Tech Support Forum - View Single Post

SusannaKB · 08-05-2007, 10:52 PM

I have tried trials of Norton, Panda, and McAffee. Recently I attempted to install Avast! and upon the first scan when it rebooted, it said I had WIN:32ctx but could not fix it. Imediately afterwards I ran into problems and needed to do a system restore which of course erased the install that I had done. At the same time I had Panda on my computer, not knowing that it should be removed or that Norton and McAfee need special tools to completely remove them for that matter. Presently I am using AVG and all others (to my knowledge) are removed.

Panda has not detected the WIN32:ctx. Nor did it come up during the "5 Step Process". Do I really have it?

Some of the problems I have experienced have been:
--some times my computer runs slow but its not consistant, seems to be most noticeable when I turn it on or when I start up on Internet Express. for awhile before installing Avast my outlook express kept closing on me when I'd open it.
--windows wont install some of the patches that say they are available to me. and wont install windows update 3.1.
--Oh I also seem to have a DSS/Agent that keeps getting fixed and showing up.

here is the log requested:

Deckard's System Scanner v20070804.61
Run by Mr. Hill on 2007-08-05 at 22:30:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
57: 2007-08-06 03:31:07 UTC - RP57 - Deckard's System Scanner Restore Point
56: 2007-08-05 04:50:42 UTC - RP56 - Software Distribution Service 3.0
55: 2007-08-04 15:45:09 UTC - RP55 - Software Distribution Service 3.0
54: 2007-08-04 06:33:12 UTC - RP54 - Software Distribution Service 3.0
53: 2007-08-03 15:32:04 UTC - RP53 - Spyware Doctor: Cleaning Threats

-- First Restore Point --
1: 2007-06-23 19:27:46 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 256 MiB (512 MiB recommended).

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-05 22:35:29
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\usrmlnka.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRnote.exe
C:\WINDOWS\system32\usrshuta.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\usrmlnka.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nero\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\HighPoint Technologies, Inc\HighPoint ATA RAID Management Software\raidman.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Documents and Settings\Mr. Hill\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kcpottery.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKEY_LOCAL_MACHINE\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKEY_LOCAL_MACHINE\..\Run: [PLNRNote] "C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: HighPoint ATA RAID Management Software.lnk = C:\Program Files\HighPoint Technologies, Inc\HighPoint ATA RAID Management Software\raidman.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1108841201032
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1185479249309
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\system32\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 hptpro - c:\windows\system32\drivers\hptpro.sys <Not Verified; HighPoint Technologies, Inc.; HighPoint Filter Driver>
R1 VIAPFD - c:\windows\system32\drivers\viapfd.sys <Not Verified; VIA Technologies. Inc.; VIA PFD driver>
R2 hardlock - c:\windows\system32\drivers\hardlock.sys <Not Verified; Aladdin Knowledge Systems; Hardlock Device Driver for Windows NT>
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>

S0 viaagp (VIA AGP Bus Filter) - c:\windows\system32\drivers\viaagp1.sys (file missing)
S0 viaagp1 (VIA AGP Filter) - c:\windows\system32\drivers\viaagp1.sys (file missing)
S3 3c1807pd (U.S. Robotics V.92 Fax Win Int) - c:\windows\system32\drivers\3c1807pd.sys <Not Verified; U.S. Robotics Corporation; U.S. Robotics Modem Driver>
S3 MagicBox (Embroidery Conversion Box Plus) - c:\windows\system32\drivers\magicbox.sys <Not Verified; OESD; Embroidery Conversion Box>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2007-07-05 and 2007-08-05 -----------------------------

2007-08-03 23:07:46 0 d-------- C:\ie-spyad
2007-08-03 22:44:41 0 d-------- C:\Program Files\SpywareBlaster
2007-08-03 07:13:48 0 d-------- C:\Documents and Settings\Mr. Hill\Application Data\AVG7
2007-08-03 07:11:19 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-08-03 07:10:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-02 07:42:14 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-07-19 10:32:51 0 d-------- C:\Program Files\Spyware Doctor

-- Find3M Report ---------------------------------------------------------------

2007-08-03 04:47:03 0 d-------- C:\Program Files\Common Files\Panda Software
2007-08-03 01:02:28 0 d-------- C:\Program Files\Google
2007-07-29 15:38:23 0 d-------- C:\Documents and Settings\Mr. Hill\Application Data\U3
2007-07-03 08:25:22 0 d-------- C:\Program Files\Panda Software
2007-07-03 05:27:52 0 --a------ C:\AUTOEXEC.BAT
2007-07-01 00:38:25 0 d-------- C:\Program Files\Starry Night Backyard
2007-06-30 12:20:07 0 d-------- C:\Program Files\Alwil Software
2007-06-24 23:16:54 0 d-------- C:\Program Files\HP
2007-06-23 14:15:30 0 d-------- C:\Program Files\msn gaming zone
2007-06-23 14:12:35 23348 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-06-11 07:39:01 0 d-------- C:\Documents and Settings\Mr. Hill\Application Data\Sun
2007-06-11 00:35:37 0 d-------- C:\Program Files\Java
2007-06-11 00

10 0 d-------- C:\Program Files\Common Files
2007-06-11 00

10 0 d-------- C:\Program Files\Common Files\Java
2007-06-10 23:25:27 0 d-------- C:\Program Files\Common Files\Nova Development

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [12/14/2004 11:07 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 12:50 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [10/31/2003 08:42 PM]
"USRpdA"="C:\WINDOWS\SYSTEM32\USRmlnkA.exe" [08/04/2004 07:00 AM]
"3c1807pd"="" []
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/22/2004 09:10 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [09/13/2004 03:49 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [07/29/2007 07:48 PM]
"PLNRNote"="C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe" [11/23/2004 08:24 AM]
"@"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 03:43 AM]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [06/12/2007 01:19 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [08/03/2007 07:10 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe" [02/25/2005 07:28 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/07/2007 07:20 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\PMremind.exe [2/19/2005 12:46:01 PM]
HighPoint ATA RAID Management Software.lnk - C:\Program Files\HighPoint Technologies, Inc\HighPoint ATA RAID Management Software\raidman.exe [2/19/2005 11:57:42 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 7:28:24 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [11/4/2004 7:50:52 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 3:05:56 PM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [9/19/2006 11:36:08 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe -a

-- End of Deckard's System Scanner: finished at 2007-08-05 at 22:38:19 ---------