HJT Scan

Status
Not open for further replies.
R

rick1224

Solid State Member
Messages
6
I followed the Spyware Removal Guide and cleaned up a lot of issues. However, my SVCHOST.EXE takes about 8 minutes to start on every boot now. I am sure it is something easy to repair but I am at a lost. I have included the HJT scan for review:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:33 PM, on 03/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\OLAP Services\Bin\msmdsrv.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\windows\system32\nvsvc32.exe
C:\windows\System32\snmp.exe
C:\windows\System32\svchost.exe
c:\windows\system32\ZuneBusEnum.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\lexpps.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\windows\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Microsoft Works\MSWorks.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Rick\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Rick\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\windows\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\windows\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\windows\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138082937781
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/546...img/operations/symbizpr/xcontrol/SymDlBrg.cab
O20 - Winlogon Notify: sysset32 - C:\windows\SYSTEM32\sysset32.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\windows\system32\snmvtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 6546 bytes




Any help in the boot up issue will be greatly appreciated.
 
Remove

O20 - Winlogon Notify: sysset32 - C:\windows\SYSTEM32\sysset32.dll

did you run combofix and malwarebytes? Can you post their logs as well?
 
Combofix log:

ComboFix 09-03-06.02 - Rick 2009-03-10 6:47:24.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.374 [GMT -4:00]
Running from: c:\documents and settings\Rick\My Documents\ComboFix.exe
AV: Norton AntiVirus *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((( Files Created from 2009-02-10 to 2009-03-10 )))))))))))))))))))))))))))))))
.

2009-03-10 06:46 . 2009-03-10 07:00 <DIR> d-------- C:\ComboFix
2009-03-10 06:44 . 2009-03-10 06:44 <DIR> d--hs---- C:\RECYCLER
2009-03-10 00:29 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2009-03-10 00:29 . 2009-03-09 22:57 208 --a------ C:\Boot.bak
2009-03-10 00:28 . 2009-03-10 00:29 <DIR> drahs---- C:\cmdcons
2009-03-10 00:22 . 2009-03-10 00:22 <DIR> d-------- c:\program files\Trend Micro
2009-03-10 00:01 . 2009-03-10 00:02 <DIR> d-------- c:\program files\Trojan Remover
2009-03-09 23:57 . 2009-03-10 00:01 <DIR> d-------- c:\documents and settings\Rick\Application Data\Simply Super Software
2009-03-09 23:57 . 2009-03-09 23:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-03-09 23:57 . 2006-05-25 14:52 162,304 --a------ c:\windows\SYSTEM32\ztvunrar36.dll
2009-03-09 23:57 . 2003-02-02 19:06 153,088 --a------ c:\windows\SYSTEM32\unrar3.dll
2009-03-09 23:57 . 2005-08-26 00:50 77,312 --a------ c:\windows\SYSTEM32\ztvunace26.dll
2009-03-09 23:57 . 2002-03-06 00:00 75,264 --a------ c:\windows\SYSTEM32\unacev2.dll
2009-03-09 23:57 . 2006-06-19 12:01 69,632 --a------ c:\windows\SYSTEM32\ztvcabinet.dll
2009-03-09 23:34 . 2009-03-09 23:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-09 23:34 . 2009-03-09 23:34 <DIR> d-------- c:\documents and settings\Rick\Application Data\Malwarebytes
2009-03-09 23:34 . 2009-03-09 23:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-09 23:34 . 2009-02-11 10:19 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-03-09 23:34 . 2009-02-11 10:19 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-03-09 23:30 . 2009-03-09 23:30 <DIR> d-------- C:\VundoFix Backups
2009-03-09 23:30 . 2009-03-09 23:30 <DIR> d-------- C:\VundoFix Backups
2009-03-09 23:16 . 2009-03-09 23:16 <DIR> d-------- c:\program files\CCleaner
2009-03-09 23:09 . 2009-03-09 23:09 <DIR> d-------- c:\program files\CleanUp!
2009-03-09 22:58 . 2009-03-09 22:58 <DIR> d-------- c:\program files\MSConfig CleanUp
2009-03-06 07:56 . 2009-03-06 07:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd
2009-03-06 07:50 . 2009-03-06 07:50 0 --ah----- c:\windows\SYSTEM32\DRIVERS\Msft_Kernel_LHidFilt_01005.Wdf
2009-03-06 07:48 . 2008-05-02 03:38 301,656 --a------ c:\windows\SYSTEM32\BtCoreIf.dll
2009-03-06 07:46 . 2009-03-06 07:48 <DIR> d-------- c:\program files\Common Files\Logishrd
2009-03-01 21:07 . 2009-01-09 15:19 1,089,593 --------- c:\windows\SYSTEM32\DLLCACHE\ntprint.cat
2009-03-01 19:55 . 2009-03-01 19:55 <DIR> d-------- c:\windows\SYSTEM32\XPSViewer
2009-03-01 19:55 . 2009-03-01 19:55 <DIR> d-------- c:\program files\MSBuild
2009-03-01 19:54 . 2009-03-01 19:54 <DIR> d-------- c:\program files\Reference Assemblies
2009-03-01 19:51 . 2009-03-01 19:53 <DIR> d-------- C:\23e671fdf07b40f1627058d0
2009-03-01 19:51 . 2009-03-01 19:53 <DIR> d-------- C:\23e671fdf07b40f1627058d0
2009-03-01 19:51 . 2008-07-06 08:06 1,676,288 --------- c:\windows\SYSTEM32\xpssvcs.dll
2009-03-01 19:51 . 2008-07-06 08:06 1,676,288 --------- c:\windows\SYSTEM32\DLLCACHE\xpssvcs.dll
2009-03-01 19:51 . 2008-07-06 06:50 597,504 --------- c:\windows\SYSTEM32\DLLCACHE\printfilterpipelinesvc.exe
2009-03-01 19:51 . 2008-07-06 08:06 575,488 --------- c:\windows\SYSTEM32\xpsshhdr.dll
2009-03-01 19:51 . 2008-07-06 08:06 575,488 --------- c:\windows\SYSTEM32\DLLCACHE\xpsshhdr.dll
2009-03-01 19:51 . 2008-07-06 08:06 117,760 --------- c:\windows\SYSTEM32\prntvpt.dll
2009-03-01 19:51 . 2008-07-06 08:06 89,088 --------- c:\windows\SYSTEM32\DLLCACHE\filterpipelineprintproc.dll
2009-03-01 19:50 . 2009-03-01 20:51 <DIR> d-------- c:\windows\SxsCaPendDel
2009-03-01 16:43 . 2008-08-14 06:11 2,189,184 --------- c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
2009-03-01 16:43 . 2008-08-14 06:09 2,145,280 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2009-03-01 16:43 . 2008-08-14 05:33 2,066,048 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2009-03-01 16:43 . 2008-08-14 05:33 2,023,936 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
2009-03-01 16:40 . 2008-09-15 08:12 1,846,400 --------- c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2009-03-01 16:39 . 2008-04-11 15:04 691,712 --------- c:\windows\SYSTEM32\DLLCACHE\inetcomm.dll
2009-03-01 16:39 . 2008-10-24 07:21 455,296 --------- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2009-03-01 16:39 . 2008-12-11 06:57 333,952 --------- c:\windows\SYSTEM32\DLLCACHE\srv.sys
2009-03-01 16:38 . 2008-10-15 12:34 337,408 --------- c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2009-03-01 15:57 . 2009-03-01 15:57 <DIR> d-------- c:\windows\SYSTEM32\scripting
2009-03-01 15:57 . 2009-03-01 15:57 <DIR> d-------- c:\windows\SYSTEM32\en
2009-03-01 15:57 . 2009-03-01 15:57 <DIR> d-------- c:\windows\l2schemas
2009-02-28 15:35 . 2009-02-28 15:39 <DIR> d-------- c:\program files\Zune
2009-02-28 11:45 . 2009-02-28 11:50 <DIR> d-------- c:\program files\My Faster PC
2009-02-27 08:33 . 2008-04-13 20:12 69,120 --------- c:\windows\SYSTEM32\wlanapi.dll
2009-02-27 08:32 . 2008-04-13 20:12 291,328 --------- c:\windows\SYSTEM32\qagentrt.dll
2009-02-27 08:32 . 2008-04-13 20:12 290,304 --------- c:\windows\SYSTEM32\rhttpaa.dll
2009-02-27 08:32 . 2008-04-13 20:12 150,528 --------- c:\windows\SYSTEM32\qagent.dll
2009-02-27 08:32 . 2008-04-13 20:12 144,384 --------- c:\windows\SYSTEM32\onex.dll
2009-02-27 08:32 . 2008-04-13 20:12 76,800 --------- c:\windows\SYSTEM32\qutil.dll
2009-02-27 08:32 . 2008-04-13 20:12 62,464 --------- c:\windows\SYSTEM32\qcliprov.dll
2009-02-27 08:32 . 2008-04-13 20:12 61,952 --------- c:\windows\SYSTEM32\rasqec.dll
2009-02-27 08:32 . 2008-04-13 20:12 53,248 --------- c:\windows\SYSTEM32\tsgqec.dll
2009-02-27 08:32 . 2008-04-13 20:12 50,688 --------- c:\windows\SYSTEM32\tspkg.dll
2009-02-27 08:32 . 2008-04-13 20:12 32,768 --------- c:\windows\SYSTEM32\setupn.exe
2009-02-27 08:32 . 2008-04-13 14:40 10,240 --------- c:\windows\SYSTEM32\DRIVERS\sffp_mmc.sys
2009-02-27 08:30 . 2008-04-13 20:11 61,440 --------- c:\windows\SYSTEM32\kmsvc.dll
2009-02-27 08:30 . 2008-04-13 20:11 37,376 --------- c:\windows\SYSTEM32\l2gpstore.dll
2009-02-27 08:30 . 2008-04-13 20:09 6,144 --------- c:\windows\SYSTEM32\kbdpash.dll
2009-02-27 08:30 . 2008-04-13 20:09 6,144 --------- c:\windows\SYSTEM32\kbdnepr.dll
2009-02-27 08:30 . 2008-04-13 20:09 6,144 --------- c:\windows\SYSTEM32\kbdiultn.dll
2009-02-27 08:30 . 2008-04-13 20:09 6,144 --------- c:\windows\SYSTEM32\kbdbhc.dll
2009-02-27 08:28 . 2008-04-13 20:11 233,472 --------- c:\windows\SYSTEM32\azroles.dll
2009-02-27 08:28 . 2008-04-13 20:11 136,192 --------- c:\windows\SYSTEM32\aaclient.dll
2009-02-27 08:28 . 2008-04-13 20:11 7,168 --------- c:\windows\SYSTEM32\bitsprx4.dll
2009-02-26 20:19 . 2009-02-26 20:19 124,464 --a------ c:\windows\SYSTEM32\DRIVERS\SYMEVENT.SYS
2009-02-26 20:19 . 2009-02-26 20:19 60,808 --a------ c:\windows\SYSTEM32\S32EVNT1.DLL
2009-02-26 20:19 . 2009-02-26 20:19 36,272 -ra------ c:\windows\SYSTEM32\DRIVERS\SymIM.sys
2009-02-26 20:19 . 2009-02-26 20:19 10,635 --a------ c:\windows\SYSTEM32\DRIVERS\SYMEVENT.CAT
2009-02-26 20:19 . 2009-02-26 20:19 806 --a------ c:\windows\SYSTEM32\DRIVERS\SYMEVENT.INF
2009-02-26 20:18 . 2009-02-26 20:18 <DIR> d-------- c:\windows\SYSTEM32\DRIVERS\NAV
2009-02-26 20:18 . 2009-02-26 20:18 <DIR> d-------- c:\program files\Norton AntiVirus
2009-02-26 20:18 . 2009-02-26 20:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-02-26 19:56 . 2009-02-26 19:56 <DIR> d-------- c:\program files\NortonInstaller
2009-02-26 19:56 . 2009-02-26 19:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-26 19:42 . 2009-02-26 19:43 <DIR> d-------- c:\windows\LMI103.tmp
2009-02-15 17:42 . 2009-02-15 17:42 <DIR> d-------- c:\documents and settings\Rick\Application Data\TaxCut
2009-02-15 17:39 . 2009-02-15 17:40 <DIR> d-------- c:\program files\TaxCut08
2009-02-15 17:39 . 2009-02-15 17:39 <DIR> d-------- c:\program files\PDF995
2009-02-15 17:34 . 2009-02-15 17:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\TaxCut

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-10 10:42 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-10 04:10 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-10 03:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-10 03:02 --------- d--h--w c:\program files\Nickjr
2009-03-06 11:48 --------- d-----w c:\program files\Common Files\Logitech
2009-03-06 11:46 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-27 00:24 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-27 00:20 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-27 00:19 --------- d-----w c:\program files\Symantec
2009-02-08 00:34 34 ----a-w c:\documents and settings\Rick\jagex_runescape_preferences.dat
2009-01-31 21:57 --------- d-----w c:\program files\Virtual Earth 3D
2009-01-31 19:57 --------- d-----w c:\documents and settings\Rick\Application Data\Logitech
2009-01-31 19:56 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-01-31 19:54 --------- d-----w c:\program files\Logitech
2009-01-31 19:54 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2009-01-23 03:24 --------- d-----w c:\documents and settings\All Users\Application Data\ATI MMC
2009-01-23 02:44 --------- d-----w c:\documents and settings\Rick\Application Data\ATI MMC
2009-01-20 02:39 --------- d-----w c:\program files\Trillian
2009-01-14 03:17 --------- d-----w c:\program files\PokerStars
2009-01-12 22:05 --------- d-----w c:\program files\Absolute Poker
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Comrtf]
@="{87E36B81-0643-49B5-A525-BD9A2EEA831A}"
[HKEY_CLASSES_ROOT\CLSID\{87E36B81-0643-49B5-A525-BD9A2EEA831A}]
2007-04-16 11:52 1813124 --a------ c:\windows\SYSTEM32\wowftp32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 03:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sysset32]
2007-04-16 11:52 872591 c:\windows\SYSTEM32\sysset32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
"VIDC.D263"= xl_x263dec.dll
"VIDC.YU12"= ATIYUV12.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll, dblstssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect]
--a------ 2005-06-14 22:49 53248 c:\program files\ATI Multimedia\main\atidtct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
--a------ 2005-06-14 22:53 102400 c:\program files\ATI Multimedia\main\LaunchPd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Remote Control]
--a------ 2005-05-10 17:21 1482752 c:\program files\ATI Multimedia\RemCtrl\ATIRW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-06-01 13:32 94208 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A940]
--a------ 2003-02-17 17:00 86102 c:\program files\Dell AIO Printer A940\dlbabmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTouch]
--a------ 2001-09-23 08:14 163840 c:\windows\DellMMKb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
--a------ 2002-08-20 11:29 40960 c:\windows\SYSTEM32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2006-07-18 16:55 1028096 c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliType]
--a------ 2002-03-22 00:41 94208 c:\program files\Microsoft Hardware\Keyboard\type32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 14:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexPPS.exe]
--a------ 2003-02-06 04:26 174592 c:\windows\SYSTEM32\LEXPPS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a------ 2002-12-10 18:54 127022 c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-16 14:01 13529088 c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
--a------ 2007-07-03 12:32 81920 c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 14:01 86016 c:\windows\SYSTEM32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-12-14 22:01 214560 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TraySantaCruz]
--a------ 2002-04-03 16:47 290816 c:\windows\SYSTEM32\tbctray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
--a------ 2009-03-07 15:27 1303432 c:\program files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2008-12-12 13:41 157312 c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2008-02-29 04:12 76304 c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-16 14:01 1630208 c:\windows\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPBBCSvc"=2 (0x2)
"Dcfssvc"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"Alerter"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
"usnjsvc"=3 (0x3)
"OneStep Search Service"=2 (0x2)
"Nhksrv"=2 (0x2)
"iPod Service"=3 (0x3)
"TapiSrv"=2 (0x2)
"seclogon"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"LiveUpdate Notice"=2 (0x2)
"wuauserv"=2 (0x2)
"helpsvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"SndRecA.1.3"=2 (0x2)
"InCDsrv"=2 (0x2)
 
Second part of combofix log:

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\SYSTEM32\\java.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\SYSTEM32\\ftp.exe"=
"c:\\WINDOWS\\LMI103.tmp\\lmi_rescue.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\NAV\1002000.007\SymEFA.sys [2009-02-26 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\SYSTEM32\DRIVERS\NAV\1002000.007\BHDrvx86.sys [2009-02-26 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\NAV\1002000.007\cchpx86.sys [2009-02-26 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090309.001\IDSxpx86.sys [2009-03-10 276344]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2009-02-26 115560]
R3 ATICXCAP;ATI TV Wonder Pro A/V Capture;c:\windows\SYSTEM32\DRIVERS\aticxcap.sys [2006-01-21 173824]
R3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);c:\windows\SYSTEM32\DRIVERS\aticxtun.sys [2006-01-21 29184]
R3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;c:\windows\SYSTEM32\DRIVERS\aticxxbr.sys [2006-01-21 9088]
R3 DrmCVideo;DrmCVideo;c:\windows\SYSTEM32\DRIVERS\DrmCVideo.sys [2009-01-06 3768]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]
R3 MN130;Microsoft(R) PCI Adapter MN-130;c:\windows\SYSTEM32\DRIVERS\MN130-51.sys [2002-05-29 38400]
R3 Msikbd2k;DellTouch;c:\windows\SYSTEM32\DRIVERS\Msikbd2k.sys [2000-10-03 6942]
R3 tbcspud;Santa Cruz Driver;c:\windows\SYSTEM32\DRIVERS\tbcspud.sys [2003-10-04 144768]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\SYSTEM32\DRIVERS\tbcwdm.sys [2003-10-04 545088]
S3 DrmCAudio;DrmCAudio;c:\windows\SYSTEM32\DRIVERS\DrmCAudio.sys [2009-01-06 23096]
S3 iTurns;iTurns;c:\windows\SYSTEM32\DRIVERS\iTurns.sys [2008-11-28 52304]
S3 kbeepm;kbeepm;\??\c:\docume~1\Rick\LOCALS~1\Temp\kbeepm.sys --> c:\docume~1\Rick\LOCALS~1\Temp\kbeepm.sys [?]
S3 SoundMovieServer;SoundMovieServer;c:\windows\SYSTEM32\snmvtsvc.exe [2009-01-06 200704]
S3 vtdg46xx;vtdg46xx;c:\progra~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys [2003-06-13 19232]
S3 wsvad_driver;WS Audio Device;c:\windows\SYSTEM32\DRIVERS\VirtualAudio.sys [2009-01-05 16896]
S3 XIRLINK;IBM PC Camera;c:\windows\SYSTEM32\DRIVERS\C-itNT.sys [2003-11-27 899884]
S4 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [2001-08-06 28672]
S4 SndRecA.1.3;SndRecB.1.3;c:\program files\Nickjr\service.exe [2005-07-28 90112]
.
Contents of the 'Scheduled Tasks' folder

2009-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-03-10 c:\windows\Tasks\Norton AntiVirus - Rick - Full System Scan.job
- c:\program files\Norton AntiVirus\Engine\16.2.0.7\Navw32.exe [2009-02-26 20:18]

2009-03-08 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2007-10-25 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-10 06:59:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(824)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\sysset32.dll

- - - - - - - > 'lsass.exe'(880)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\OLAP Services\bin\msmdsrv.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\locator.exe
c:\windows\SYSTEM32\snmp.exe

c:\windows\SYSTEM32\ZuneBusEnum.exe
c:\windows\SYSTEM32\rundll32.exe
c:\windows\SYSTEM32\LEXBCES.EXE
.
**************************************************************************
.
Completion time: 2009-03-10 7:16:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-10 11:16:03
ComboFix2.txt 2009-03-10 04:57:15
ComboFix3.txt 2007-10-24 22:16:55

Pre-Run: 152,412,360,704 bytes free
Post-Run: 152,394,289,152 bytes free

326 --- E O F --- 2009-03-02 00:42:49
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:14 PM, on 03/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\OLAP Services\Bin\msmdsrv.exe
C:\windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\windows\system32\nvsvc32.exe
C:\windows\System32\snmp.exe
C:\windows\System32\svchost.exe
c:\windows\system32\ZuneBusEnum.exe
C:\windows\system32\ctfmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\windows\system32\wscntfy.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\Nickjr\service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Rick\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Rick\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\windows\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\windows\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\windows\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138082937781
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/546...img/operations/symbizpr/xcontrol/SymDlBrg.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: SndRecB.1.3 (SndRecA.1.3) - Unknown owner - C:\Program Files\Nickjr\service.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\windows\system32\snmvtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 6567 bytes
 
I play a couple poker games. I might have had empire opn here at one time but don't think I have it anymore.

The boot issue - when windows starts, I get to the desktop and the icons pop up but then it sits for 10 - 15 minutes and my taskbar is unusble (hour glass when mousing over it). I looked and it appears to be something to do with the service control manager. In the Event Viewer, it's marked with the big red X. :)

I wasn't having this problem until after I ran through the guide. So I am wondering if something didn't get corrupted or if something got axed during the cleanup.

Oh, the service control manager that is trying to start says it is the Server:

The Server service hung on starting.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
 
When you are able to move around in the system, go to start, run, type services.msc and press enter.

Go to Server.

Is it started?
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
N
Your computer appears to be correctly configured, but the device or resource (DNS server) is not responding"
Replies
0
Views
4K
nev
N
Back
Top Bottom