can you tell me if I have a problem?

newbee_4 · 04-11-2007, 04:02 PM

(First, thanks again everyone for helping me recently with my husband's computer. Now, an issue with mine...)

Reason I got worried is that, 2 or 3 days ago, I had run Search and noticed that the icons of all the bmp files had changed from the usual little blue thing to a cartoon dog, looked kind of like a Disney character dog. I turned off my internet connection for a while in case something was going on. They went back to normal. Very recently I had started using an Iomega external hard drive, I believe it was on at the time.

I haven't really had any other problems. Maybe turning off my modem aborted something, maybe I never had an issue?

Anyway, being a worried type -

Norton antivirus clean
Panda clean after I emptied my trash including Norton Protected files.
Adaware and VX2 clean

SpySweeper (webroot) --
Spybot Search and Destroy - clean

Here's my HijackThis log -

Deckard's System Scanner v20070328.36
Run by sara on 2007-04-11 at 18:48:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
10: 2007-04-11 22:48:27 UTC - RP10 - Deckard's System Scanner Restore Point
9: 2007-04-11 22:08:27 UTC - RP9 - Software Distribution Service 2.0
8: 2007-04-11 10:51:51 UTC - RP8 - System Checkpoint
7: 2007-04-09 14:22:39 UTC - RP7 - Software Distribution Service 2.0
6: 2007-04-09 12:46:39 UTC - RP6 - System Checkpoint

-- First Restore Point --
1: 2007-03-29 12:04:19 UTC - RP1 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as sara.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:51:14 PM, on 4/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\comHost.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\tbctray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\sara\Desktop\imported drivers\hijackthisDeckard_dss.exe
C:\PROGRA~1\HIJACK~1\sara.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShopSafe Browser Helper Object - {333F6B96-3992-4D58-A499-145A10FE48C3} - C:\WINDOWS\system32\BhoSSafe.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MaxtorOneTouch] "C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] "C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1139114380234
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file:///C:/Documents%20and%20Settings/sara/Desktop/HOUSE%20and%20PERSONAL/MRI%20BREAST%20sarah%202006_12_22/CDVIEWER/CdViewer.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SSFS0509 (Spy Sweeper File System Filer Driver: 0509) - c:\windows\system32\drivers\ssfs0509.sys
R0 SSHRMD (Spy Sweeper Hookrack MiniDriver) - c:\windows\system32\drivers\sshrmd.sys
R0 SSIDRV (Spy Sweeper Interdiction Driver) - c:\windows\system32\drivers\ssidrv.sys
R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys
R1 OMCI - c:\windows\system32\drivers\omci.sys
R2 agentcd (DriverAgent Class Driver) - c:\windows\system32\agentcd.sys
R2 EIO - c:\windows\system32\drivers\eio.sys
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys
R2 Mojave (Dazzle Mojave Device) - c:\windows\system32\drivers\mojave.sys
R3 dot4 (MS IEEE-1284.4 Driver) - c:\windows\system32\drivers\dot4.sys
R3 Dot4Print (Print Class Driver for IEEE-1284.4) - c:\windows\system32\drivers\dot4prt.sys
R3 Dot4Scan (Scan Class Driver for IEEE-1284.4) - c:\windows\system32\drivers\dot4scan.sys
R3 dot4usb (Dot4USB Filter Dot4USB Filter) - c:\windows\system32\drivers\dot4usb.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys
R3 tbcspud (Santa Cruz Driver) - c:\windows\system32\drivers\tbcspud.sys
R3 tbcwdm (Santa Cruz WDM Driver) - c:\windows\system32\drivers\tbcwdm.sys
R3 Video3D (ASUS Video3D Service) - c:\windows\system32\drivers\video3d.sys

S2 nvcap (nVidia WDM Video Capture (universal)) - c:\windows\system32\drivers\nvcap.sys (file missing)
S2 nvTUNEP (nVidia WDM TVTuner) - c:\windows\system32\drivers\nvtunep.sys (file missing)
S2 nvtvSND (nVidia WDM TVAudio Crossbar) - c:\windows\system32\drivers\nvtvsnd.sys (file missing)
S2 NVXBAR (nVidia WDM A/V Crossbar) - c:\windows\system32\drivers\nvxbar.sys (file missing)
S3 61883 (61883 Unit Device) - c:\windows\system32\drivers\61883.sys
S3 Avc (AVC Device) - c:\windows\system32\drivers\avc.sys
S3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys
S3 HSFHWCD2 - c:\windows\system32\drivers\hsfhwcd2.sys
S3 MaxtorFrontPanel1 (Maxtor 1394 Storage Front Panel Driver) - c:\windows\system32\drivers\mxofwfp.sys
S3 MODEMCSA (Unimodem Streaming Filter Device) - c:\windows\system32\drivers\modemcsa.sys
S3 MSDV (Microsoft DV Camera and VCR) - c:\windows\system32\drivers\msdv.sys
S3 MXOPSWD (Maxtor OneTouch Security Driver) - c:\windows\system32\drivers\mxopswd.sys
S3 ROOTMODEM (Microsoft Legacy Modem Driver) - c:\windows\system32\drivers\rootmdm.sys
S3 SDdriver - c:\windows\system32\drivers\sddriver.sys
S3 SSKBFD (Webroot Spy Sweeper Keylogger Shield Keyboard Filter) - c:\windows\system32\drivers\sskbfd.sys
S3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe
R2 LiveUpdate Notice Service - "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifeng.dll"
R2 Speed Disk service - c:\progra~1\norton~2\norton~1\speedd~1\nopdb.exe
R3 NSCService (Norton Protection Center Service) - "c:\program files\common files\symantec shared\security console\nscsrvce.exe"

S2 ccISPwdSvc (Symantec Internet Security Password Validation) - "c:\program files\norton internet security\ccpwdsvc.exe"

-- Scheduled Tasks -------------------------------------------------------------

2007-03-27 00:00:00 306 --a------ C:\WINDOWS\Tasks\Symantec Drmc.job<SYMANT~2.JOB>
2007-03-23 21:34:22 546 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - sara.job<NORTON~1.JOB>
2006-02-05 01:48:40 290 --a------ C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job<NORTON~2.JOB>

-- Files created between 2007-03-11 and 2007-04-11 -----------------------------

2007-04-11 17:39:08 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-04-11 17:26:37 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-04-10 08:01:17 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-03-29 06:14:08 0 d-------- C:\Program Files\Iomega
2007-03-28 18:51:54 538256 --a------ C:\WINDOWS\system32\SymNeti.dll
2007-03-28 18:51:52 161424 --a------ C:\WINDOWS\system32\SymRedir.dll
2007-03-28 18:51:48 189584 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2007-03-28 18:51:42 24208 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2007-03-28 18:51:36 31888 --a------ C:\WINDOWS\system32\drivers\symids.sys
2007-03-28 18:51:32 28304 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2007-03-28 18:51:26 97936 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2007-03-28 18:51:20 12944 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2007-03-20 12:43:26 0 d--h----- C:\~cevts_001_tmp.dir<~CEVTS~1.DIR>
2007-03-12 18:03:24 0 d-------- C:\signtimeHOLDHOLD<SIGNTI~1>

-- Find3M Report ---------------------------------------------------------------

2007-04-11 18:50:58 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-04-11 06:52:11 0 d-------- C:\Program Files\Symantec
2007-04-11 06:49:58 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-04-11 06:49:36 0 d-------- C:\Program Files\Norton SystemWorks<NORTON~2>
2007-04-11 06:47:47 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-04-11 06:18:50 0 d-------- C:\Documents and Settings\sara\Application Data\Symantec
2007-04-04 08:34:50 0 d-------- C:\Program Files\Norton Internet Security<NORTON~1>
2007-04-04 08:33:26 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-03-29 06:14:11 0 d---s---- C:\Documents and Settings\sara\Application Data\Microsoft<MICROS~1>
2007-03-28 10:20:15 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-28 07:14:38 0 d-------- C:\Program Files\Java
2007-03-17 09:43:01 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 11:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 16:17:02 185344 --a------ C:\WINDOWS\system32\upnphost.dll

-- Registry Dump ---------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ASUS SmartDoctor"="\"C:\\Program Files\\ASUS\\SmartDoctor\\SmartDoctor.exe\" /start"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nwiz"="\"nwiz.exe\" /install"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"StorageGuard"="\"C:\\Program Files\\VERITAS Software\\Update Manager\\sgtray.exe\" /r"
"MaxtorOneTouch"="\"C:\\Program Files\\Maxtor\\OneTouch\\utils\\Onetouch.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"TraySantaCruz"="C:\\WINDOWS\\system32\\tbctray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST

-- End of Deckard's System Scanner: finished at 2007-04-11 at 18:52:03 ---------

Thank you for looking at this!

**LonnyRJones** · 04-14-2007, 02:58 AM

Hi

Im not seeing anything suspicious

Have the symptoms you described happened again ? other symptoms ?

Another panda online scan would be a good idea, post its report if anything besides cookies are found please.

newbee_4 · 04-15-2007, 01:50 AM

I have very bad things happening.

I cannot run Panda. On 3 attempts, 3 times it hung on the same file, after slightly different but basically around 5300 files it gets to this one and just stops. No error message, it stops using resources. See the .gif file I attached. When I ran Panda before it found hundreds of thousands of files.

I tried using Search to find the file - included system and hidden files - Search does not come up with anything so I cannot find the file.

What next? Thank you for any help!

newbee_4 · 04-15-2007, 03:13 AM

can't get in to revise last message, but anyway-

I tend to have long names and lots of layers of folders. On a guess, with a few minor changes, Panda got through to completion.

Panda did not generate a log - completely clean.

Should I run a couple of other tools to be safe? Or just let it go? To my knowledge there is no other issue right now, but wouldn't it have to be malware to give me that first symptom?

newbee_4 · 04-15-2007, 05:11 AM

here's my Kaspersky log

**LonnyRJones** · 04-15-2007, 11:33 PM

Onlines scans can be buggy

Thanks for getting a kaspersky scan.

In windows control panel > java find and use the option to delete temp files.
Other than that it Looks good

Unless something else comes up we are finished.

newbee_4 · 04-16-2007, 10:44 AM

I'm not at that computer right now but will get to that later today.

Should I worry about the external hard drive? Or is this not the kind of thing that would be there also?

Thank you again.

**LonnyRJones** · 04-16-2007, 11:11 PM

Not sure i undestand about your extenal, I hope you scan it with an updated antivirus program frequently.

newbee_4 · 04-18-2007, 04:14 AM

hi,
I am in the flood emergency area in NJ and have been a bit delayed dealing with my computer in the midst of other stuff - flooded basement etc.

I did (at least I think) what you said, will rerun Kaspersky later to double check.

I just didn't want you to think I wasn't bothering to reply. This message is from a different computer.

newbee_4 · 04-18-2007, 06:20 PM

hi,
I reran Kaspersky and it is clean.

I guess my problem is resolved - thank you!

04-14-2007, 02:58 AM	#2 (permalink)
LonnyRJones Expert Analyst, Moderator, Security Team Join Date: Sep 2006 Posts: 1,320 OS: xp	Re: can you tell me if I have a problem? Hi Im not seeing anything suspicious Have the symptoms you described happened again ? other symptoms ? Another panda online scan would be a good idea, post its report if anything besides cookies are found please.

04-15-2007, 03:13 AM	#4 (permalink)
newbee_4 Registered User Join Date: Mar 2007 Posts: 130 OS: win xp	Re: can you tell me if I have a problem? can't get in to revise last message, but anyway- I tend to have long names and lots of layers of folders. On a guess, with a few minor changes, Panda got through to completion. Panda did not generate a log - completely clean. Should I run a couple of other tools to be safe? Or just let it go? To my knowledge there is no other issue right now, but wouldn't it have to be malware to give me that first symptom?

04-15-2007, 11:33 PM	#6 (permalink)
LonnyRJones Expert Analyst, Moderator, Security Team Join Date: Sep 2006 Posts: 1,320 OS: xp	Re: can you tell me if I have a problem? Onlines scans can be buggy Thanks for getting a kaspersky scan. In windows control panel > java find and use the option to delete temp files. Other than that it Looks good Unless something else comes up we are finished. Last edited by LonnyRJones : 04-15-2007 at 11:38 PM.

04-16-2007, 10:44 AM	#7 (permalink)
newbee_4 Registered User Join Date: Mar 2007 Posts: 130 OS: win xp	Re: can you tell me if I have a problem? I'm not at that computer right now but will get to that later today. Should I worry about the external hard drive? Or is this not the kind of thing that would be there also? Thank you again.

04-16-2007, 11:11 PM	#8 (permalink)
LonnyRJones Expert Analyst, Moderator, Security Team Join Date: Sep 2006 Posts: 1,320 OS: xp	Re: can you tell me if I have a problem? Not sure i undestand about your extenal, I hope you scan it with an updated antivirus program frequently.

04-18-2007, 04:14 AM	#9 (permalink)
newbee_4 Registered User Join Date: Mar 2007 Posts: 130 OS: win xp	Re: can you tell me if I have a problem? hi, I am in the flood emergency area in NJ and have been a bit delayed dealing with my computer in the midst of other stuff - flooded basement etc. I did (at least I think) what you said, will rerun Kaspersky later to double check. I just didn't want you to think I wasn't bothering to reply. This message is from a different computer.

04-18-2007, 06:20 PM	#10 (permalink)
newbee_4 Registered User Join Date: Mar 2007 Posts: 130 OS: win xp	Re: can you tell me if I have a problem? hi, I reran Kaspersky and it is clean. I guess my problem is resolved - thank you!