|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
08-25-2007, 06:41 PM
|
#1 (permalink) |
|
Registered User
Join Date: Aug 2007
Posts: 12
OS: XP
|
Slow...Winantivirus and others
First of all let me admit that I am a know-it-all and thought I could take care of this my self......(foolish)
Second. I will follow every instruction and do nothing else till this is fixed....(not foolish) I contracted the Winantivirus and seem to have others as well. I have windows xp that has already had the sp2 installed. (This may have been done after the virus) My symptoms are/where.... Winantivirus pop ups and icons. Slow computer Locked out of control panel....It's back at this moment. 24 hour clock with no option to retun it to 12 hour SuperAntiSpyware found: Trojan.net-avp/avt Trojan.downloader-gen/nomultitask Spyware Doctor found: several adware entrys Trojan.keylog-sites I have followed your 5 steps. I did not install IE-spyad and I allready had Sp2. HijackThis is on the desktop. Here is the Deckard's Main.txt ================ Deckard's System Scanner v20070819.64 Run by Kenneth Weaver on 2007-08-25 20:01:29 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 83: 2007-08-26 00:01:59 UTC - RP891 - Deckard's System Scanner Restore Point 82: 2007-08-25 23:48:39 UTC - RP890 - Software Distribution Service 3.0 81: 2007-08-24 19:13:06 UTC - RP889 - Removed Full Tilt Poker 80: 2007-08-24 18:27:55 UTC - RP888 - Removed WS_FTP Home 79: 2007-08-24 18:25:41 UTC - RP887 - Removed GuitarVision -- First Restore Point -- 1: 2007-05-26 16:24:41 UTC - RP809 - System Checkpoint Backed up registry hives. Performed disk cleanup. Total Physical Memory: 510 MiB (512 MiB recommended). -- HijackThis (run as Kenneth Weaver.exe) -------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:28:09 PM, on 8/23/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\Explorer.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\wanmpsvc.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe c:\program files\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\eAcceleration\Station\station.exe C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft Money\System\mnyexpr.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Documents and Settings\Kenneth Weaver\Start Menu\Programs\Startup\system.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\dumprep.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\KENNETH WEAVER\Application Data\Mozilla\Profiles\default\8bpav85k.slt\prefs.js) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus O4 - HKLM\..\Run: [StopSignSsSsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - HKLM\..\RunOnce: [StopSignSsSsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus /ro O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - Startup: system.exe O4 - Global Startup: autorun.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Doyles Room Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\DOYLES~1\client.exe O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/...s/MsnPUpld.cab O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 12389 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20070823-200948-509 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 backup-20070823-201259-218 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) backup-20070823-201259-735 O9 - Extra button: Doyles Room Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\DOYLES~1\client.exe backup-20070823-201259-995 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) backup-20070823-201300-256 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe backup-20070823-201300-308 O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe backup-20070823-201300-442 O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe backup-20070823-201300-532 O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe backup-20070823-201300-552 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe backup-20070823-201300-729 O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing) backup-20070823-201300-777 O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing) backup-20070823-201300-919 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe backup-20070823-201301-420 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe backup-20070823-201301-460 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe backup-20070823-201554-959 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll backup-20070823-202031-258 O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe backup-20070823-202031-528 O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe backup-20070823-202031-709 O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe backup-20070823-202031-711 O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe backup-20070823-202031-756 O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe backup-20070823-202031-830 O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe backup-20070823-202031-948 O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe backup-20070823-202031-982 O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe backup-20070823-203830-816 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver> R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys R2 BrPar - c:\windows\system32\drivers\brpar.sys <Not Verified; Brother Industries Ltd.; Brother Parallel Class Driver> R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt> R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware> S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing) S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> S4 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2007-08-21 13:53:47 640 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Kenneth Weaver.job 2007-08-20 09:30:15 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2007-07-25 and 2007-08-25 ----------------------------- 2007-08-25 19:34:05 0 d-------- C:\Program Files\SpywareBlaster 2007-08-25 09:58:50 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-08-24 19:49:00 0 dr------- C:\Documents and Settings\LocalService\Favorites 2007-08-24 10:18:58 0 d-------- C:\Program Files\Spyware Doctor 2007-08-24 10:18:58 0 d-------- C:\Documents and Settings\Kenneth Weaver\Application Data\PC Tools 2007-08-23 18:03:37 0 d-------- C:\Program Files\Trend Micro 2007-08-23 15:37:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2007-08-23 15:15:12 0 dr------- C:\Documents and Settings\Administrator\Favorites 2007-08-23 15:15:12 0 d-------- C:\Documents and Settings\Administrator\Desktop 2007-08-23 15:15:12 0 d--hs---- C:\Documents and Settings\Administrator\Cookies 2007-08-23 15:15:12 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2007-08-23 15:15:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun 2007-08-23 15:15:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic 2007-08-23 15:15:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real 2007-08-23 15:15:12 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2007-08-23 15:15:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc 2007-08-23 15:15:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities 2007-08-23 15:15:11 0 d--h----- C:\Documents and Settings\Administrator\Templates 2007-08-23 15:15:11 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2007-08-23 15:15:11 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2007-08-23 15:15:11 0 dr-h----- C:\Documents and Settings\Administrator\Recent 2007-08-23 15:15:11 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2007-08-23 15:15:11 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2007-08-23 15:15:11 0 dr------- C:\Documents and Settings\Administrator\My Documents 2007-08-23 15:15:11 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2007-08-23 15:15:10 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2007-08-23 13:50:32 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-08-23 13:48:14 0 d-------- C:\Program Files\SUPERAntiSpyware 2007-08-23 13:48:13 0 d-------- C:\Documents and Settings\Kenneth Weaver\Application Data\SUPERAntiSpyware.com 2007-08-23 13:43:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-23 10:57:05 0 d-------- C:\camera 2007-08-23 10:21:57 0 d-------- C:\Documents and Settings\Patricia Weaver\Application Data\eAcceleration 2007-08-22 15:50:40 0 d-------- C:\1jrdata 2007-08-21 13:44:08 0 d-------- C:\Program Files\Norton Internet Security 2007-08-21 13:39:40 0 d-------- C:\Program Files\Symantec 2007-08-21 13:39:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2007-08-21 13:37:53 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-08-20 13:38:30 0 d-------- C:\Program Files\Acceleration Software 2007-08-20 13:38:13 0 d-------- C:\Documents and Settings\Kenneth Weaver\Application Data\eAcceleration 2007-08-20 13:38:13 0 d-------- C:\Documents and Settings\All Users\Application Data\eAcceleration 2007-08-20 13:38:01 0 d-------- C:\Program Files\eAcceleration 2007-08-20 13:37:26 0 d-------- C:\Program Files\Common Files\eAcceleration 2007-08-13 09:59:43 0 d-------- C:\Program Files\iPod 2007-08-13 09:59:29 0 d-------- C:\Program Files\iTunes 2007-08-05 00  24 0 d-------- C:\Program Files\Apple Software Update-- Find3M Report --------------------------------------------------------------- 2007-08-25 17:49:40 0 d-------- C:\Program Files\Messenger 2007-08-25 17:45:45 0 d-------- C:\Program Files\DellSupport 2007-08-25 09:49:32 0 d-------- C:\Program Files\McAfee.com 2007-08-24 15:32:05 0 d-------- C:\Program Files\Viewpoint 2007-08-24 15:32:05 0 d-------- C:\Program Files\Common Files 2007-08-24 15:13:18 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-08-24 15:13:18 0 d-------- C:\Program Files\Full Tilt Poker 2007-08-24 15:11:01 0 d-------- C:\Program Files\Common Files\AOL 2007-08-24 14:40:10 0 d-------- C:\Program Files\PartyGaming.net 2007-08-24 14:38:07 0 d-------- C:\Program Files\PartyGaming 2007-08-24 14:25:47 0 d-------- C:\Program Files\GuitarVision 2007-08-23 15:27:15 992 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-08-20 16:47:08 0 d-------- C:\Documents and Settings\Kenneth Weaver\Application Data\Apple Computer 2007-08-18 12:02:02 0 d-------- C:\Documents and Settings\Kenneth Weaver\Application Data\Macromedia 2007-08-16 20:27:50 0 d-------- C:\Program Files\Bodog Poker 2007-07-24 17:03:18 0 d-------- C:\Documents and Settings\Kenneth Weaver\Application Data\SecondLife 2007-07-14 17:04:13 0 d-------- C:\Program Files\QuickTime 2007-07-14 17:01:13 0 d-------- C:\Program Files\Common Files\Apple 2007-06-28 13:01:06 0 d-------- C:\Documents and Settings\Kenneth Weaver\Application Data\Adobe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-22 00:48] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-22 00:44] "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 02:04] "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 20:47] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01] "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 12:06] "WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2002-04-26 13:53] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe" [2004-02-23 00:44] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-12 12:56] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44] "SoftwareStation"="C:\Program Files\eAcceleration\Station\station.exe" [2007-05-08 20:12] "StopSignSsTsMon"="C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll" [2007-05-04 14:56] "StopSignSsSsMon"="C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll" [2007-05-04 14:56] "webscan"="C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" [2007-06-11 18:07] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 03:11] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sonic RecordNow!"="" [] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24] "MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 13:00] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "StopSignSsSsMon"=Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus /ro C:\Documents and Settings\Kenneth Weaver\Start Menu\Programs\Startup\ DESKTOP.INI [2002-09-03 10:00:00] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ DESKTOP.INI [2002-09-03 10:00:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Shell"="Explorer.exe C:\WINDOWS\system32\printer.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] AutoRun\command- E:\LaunchU3.exe -a *Newly Created Service* - COMHOST -- Hosts ----------------------------------------------------------------------- 192.168.200.3 ad.doubleclick.net 192.168.200.3 ad.fastclick.net 192.168.200.3 ads.fastclick.net 192.168.200.3 ar.atwola.com 192.168.200.3 atdmt.com 192.168.200.3 awaps.net 192.168.200.3 banner.fastclick.net 192.168.200.3 banners.fastclick.net 192.168.200.3 click.atdmt.com 192.168.200.3 clicks.atdmt.com 7 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2007-08-25 20:08:22 ------------ |
|
     
|
|
08-27-2007, 02:08 AM
|
#2 (permalink) |
|
Security Team (ret.)
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,405
OS: XP Pro SP3
|
Re: Slow...Winantivirus and others
Hi...
Please download Combofix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Or http://www.techsupportforum.com/sect...s/ComboFix.exe ** Take note that the links are case sensitive ** Save ComboFix to the desktop. 1. Double click on combo.exe & follow the prompts. 2. When finished, it will produce a logfile located at C:\ComboFix.txt. 3. Post the contents of that log in your next reply with a new hijackthis log. Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang. Do not proceed with the rest of the fix if you fail to run combofix
__________________
An Australian Member of  Eddy |
|
|
|
|
08-27-2007, 09:28 AM
|
#3 (permalink) |
|
Registered User
Join Date: Aug 2007
Posts: 12
OS: XP
|
Re: Slow...Winantivirus and others
Thanks for picking up my thread.
I tried your links and could not load the page that had combofix.exe on it. It says file not on this server. I then tried to down load it from other sites with no luck. Seems like there is a block on my system??? As I said at the begining of this I will not do anything other than what you tell me to do. Please let me know what to do next. |
|
|
|
|
08-27-2007, 04:19 PM
|
#6 (permalink) |
|
Security Team (ret.)
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,405
OS: XP Pro SP3
|
Re: Slow...Winantivirus and others
There appears to be a problem with the Combo site so untill its fixed.....
Download Superantispyware (SAS) free home version http://www.superantispyware.com/supe...freevspro.html Install it and double-click the icon on your desktop to run it. · It will ask if you want to update the program definitions, click Yes. · Under Configuration and Preferences, click the Preferences button. · Click the Scanning Control tab. · Under Scanner Options make sure the following are checked: o Close browsers before scanning o Scan for tracking cookies o Terminate memory threats before quarantining. o Please leave the others as they were. o Click the Close button to leave the control center screen. · On the main screen, under Scan for Harmful Software click Scan your computer. · On the left check C:\Fixed Drive. · On the right, under Complete Scan, choose Perform Complete Scan. · Click Next to start the scan. Please be patient while it scans your computer. · After the scan is complete a summary box will appear. Click OK. · Make sure everything in the white box has a check next to it, then click Next. · It will quarantine what it found and if it asks if you want to reboot, click Yes. · To retrieve the removal information for me please do the following: o After reboot, double-click the SUPERAntispyware icon on your desktop. o Click Preferences. Click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o It will open in your default text editor (such as Notepad/Wordpad). o Please highlight everything in the notepad, then right-click and choose copy. · Click close and close again to exit the program. · Please paste that information here for me regardless of what it finds with a new HijackThis log. This will take some time!!!!!!!!
__________________
An Australian Member of Eddy |
|
|
|
|
08-27-2007, 11:28 PM
|
#7 (permalink) |
|
Registered User
Join Date: Aug 2007
Posts: 12
OS: XP
|
Re: Slow...Winantivirus and others
Just what is an Ausie Pancake???
I ran a SuperAntiSpyware scan just now.....but I also ran one the other day. I will post the current one and then follow it with a current HJT log. I will also send you a copy of the earler SASW log. Most current sasw log: ================ SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/28/2007 at 00:56 AM Application Version : 3.9.1008 Core Rules Database Version : 3293 Trace Rules Database Version: 1304 Scan type : Complete Scan Total Scan Time : 01:46:13 Memory items scanned : 617 Memory threats detected : 0 Registry items scanned : 5604 Registry threats detected : 0 File items scanned : 47032 File threats detected : 1 Adware.Tracking Cookie C:\Documents and Settings\Kenneth Weaver\Cookies\kenneth_weaver@ad.interclick[2].txt |
|
|
|
|
08-27-2007, 11:29 PM
|
#8 (permalink) |
|
Registered User
Join Date: Aug 2007
Posts: 12
OS: XP
|
Re: Slow...Winantivirus and others
Most current hjt log
=============== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:26, on 2007-08-28 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\eAcceleration\Station\station.exe C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft Money\System\mnyexpr.exe C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\KENNETH WEAVER\Application Data\Mozilla\Profiles\default\8bpav85k.slt\prefs.js) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus O4 - HKLM\..\Run: [StopSignSsSsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\RunOnce: [StopSignSsSsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus /ro O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/...s/MsnPUpld.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 8910 bytes |
|
|
|
|
08-27-2007, 11:31 PM
|
#9 (permalink) |
|
Registered User
Join Date: Aug 2007
Posts: 12
OS: XP
|
Re: Slow...Winantivirus and others
Earlier SuperAntiSpyware log:
======================= SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/24/2007 at 03:02 PM Application Version : 3.9.1008 Core Rules Database Version : 3291 Trace Rules Database Version: 1302 Scan type : Complete Scan Total Scan Time : 04:46:45 Memory items scanned : 656 Memory threats detected : 1 Registry items scanned : 5699 Registry threats detected : 1 File items scanned : 50232 File threats detected : 107 Trojan.Net-AVP/AVT C:\WINDOWS\SYSTEM32\WINAVXX.EXE C:\WINDOWS\SYSTEM32\WINAVXX.EXE [WinAVX] C:\WINDOWS\SYSTEM32\WINAVXX.EXE C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\STARTUP\AUTORUN.EXE C:\DOCUMENTS AND SETTINGS\KENNETH WEAVER\START MENU\PROGRAMS\STARTUP\SYSTEM.EXE C:\DOCUMENTS AND SETTINGS\PATRICIA WEAVER\START MENU\PROGRAMS\STARTUP\SYSTEM.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP883\A0086175.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP883\A0086176.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP883\A0086177.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP883\A0086195.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP883\A0086196.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP883\A0086197.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP883\A0086212.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP883\A0086213.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP883\A0086214.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP883\A0086239.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP883\A0086253.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP883\A0086255.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP883\A0086256.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP883\A0086273.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP883\A0086274.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP883\A0086275.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP883\A0086290.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP883\A0086291.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP883\A0086292.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP883\A0086305.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP883\A0086306.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0086404.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0086405.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0086406.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0087370.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0087371.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0087372.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0087393.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0087394.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0087395.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0087409.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0087410.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0087411.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0087445.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0087447.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0087448.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0087462.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0087463.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0087464.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0087489.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0087490.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0087491.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0087492.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0087529.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0087530.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0087546.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0087547.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0087556.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP885\A0087573.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP885\A0087574.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP885\A0087578.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP885\A0088622.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP885\A0088623.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP885\A0088624.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP885\A0088642.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP885\A0088644.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP885\A0088645.EXE C:\WINDOWS\SYSTEM32\PRINTER.EXE C:\WINDOWS\Prefetch\AUTORUN.EXE-06FE07FE.pf C:\WINDOWS\Prefetch\PRINTER.EXE-183019B7.pf C:\WINDOWS\Prefetch\SYSTEM.EXE-18559690.pf C:\WINDOWS\Prefetch\WINAVXX.EXE-1A70062A.pf Adware.Tracking Cookie C:\Documents and Settings\Kenneth Weaver\Cookies\kenneth_weaver@ad.interclick[2].txt C:\Documents and Settings\Kenneth Weaver\Cookies\kenneth_weaver@www.googleadservices[2].txt C:\Documents and Settings\Kenneth Weaver\Cookies\kenneth_weaver@adopt.specificclick[2].txt C:\Documents and Settings\Kenneth Weaver\Cookies\kenneth_weaver@tribalfusion[1].txt C:\Documents and Settings\Kenneth Weaver\Cookies\kenneth_weaver@www.googleadservices[3].txt C:\Documents and Settings\Kenneth Weaver\Cookies\kenneth_weaver@atdmt[2].txt C:\Documents and Settings\Kenneth Weaver\Cookies\kenneth_weaver@tacoda[2].txt C:\Documents and Settings\Kenneth Weaver\Cookies\kenneth_weaver@e-2dj6wgmywkcpego.stats.esomniture[2].txt C:\Documents and Settings\Kenneth Weaver\Cookies\kenneth_weaver@advertising[1].txt C:\Documents and Settings\Kenneth Weaver\Cookies\kenneth_weaver@apmebf[2].txt C:\Documents and Settings\Kenneth Weaver\Cookies\kenneth_weaver@ad.yieldmanager[1].txt C:\Documents and Settings\Kenneth Weaver\Cookies\kenneth_weaver@commission-junction[2].txt C:\Documents and Settings\Kenneth Weaver\Cookies\kenneth_weaver@casalemedia[1].txt C:\Documents and Settings\Kenneth Weaver\Cookies\kenneth_weaver@www.googleadservices[1].txt C:\Documents and Settings\Kenneth Weaver\Cookies\kenneth_weaver@specificclick[2].txt C:\Documents and Settings\Kenneth Weaver\Cookies\kenneth_weaver@adopt.euroclick[1].txt C:\Documents and Settings\Patricia Weaver\Cookies\patricia weaver@-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt C:\Documents and Settings\Patricia Weaver\Cookies\patricia weaver@-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt C:\Documents and Settings\Patricia Weaver\Cookies\patricia weaver@2o7[1].txt C:\Documents and Settings\Patricia Weaver\Cookies\patricia weaver@ads.as4x.tmcs[1].txt C:\Documents and Settings\Patricia Weaver\Cookies\patricia weaver@atdmt[2].txt C:\Documents and Settings\Patricia Weaver\Cookies\patricia weaver@atwola[2].txt C:\Documents and Settings\Patricia Weaver\Cookies\patricia weaver@bannerspace[2].txt C:\Documents and Settings\Patricia Weaver\Cookies\patricia weaver@bs.serving-sys[1].txt C:\Documents and Settings\Patricia Weaver\Cookies\patricia weaver@doubleclick[1].txt C:\Documents and Settings\Patricia Weaver\Cookies\patricia weaver@linksynergy[1].txt C:\Documents and Settings\Patricia Weaver\Cookies\patricia weaver@mediaplex[2].txt C:\Documents and Settings\Patricia Weaver\Cookies\patricia weaver@optimost[2].txt C:\Documents and Settings\Patricia Weaver\Cookies\patricia weaver@overture[2].txt C:\Documents and Settings\Patricia Weaver\Cookies\patricia weaver@qksrv[1].txt C:\Documents and Settings\Patricia Weaver\Cookies\patricia weaver@questionmarket[2].txt C:\Documents and Settings\Patricia Weaver\Cookies\patricia weaver@realmedia[2].txt C:\Documents and Settings\Patricia Weaver\Cookies\patricia weaver@serving-sys[2].txt C:\Documents and Settings\Patricia Weaver\Cookies\patricia weaver@y-1shz2prbmdj6wvny-1sez2pra2d...ure[2].txt C:\Documents and Settings\Patricia Weaver\Cookies\patricia weaver@y-1shz2prbmdj6wvny-1sez2pra2d...ure[2].txt Adware.Casino Games (Golden Palace Casino) C:\PROGRAM FILES\NOBLE POKER\CASINO.EXE C:\DOCUMENTS AND SETTINGS\KENNETH WEAVER\DESKTOP\JRR\NOBLE POKER.LNK C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0087493.LNK C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0087497.LNK C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP884\A0087503.LNK Trojan.Downloader-Gen/NoMultiTask C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP885\A0088579.DLL |
|
|
|
|
08-27-2007, 11:58 PM
|
#10 (permalink) |
|
Security Team (ret.)
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,405
OS: XP Pro SP3
|
Re: Slow...Winantivirus and others
Ok.Lets do a cleanup.... Please download the OTMoveIt by OldTimer.
======================================== Open C(system drive):/windows/prefetch, delete these files. C:\WINDO |
