ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@ads.undertone[2].txt [ /ads.undertone ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@ads.us.e-planning[1].txt [ /ads.us.e-planning ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@adserve.gossipcenter[1].txt [ /adserve.gossipcenter ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@adserver.adtechus[2].txt [ /adserver.adtechus ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@adserver.seedpeer[2].txt [ /adserver.seedpeer ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@adtech[1].txt [ /adtech ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@advertising.virtualstar[1].txt [ /advertising.virtualstar ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@advertising[1].txt [ /advertising ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@adxpose[1].txt [ /adxpose ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@associatedcontent.112.2o7[1].txt [ /associatedcontent.112.2o7 ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@at.atwola[1].txt [ /at.atwola ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@atdmt[1].txt [ /atdmt ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@atdmt[2].txt [ /atdmt ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@atdmt[3].txt [ /atdmt ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@atdmt[5].txt [ /atdmt ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@bellglobemediapublishing.122.2o7[1].txt [ /bellglobemediapublishing.122.2o7 ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@breakmedia.checkm8[1].txt [ /breakmedia.checkm8 ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@burstbeacon[1].txt [ /burstbeacon ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@canoe.112.2o7[1].txt [ /canoe.112.2o7 ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@cba.122.2o7[1].txt [ /cba.122.2o7 ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@cbs.112.2o7[1].txt [ /cbs.112.2o7 ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@chitika[2].txt [ /chitika ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@click.mediadome[1].txt [ /click.mediadome ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@clicksor[2].txt [ /clicksor ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@clicktorrent[1].txt [ /clicktorrent ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@content.yieldmanager[1].txt [ /content.yieldmanager ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@content.yieldmanager[2].txt [ /content.yieldmanager ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@content.yieldmanager[3].txt [ /content.yieldmanager ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@content.yieldmanager[4].txt [ /content.yieldmanager ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@dmtracker[1].txt [ /dmtracker ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@f2network.112.2o7[1].txt [ /f2network.112.2o7 ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@fastclick[2].txt [ /fastclick ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@forums.msexchange[2].txt [ /forums.msexchange ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@gossipteen[2].txt [ /gossipteen ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@iacas.adbureau[1].txt [ /iacas.adbureau ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@insightexpressai[2].txt [ /insightexpressai ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@kontera[1].txt [ /kontera ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@largebanner360[1].txt [ /largebanner360 ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@media.photobucket[2].txt [ /media.photobucket ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@media.sensis.com[2].txt [ /media.sensis.com ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@mediaonenetwork[1].txt [ /mediaonenetwork ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@mediaplex[2].txt [ /mediaplex ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@microsoftsto.112.2o7[1].txt [ /microsoftsto.112.2o7 ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@microsoftwllivemkt.112.2o7[1].txt [ /microsoftwllivemkt.112.2o7 ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@mmedia.t134[1].txt [ /mmedia.t134 ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@msexchange[2].txt [ /msexchange ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@msnbc.112.2o7[2].txt [ /msnbc.112.2o7 ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@msnportal.112.2o7[1].txt [ /msnportal.112.2o7 ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@myroitracking[1].txt [ /myroitracking ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@netgear.122.2o7[1].txt [ /netgear.122.2o7 ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@network.alluremedia.com[1].txt [ /network.alluremedia.com ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@network.realmedia[1].txt [ /network.realmedia ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@newmoonthesoundtrack[1].txt [ /newmoonthesoundtrack ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@oasn04.247realmedia[1].txt [ /oasn04.247realmedia ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@optimize.indieclick[2].txt [ /optimize.indieclick ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@partypoker[1].txt [ /partypoker ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@pro-market[2].txt [ /pro-market ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@rainbowmedia.122.2o7[1].txt [ /rainbowmedia.122.2o7 ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@realmedia[1].txt [ /realmedia ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@richmedia.yahoo[1].txt [ /richmedia.yahoo ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@rm.yieldmanager[2].txt [ /rm.yieldmanager ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@rotator.adjuggler[2].txt [ /rotator.adjuggler ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@serving-sys[2].txt [ /serving-sys ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@smartadserver[2].txt [ /smartadserver ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@sonymediasoftware.112.2o7[1].txt [ /sonymediasoftware.112.2o7 ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@sorensonmedia[1].txt [ /sorensonmedia ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@tacoda[2].txt [ /tacoda ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@teens.lovetoknow[1].txt [ /teens.lovetoknow ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@timeinc.122.2o7[1].txt [ /timeinc.122.2o7 ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@tns-counter[1].txt [ /tns-counter ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@tracking.the7thchamber[2].txt [ /tracking.the7thchamber ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@trafficmp[1].txt [ /trafficmp ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@trinitymirror.112.2o7[1].txt [ /trinitymirror.112.2o7 ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@viacom.adbureau[2].txt [ /viacom.adbureau ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@videoegg.adbureau[2].txt [ /videoegg.adbureau ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@weefind[1].txt [ /weefind ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@weefind[2].txt [ /weefind ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@weefind[4].txt [ /weefind ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@winzip.122.2o7[1].txt [ /winzip.122.2o7 ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@wmg.112.2o7[1].txt [ /wmg.112.2o7 ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@www.burstbeacon[1].txt [ /www.burstbeacon ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@www.newmoonthesoundtrack[1].txt [ /www.newmoonthesoundtrack ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@www.sorensonmedia[2].txt [ /www.sorensonmedia ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@www.usenext[2].txt [ /www.usenext ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@www3.smartadserver[2].txt [ /www3.smartadserver ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@www5.addfreestats[1].txt [ /www5.addfreestats ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@xiti[1].txt [ /xiti ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@xm.xtendmedia[2].txt [ /xm.xtendmedia ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@yieldmanager[1].txt [ /yieldmanager ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@zedo[1].txt [ /zedo ]
C:\Documents and Settings\Jerabel\Cookies\7I2P78YK.txt [ /adinterax.com ]
C:\Documents and Settings\Jerabel\Cookies\RU7SDQPU.txt [ /media6degrees.com ]
C:\Documents and Settings\Jerabel\Cookies\L44UTBNJ.txt [ /ads.ad4game.com ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@us.sitestat[2].txt [ /us.sitestat.com ]
C:\Documents and Settings\Jerabel\Cookies\B20KUC1J.txt [ /serving-sys.com ]
C:\Documents and Settings\Jerabel\Cookies\BIVU1LOX.txt [ /specificclick.net ]
C:\Documents and Settings\Jerabel\Cookies\ES40ZQ8J.txt [ /adbrite.com ]
C:\Documents and Settings\Jerabel\Cookies\UJPUGG12.txt [ /lucidmedia.com ]
C:\Documents and Settings\Jerabel\Cookies\PTHBR1NM.txt [ /collective-media.net ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@cgi-bin[2].txt [ /imrworldwide.com ]
C:\Documents and Settings\Jerabel\Cookies\GHHW2ZSV.txt [ /interclick.com ]
C:\Documents and Settings\Jerabel\Cookies\U115I0HI.txt [ /revsci.net ]
C:\Documents and Settings\Jerabel\Cookies\145013S8.txt [ /tribalfusion.com ]
C:\Documents and Settings\Jerabel\Cookies\HOQ7SH8V.txt [ /questionmarket.com ]
C:\Documents and Settings\Jerabel\Cookies\DSXIVQ5H.txt [ /accounts.google.com ]
C:\Documents and Settings\Jerabel\Cookies\0OV3NB1A.txt [ /srv.clickfuse.com ]
C:\Documents and Settings\Jerabel\Cookies\R8G9SNFI.txt [ /pointroll.com ]
C:\Documents and Settings\Jerabel\Cookies\IN2KFZ0S.txt [ /windowsmedia.com ]
C:\Documents and Settings\Jerabel\Cookies\jerabel@us.sitestat[1].txt [ /us.sitestat.com ]
C:\Documents and Settings\Jerabel\Cookies\SNYNKWLY.txt [ /adservx.omg.com.au ]
C:\Documents and Settings\Jerabel\Cookies\3M0273KH.txt [ /adfarm1.adition.com ]
C:\Documents and Settings\Jerabel\Cookies\F76JHO4Q.txt [ /atdmt.com ]
C:\Documents and Settings\Jerabel\Cookies\IKMML6A4.txt [ /invitemedia.com ]
C:\Documents and Settings\Jerabel\Cookies\FYE6ED0W.txt [ /www.windowsmedia.com ]
C:\Documents and Settings\Jerabel\Cookies\WL1P5Y9T.txt [ /adx.kat.ph ]
C:\Documents and Settings\Jerabel\Cookies\OCM1LKD5.txt [ /iinet.122.2o7.net ]
C:\Documents and Settings\Jerabel\Cookies\G5607WK5.txt [ /ads.pointroll.com ]
C:\Documents and Settings\Jerabel\Cookies\XHAUT144.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Jerabel\Cookies\KLZ0LLBA.txt [ /paypal.112.2o7.net ]
C:\Documents and Settings\Jerabel\Cookies\7EATJ6JC.txt [ /clickfuse.com ]
C:\Documents and Settings\Jerabel\Cookies\AKOS2ND2.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\Jerabel\Cookies\SIWBMI8V.txt [ /snapfish.112.2o7.net ]
C:\Documents and Settings\Jerabel\Cookies\ASEFICIE.txt [ /www.insightdesign.com.au ]
C:\Documents and Settings\Jerabel\Cookies\8KNMWN31.txt [ /liveperson.net ]
C:\Documents and Settings\Jerabel\Cookies\FK3UH0W1.txt [ /liveperson.net ]
C:\Documents and Settings\Jerabel\Cookies\PLW6YJ2B.txt [ /ru4.com ]
C:\Documents and Settings\Jerabel\Cookies\UL3QFZQ6.txt [ /adlegend.com ]
C:\Documents and Settings\Jerabel\Cookies\D2LKSTPI.txt [ /sales.liveperson.net ]
C:\Documents and Settings\Jerabel\Cookies\B7VFTR8R.txt [ /c.atdmt.com ]
C:\Documents and Settings\Jerabel\Cookies\Q8EU1O2G.txt [ /server.cpmstar.com ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\KJUDIILO.txt [ Cookie:administrator@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\JERABEL\Cookies\3OM889F0.txt [ Cookie:jerabel@support.easeus.com/ordertrack/ ]
C:\DOCUMENTS AND SETTINGS\JERABEL\Cookies\jerabel@adsonar[2].txt [ Cookie:jerabel@adsonar.com/adserving ]


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: v2012.06.11.04

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Jerabel :: JERABEL-PC [administrator]

Protection: Disabled

12/06/2012 12:29:28 AM
mbam-log-2012-06-12 (00-29-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215380
Time elapsed: 6 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\3721 (PUP.BitSpirit) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
C:\Documents and Settings\Jerabel\My Documents\Downloads\DownloadSetup(2).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerabel\My Documents\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerabel\My Documents\Downloads\SoftonicDownloader_for_sorenson-squeeze.exe (PUP.BundleOffer.Downloader.S) -> Quarantined and deleted successfully.
C:\Program Files\uTorrent1.8.3.exe (PUP.SmsPay.pns) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\admdll.dll (PUP.RemoteAdmin) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\raddrv.dll (PUP.RemoteAdmin) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerabel\Local Settings\Application Data\rlmkqzy.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerabel\Local Settings\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:06 AM, on 15/06/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\WI0498~1\Datamngr\DATAMN~1.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.0.2;192.168.0.180;192.168.0.5;<local>;*.local
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Savevid Toolbar - {23cd218f-af09-443f-bbb1-adb89fd5986d} - C:\PROGRA~1\WI0498~1\Datamngr\ToolBar\savevidX.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Bitlord - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\prxtbTor0.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WI0498~1\Datamngr\BROWSE~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Bitlord Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\prxtbTor0.dll
O3 - Toolbar: Savevid Toolbar - {23cd218f-af09-443f-bbb1-adb89fd5986d} - C:\PROGRA~1\WI0498~1\Datamngr\ToolBar\savevidX.dll
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WI0498~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [KavPFW] "C:\Program Files\Kingsoft\Kingsoft Internet Security 9\KPFW32.EXE" -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AdobeCollabSync.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1253800399031
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs: C:\PROGRA~1\WI0498~1\Datamngr\datamngr.dll C:\PROGRA~1\WI0498~1\Datamngr\IEBHO.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: Google Update Service (gupdate1ca40f79efbb038) (gupdate1ca40f79efbb038) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 12836 bytes

[zep516]

Hello jerabel

Welcome to Help2Go!

I'll help you get started on the right track, our expert will carry on with immediate fixes for you. Please be patient our forum is currently very busy.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explaination about the tool. No input is needed, the scan is running.
• Notepad will open with the results.
• Follow the instructions that pop up for posting the results.
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


NEXT


Please download aswMBR ( 511KB ) to your desktop.

• Double click the aswMBR.exe icon to run it
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Joe

[jerabel]

Thanks Joe,

More reports as follows

Jerabel

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Jerabel at 9:12:19 on 2012-06-16
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3326.2326 [GMT 8:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\WI0498~1\Datamngr\DATAMN~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Documents and Settings\Jerabel\My Documents\Downloads\aswMBR.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=en&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1
uInternet Settings,ProxyServer = 192.168.0.1:8080
uInternet Settings,ProxyOverride = 192.168.0.2;192.168.0.180;192.168.0.5;<local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Savevid Toolbar: {23cd218f-af09-443f-bbb1-adb89fd5986d} - c:\progra~1\wi0498~1\datamngr\toolbar\savevidX.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Bitlord Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\torrentman\prxtbTor0.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\wi0498~1\datamngr\BROWSE~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Bitlord Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\torrentman\prxtbTor0.dll
TB: Savevid Toolbar: {23cd218f-af09-443f-bbb1-adb89fd5986d} - c:\progra~1\wi0498~1\datamngr\toolbar\savevidX.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [KavPFW] "c:\program files\kingsoft\kingsoft internet security 9\KPFW32.EXE" -startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [AdobeBridge]
uRun: [Adobe Acrobat Synchronizer] "c:\program files\adobe\acrobat 9.0\acrobat\AdobeCollabSync.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DATAMNGR] c:\progra~1\wi0498~1\datamngr\DATAMN~1.EXE
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253800399031
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{54330E27-0271-4B20-BAF9-528742188C71} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{731B8177-ED87-492F-B8B1-4F7AD10F60ED} : DhcpNameServer = 203.0.178.191 203.215.29.191
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\progra~1\wi0498~1\datamngr\datamngr.dll c:\progra~1\wi0498~1\datamngr\IEBHO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 Spyware Info | Spyware Info
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jerabel\application data\mozilla\firefox\profiles\ns68zi5v.default\
FF - prefs.js: browser.startup.homepage - Google
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-13 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-13 337880]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-6-13 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-6-13 44768]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-11 654408]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-11 22344]
R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-11-2 30560]
S1 MpKsl9e978edf;MpKsl9e978edf;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{34bc2932-18ed-4025-9655-adbd0aafd9a6}\mpksl9e978edf.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{34bc2932-18ed-4025-9655-adbd0aafd9a6}\MpKsl9e978edf.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca40f79efbb038;Google Update Service (gupdate1ca40f79efbb038);c:\program files\google\update\GoogleUpdate.exe [2009-9-29 133104]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-7-30 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-7-30 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-29 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-7 113120]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [2010-6-9 26112]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-9-20 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2009-9-24 68136]
.
=============== File Associations ===============
.
chm.file="hh.exe" %1
.
=============== Created Last 30 ================
.
2012-06-14 11:46:33 -------- d-----w- c:\program files\Trend Micro
2012-06-14 11:42:18 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-06-14 11:30:01 -------- d-----w- c:\documents and settings\jerabel\application data\SUPERAntiSpyware.com
2012-06-14 11:29:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-14 11:29:31 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-06-13 23:38:35 -------- d-----w- C:\Backup of External HDD
2012-06-13 06:51:58 -------- d-----w- c:\program files\PowerDataRecovery
2012-06-13 06:42:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-13 06:42:08 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-06-13 05:24:47 292700 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-06-13 05:24:47 292700 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-06-13 05:24:47 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-06-13 05:24:28 -------- d-----w- c:\program files\NVIDIA Corporation
2012-06-13 05:21:26 -------- d-----w- c:\windows\system32\winrm
2012-06-13 05:21:22 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2012-06-13 04:58:31 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-13 04:38:57 -------- d-----w- c:\program files\CCleaner
2012-06-13 02:12:37 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-13 02:12:06 41184 ----a-w- c:\windows\avastSS.scr
2012-06-13 02:11:48 -------- d-----w- c:\program files\AVAST Software
2012-06-13 02:11:48 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-06-13 02:00:22 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-06-11 13:41:26 -------- d-----w- c:\documents and settings\jerabel\application data\Malwarebytes
2012-06-11 13:41:00 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-06-11 13:40:59 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-11 13:40:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-06 16:12:52 -------- d-----w- c:\documents and settings\jerabel\local settings\application data\Deployment
2012-06-06 15:45:35 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-06-06 15:45:35 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-25 03:15:14 -------- d-----w- c:\documents and settings\jerabel\application data\ooVoo Details
2012-05-25 03:14:04 -------- d-----w- c:\program files\ooVoo
.
==================== Find3M ====================
.
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-10-28 15:15:59 6624256 ----a-w- c:\program files\etax2009_1.msi
2009-10-08 15:53:53 3004344 ----a-w- c:\program files\BitTorrent-6.2.exe
2009-10-03 01:12:34 160594328 ----a-w- c:\program files\vegaspro90b_32bit.exe
2009-09-29 10:56:11 2020136 ----a-w- c:\program files\SkypeSetup.exe
2009-09-25 02:49:04 331805736 ----a-w- c:\program files\WindowsXP-KB936929-SP3-x86-ENU.exe
2009-09-24 11:53:55 18863384 ----a-w- c:\program files\LimeWireWin.exe
.
============= FINISH: 9:14:18.50 ===============

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-16 08:13:06
-----------------------------
08:13:06.296 OS Version: Windows 5.1.2600 Service Pack 3
08:13:06.296 Number of processors: 2 586 0x170A
08:13:06.296 ComputerName: JERABEL-PC UserName: Jerabel
08:13:09.625 Initialize success
08:13:09.703 AVAST engine defs: 12061500
08:13:25.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10
08:13:25.218 Disk 0 Vendor: ST31000340AS SD25 Size: 953868MB BusType: 3
08:13:25.234 Disk 0 MBR read successfully
08:13:25.234 Disk 0 MBR scan
08:13:25.234 Disk 0 Windows XP default MBR code
08:13:25.234 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953859 MB offset 63
08:13:25.250 Disk 0 scanning sectors +1953504000
08:13:25.343 Disk 0 scanning C:\WINDOWS\system32\drivers
08:13:33.218 Service scanning
08:13:45.421 Modules scanning
08:13:50.218 Disk 0 trace - called modules:
08:13:50.250 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
08:13:50.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8afe1ab8]
08:13:50.265 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000078[0x8b03a198]
08:13:50.265 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-10[0x8b01d3c0]
08:13:51.359 AVAST engine scan C:\WINDOWS
08:14:01.515 AVAST engine scan C:\WINDOWS\system32
08:16:28.687 AVAST engine scan C:\WINDOWS\system32\drivers
08:16:56.328 AVAST engine scan C:\Documents and Settings\Jerabel
09:15:21.015 AVAST engine scan C:\Documents and Settings\All Users
09:19:07.390 Scan finished successfully
09:20:11.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jerabel\Desktop\MBR.dat"
09:20:11.312 The log file has been saved successfully to "C:\Documents and Settings\Jerabel\Desktop\aswMBR.txt"

[zep516]

Hi jerabel


You have 2 Anti Virus programs running, Microsoft Security Essentials and Avast Anti Virus.
The real-time protection of 2 antivirus programs may conflict with each other and cause the following:

* False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
* Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
* Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
* Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.

For now lets uninstall Avast using the special Avast uninstall tool found HERE

This will help to make the computer a bit more responsive as there's going to be more to do.

[jerabel]

Hi Joe,

yes i figured that one already ,but ditched MSE instead

please let me know if to change back to avast

Jerabel

[zep516]

Hi jerabel,

O4 - HKCU\..\Run: [KavPFW] "C:\Program Files\Kingsoft\Kingsoft Internet Security 9\KPFW32.EXE" -startup

This is another Anti Virus program running, no wonder your computer is slow, lets remove this program using a program called Application remover the link is found below,

application remover - download tag - page 1 - Softpedia

Or you can use revouninstaller here----> http://www.revouninstaller.com/

Next
Using the Hijackthis program,

Close all browser windows, open Hijackthis do a system scan only, place a check mark in the following entries in bold.

O2 - BHO: Savevid Toolbar - {23cd218f-af09-443f-bbb1-adb89fd5986d} - C:\PROGRA~1\WI0498~1\Datamngr\ToolBar\savevidX.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll

O2 - BHO: Bitlord - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\prxtbTor0.dll

O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll

O3 - Toolbar: Bitlord Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\prxtbTor0.dll

O3 - Toolbar: Savevid Toolbar - {23cd218f-af09-443f-bbb1-adb89fd5986d} - C:\PROGRA~1\WI0498~1\Datamngr\ToolBar\savevidX.dll

O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll

O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll

O4 - HKCU\..\Run: [KavPFW] "C:\Program Files\Kingsoft\Kingsoft Internet Security 9\KPFW32.EXE" -startup

Click Fix checked
Close Hijackthis.
Reboot the computer.

Next
Post a new Hijackthis log for review.

[jerabel]

Hey Joe,

trying to get to the fixes but am having trouble getting rid of Kingsoft Internet Security 9, both App Removal tool you recomended wont detect it

Jerabel

[zep516]

Ok, I was afraid of that. Is the program listed in the add/ remove section just curious? The program was probably removed and that's just a left over. We can ditch it using Hijackthis...

So for now just include this entry in the hijackthis fixes O4 - HKCU\..\Run: [KavPFW] "C:\Program Files\Kingsoft\Kingsoft Internet Security 9\KPFW32.EXE" -startup

Place a checkmark in it as described above in post #6 on the Hijackthis fixes. Do the fixes post a new log. I edited the fixes above to include the entry..

[jerabel]

Joe,

Kingsoft is still listed in C: Program files

also picked up another BHO from the Softpedia site, "Contribute" me thinks,

log as follows

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:28 PM, on 17/06/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\PROGRA~1\WI0498~1\Datamngr\DATAMN~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.0.2;192.168.0.180;192.168.0.5;<local>;*.local
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WI0498~1\Datamngr\BROWSE~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WI0498~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AdobeCollabSync.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1253800399031
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs: C:\PROGRA~1\WI0498~1\Datamngr\datamngr.dll C:\PROGRA~1\WI0498~1\Datamngr\IEBHO.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: Google Update Service (gupdate1ca40f79efbb038) (gupdate1ca40f79efbb038) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 11538 bytes

[jerabel]

Hi Joe,

Got this thing too "FLV Runner Community Toolbar"

Jerabel