Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help
PC running very slow and some programs shut down as soon as I start them? PC running very slow and some programs shut down as soon as I start them?
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
Thread Tools
Old 04-27-2008, 08:59 AM   #1 (permalink)
Registered User
 
Join Date: Jun 2007
Location: Troon, Scotland
Posts: 47
OS: WinXP, Vista


Send a message via MSN to theGman
PC running very slow and some programs shut down as soon as I start them?
When I try to start my media centre software it closes down straght away and my PC runs so slow. Itried downloading both The spy ware and IE programs you said but then my pc would not connect to the net? So I un-installed them again to post this query? I've pinged all my network connections and they all give good responses.


;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-04-27 09:34:39
PROTECTIONS: 1
MALWARE: 25
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Kurt.FAMILYROOM\Cookies\kurt@casalemedia[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Frazer\Cookies\frazer@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Gerry\Cookies\gerry@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Frazer\Cookies\frazer@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Kurt.FAMILYROOM\Cookies\kurt@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Kurt.FAMILYROOM\Cookies\kurt@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Frazer\Cookies\frazer@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Gerry\Cookies\gerry@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Gerry\Cookies\gerry@tradedoubler[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Frazer\Cookies\frazer@tradedoubler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Kurt.FAMILYROOM\Cookies\kurt@tradedoubler[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Frazer\Cookies\frazer@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Kurt.FAMILYROOM\Cookies\kurt@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Frazer\Cookies\frazer@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Gerry\Cookies\gerry@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Kurt.FAMILYROOM\Cookies\kurt@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Gerry\Cookies\gerry@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Frazer\Cookies\frazer@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Kurt.FAMILYROOM\Cookies\kurt@mediaplex[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Kurt.FAMILYROOM\Cookies\kurt@revenue[2].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Frazer\Cookies\frazer@azjmp[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Kurt.FAMILYROOM\Cookies\kurt@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Frazer\Cookies\frazer@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Frazer\Cookies\frazer@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Kurt.FAMILYROOM\Cookies\kurt@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Kurt.FAMILYROOM\Cookies\kurt@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Kurt.FAMILYROOM\Cookies\kurt@bs.serving-sys[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Gerry\Cookies\gerry@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Kurt.FAMILYROOM\Cookies\kurt@advertising[1].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Kurt.FAMILYROOM\Cookies\kurt@adrevolver[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Frazer\Cookies\frazer@adrevolver[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Kurt.FAMILYROOM\Cookies\kurt@statse.webtrendslive[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Kurt.FAMILYROOM\Cookies\kurt@ads.pointroll[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Kurt.FAMILYROOM\Cookies\kurt@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Kurt.FAMILYROOM\Cookies\kurt@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Gerry\Cookies\gerry@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Kurt.FAMILYROOM\Cookies\kurt@zedo[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Gerry\Cookies\gerry@bluestreak[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Kurt.FAMILYROOM\Cookies\kurt@bluestreak[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Kurt.FAMILYROOM\Cookies\kurt@adrevolver[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Gerry\Cookies\gerry@adrevolver[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Frazer\Cookies\frazer@adrevolver[2].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Kurt.FAMILYROOM\Cookies\kurt@searchportal.information[1].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\Kurt.FAMILYROOM\Cookies\kurt@adviva[2].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location 4\C
3
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 4\C
3
;===================================================================================================================================================================================
133387 MEDIUM MS06-065 4\C
3
133386 MEDIUM MS06-064 4\C
3
133385 MEDIUM MS06-063 4\C
3
133379 HIGH MS06-057 4\C
3
131654 HIGH MS06-055 4\C
3
129977 MEDIUM MS06-053 4\C
3
129976 MEDIUM MS06-052 4\C
3
126093 HIGH MS06-051 4\C
3
126092 MEDIUM MS06-050 4\C
3
126087 HIGH MS06-046 4\C
3
126086 MEDIUM MS06-045 4\C
3
126083 HIGH MS06-042 4\C
3
126082 HIGH MS06-041 4\C
3
126081 HIGH MS06-040 4\C
3
123421 HIGH MS06-036 4\C
3
123420 HIGH MS06-035 4\C
3
120825 MEDIUM MS06-032 4\C
3
120823 MEDIUM MS06-030 4\C
3
120818 HIGH MS06-025 4\C
3
120815 HIGH MS06-022 4\C
3
120814 HIGH MS06-021 4\C
3
117384 MEDIUM MS06-018 4\C
3
114666 HIGH MS06-015 4\C
3
114664 HIGH MS06-013 4\C
3
111790 MEDIUM MS06-011 4\C
3
108744 MEDIUM MS06-008 4\C
3
108743 MEDIUM MS06-007 4\C
3
108742 MEDIUM MS06-006 4\C
3
104567 HIGH MS06-002 4\C
3
104237 HIGH MS06-001 4\C
3
101055 HIGH MS05-054 4\C
3
96574 HIGH MS05-053 4\C
3
93396 HIGH MS05-052 4\C
3
93395 HIGH MS05-051 4\C
3
93394 HIGH MS05-050 4\C
3
93454 MEDIUM MS05-049 4\C
3
;===================================================================================================================================================================================


Deckard's System Scanner v20071014.68
Run by Gerry on 2008-04-27 16:16:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
11: 2008-04-27 15:16:59 UTC - RP11 - Deckard's System Scanner Restore Point
10: 2008-04-27 10:07:22 UTC - RP10 - Restore Operation
9: 2008-04-27 09:13:11 UTC - RP9 - Installed Windows XP Service Pack 1.
8: 2008-04-27 08:53:32 UTC - RP8 - Installed Windows XP KB892130.
7: 2008-04-27 08:52:58 UTC - RP7 - Installed Windows Installer KB893803v2.


-- First Restore Point --
1: 2008-04-25 09:33:00 UTC - RP1 - System Checkpoint


Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-27 16:23:25
Platform: Windows XP Service Pack 1 (5.01.2600)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Kontiki\KService.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1173550792\ee\aolsoftware.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\McAfee\McAfee QuickClean\PlgUni.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\AOL 9.0a\aoltray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\Common Files\AOL\1173550792\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1173550792\ee\aolsoftware.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\McAfee\MSC\mcshell.exe
C:\Program Files\Trend Micro\HijackThis\Gerry.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Gerry\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newzbin.com/account
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1173550792\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [AOL Dialer] C:\Program Files\Common Files\AOL\ACS\AOlDial.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: Pinnacle ShowCenter StreamServer.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-GB\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...8f/wvc1dmo.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O20 - Winlogon Notify: crypt32chain - C:\WINDOWS\System32\crypt32.dll
O20 - Winlogon Notify: cryptnet - C:\WINDOWS\System32\cryptnet.dll
O20 - Winlogon Notify: cscdll - C:\WINDOWS\System32\cscdll.dll
O20 - Winlogon Notify: ScCertProp - C:\WINDOWS\System32\wlnotify.dll
O20 - Winlogon Notify: Schedule - C:\WINDOWS\System32\wlnotify.dll
O20 - Winlogon Notify: SensLogn - C:\WINDOWS\System32\WlNotify.dll
O20 - Winlogon Notify: termsrv - C:\WINDOWS\System32\wlnotify.dll
O20 - Winlogon Notify: wlballoon - C:\WINDOWS\System32\wlnotify.dll
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O21 - SSODL: rdihost - {277A082E-A28A-46DA-9CDE-07B64E356568} - rdihost.dll (file missing)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


--
End of file - 14454 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 ALCXSENS (Service for WDM 3D Audio Driver) - c:\windows\system32\drivers\alcxsens.sys <Not Verified; Sensaura Ltd; >
R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys <Not Verified; SlySoft, Inc.; CloneCD>
R3 HCF_MSFT - c:\windows\system32\drivers\hcf_msft.sys <Not Verified; Conexant; Modem>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys <Not Verified; America Online, Inc.; Wan Miniport (ATW)>

S1 wceusbsh (Windows CE USB Serial Host Driver) - c:\windows\system32\drivers\wceusbsh.sys <Not Verified; Microsoft Corporation; Windows CE USB Serial Host Driver>
S3 FETNDIS (VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver) - c:\windows\system32\drivers\fetnd5.sys (file missing)
S3 GMSIPCI - f:\install\gmsipci.sys (file missing)
S3 NTACCESS - f:\ntaccess.sys (file missing)
S3 SetupNTGLM7X - f:\ntglm7x.sys (file missing)
S3 StMp3Rec (Player Recovery Device Control Driver) - c:\windows\system32\drivers\stmp3rec.sys <Not Verified; Generic; Recovery Mode Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 PinnacleSys.MediaServer (Pinnacle Systems Media Service) - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe <Not Verified; Pinnacle Systems; Media Server>
R2 uploadmgr (Upload Manager) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-25 18:00:00 408 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2008-01-01 02:00:48 332 --a------ C:\WINDOWS\Tasks\McQcTask.job
2007-11-06 10:25:14 340 --a------ C:\WINDOWS\Tasks\McDefragTask.job


-- Files created between 2008-03-27 and 2008-04-27 -----------------------------

2008-04-27 11:56:27 0 d-------- C:\Program Files\Trend Micro
2008-04-27 11:08:53 0 d-------- C:\Program Files\ParetoLogic
2008-04-27 11:08:52 0 d-------- C:\Program Files\Common Files\ParetoLogic
2008-04-27 11:08:50 0 d-------- C:\Program Files\Windows Live
2008-04-27 11:08:02 0 d-------- C:\Program Files\Messenger Plus! Live
2008-04-27 10:30:17 0 d-------- C:\WINDOWS\Prefetch
2008-04-27 10:00:49 0 d-------- C:\ie-spyad_zo
2008-04-26 12:49:53 0 d-------- C:\Program Files\Panda Security
2008-04-26 12:14:47 7602176 --a------ C:\Documents and Settings\Gerry\ntuser.dat
2008-04-26 11:33:02 0 d-------- C:\Documents and Settings\Gerry\Application Data\ParetoLogic
2008-04-26 11:32:55 0 d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2008-04-26 11:32:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-04-26 10:38:06 35840 --a------ C:\WINDOWS\System32\drivers\isapnp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 11:15:35 0 d-------- C:\AdventNet
2008-04-25 11:03:46 0 --a------ C:\Documents and Settings\Gerry\fport
2008-04-25 11:00:18 0 d-------- C:\fport
2008-04-25 10:14:37 40960 --a------ C:\WINDOWS\System32\safrslv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:14:37 26624 --a------ C:\WINDOWS\System32\safrdm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:14:37 39424 --a------ C:\WINDOWS\System32\safrcdlg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:14:36 33280 --a------ C:\WINDOWS\System32\racpldlg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:14:34 32768 --a------ C:\WINDOWS\System32\mnmsrvc.exe <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2008-04-25 10:14:34 28672 --a------ C:\WINDOWS\System32\isrdbg32.dll <Not Verified; Intel Corporation; ISRDBG32.DLL>
2008-04-25 10:14:33 47616 --a------ C:\WINDOWS\System32\inetres.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:14:31 77824 --a------ C:\WINDOWS\System32\isign32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:14:31 266240 --a------ C:\WINDOWS\System32\inetcfg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:14:31 61440 --a------ C:\WINDOWS\System32\icwphbk.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:14:31 69632 --a------ C:\WINDOWS\System32\icwdial.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:14:24 17408 --a------ C:\WINDOWS\System32\qmgrprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:14:24 221696 --a------ C:\WINDOWS\System32\qmgr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:14:18 158720 --a------ C:\WINDOWS\System32\srsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:14:18 226304 --a------ C:\WINDOWS\System32\srrstr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:14:18 63488 --a------ C:\WINDOWS\System32\srclient.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:14:18 69248 --a------ C:\WINDOWS\System32\drivers\sr.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:14:17 24576 --a------ C:\WINDOWS\System32\nmmkcert.dll <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2008-04-25 10:14:17 65536 --a------ C:\WINDOWS\System32\msconf.dll <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2008-04-25 10:14:17 32256 --a------ C:\WINDOWS\System32\mnmdd.dll <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2008-04-25 10:14:17 73728 --a------ C:\WINDOWS\System32\ils.dll <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2008-04-25 10:14:14 81408 --a------ C:\WINDOWS\System32\msoert2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:14:14 228864 --a------ C:\WINDOWS\System32\msoeacct.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:14:13 587776 --a------ C:\WINDOWS\System32\inetcomm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:14:12 159232 --a------ C:\WINDOWS\System32\schedsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:14:12 9728 --a------ C:\WINDOWS\System32\mstinit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:14:11 250368 --a------ C:\WINDOWS\System32\mstask.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:54 179200 --a------ C:\WINDOWS\System32\accwiz.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:53 124416 --a------ C:\WINDOWS\System32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:53 489984 --a------ C:\WINDOWS\System32\hypertrm.dll <Not Verified; Hilgraeve, Inc.; Microsoft® Windows® Operating System>
2008-04-25 10:12:52 61952 --a------ C:\WINDOWS\System32\rdshost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:52 18432 --a------ C:\WINDOWS\System32\qprocess.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:52 83968 --a------ C:\WINDOWS\System32\mtxoci.dll <Not Verified; Microsoft Corporation; COM Services>
2008-04-25 10:12:52 151040 --a------ C:\WINDOWS\System32\msdtcuiu.dll <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2008-04-25 10:12:52 20232 --a------ C:\WINDOWS\System32\drivers\tdtcp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:52 11144 --a------ C:\WINDOWS\System32\drivers\tdpipe.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:51 9728 --a------ C:\WINDOWS\System32\xolehlp.dll <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2008-04-25 10:12:51 869376 --a------ C:\WINDOWS\System32\msdtctm.dll <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2008-04-25 10:12:51 54784 --a------ C:\WINDOWS\System32\msdtclog.dll <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2008-04-25 10:12:51 6144 --a------ C:\WINDOWS\System32\msdtc.exe <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2008-04-25 10:12:50 82432 --a------ C:\WINDOWS\System32\comrepl.dll <Not Verified; Microsoft Corporation; COM Services>
2008-04-25 10:12:50 56832 --a------ C:\WINDOWS\System32\colbact.dll <Not Verified; Microsoft Corporation; COM Services>
2008-04-25 10:12:50 100864 --a------ C:\WINDOWS\System32\clbcatex.dll <Not Verified; Microsoft Corporation; COM Services>
2008-04-25 10:12:50 85504 --a------ C:\WINDOWS\System32\catsrvps.dll <Not Verified; Microsoft Corporation; COM Services>
2008-04-25 10:12:50 215040 --a------ C:\WINDOWS\System32\catsrv.dll <Not Verified; Microsoft Corporation; COM Services>
2008-04-25 10:12:49 495616 --a------ C:\WINDOWS\System32\comuid.dll <Not Verified; Microsoft Corporation; COM Services>
2008-04-25 10:12:49 468480 --a------ C:\WINDOWS\System32\clbcatq.dll <Not Verified; Microsoft Corporation; COM Services>
2008-04-25 10:12:45 53248 --a------ C:\WINDOWS\System32\servdeps.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:45 16384 --a------ C:\WINDOWS\System32\mmfutil.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:44 339968 --a------ C:\WINDOWS\System32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:44 116736 --a------ C:\WINDOWS\System32\mplay32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:44 174592 --a------ C:\WINDOWS\System32\cmprops.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:43 534016 --a------ C:\WINDOWS\System32\spider.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:43 98816 --a------ C:\WINDOWS\System32\clipbrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:42 9216 --a------ C:\WINDOWS\System32\wuauserv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:42 88064 --a------ C:\WINDOWS\System32\tscfgwmi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:42 115976 --a------ C:\WINDOWS\System32\drivers\rdpwd.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:41 40960 --a------ C:\WINDOWS\System32\tscupgrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:41 200192 --a------ C:\WINDOWS\System32\termsrv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:41 129024 --a------ C:\WINDOWS\System32\sessmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:41 56320 --a------ C:\WINDOWS\System32\remotepg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:41 12288 --a------ C:\WINDOWS\System32\rdsaddin.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:41 135680 --a------ C:\WINDOWS\System32\rdchost.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:41 598016 --a------ C:\WINDOWS\System32\mstscax.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:41 388608 --a------ C:\WINDOWS\System32\mstsc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:40 75912 --a------ C:\WINDOWS\System32\rdpwsx.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:40 14848 --a------ C:\WINDOWS\System32\rdpsnd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:40 44032 --a------ C:\WINDOWS\System32\rdpclip.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:40 359936 --a------ C:\WINDOWS\System32\msdtcprx.dll <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2008-04-25 10:12:40 9216 --a------ C:\WINDOWS\System32\icaapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:40 32768 --a------ C:\WINDOWS\System32\cfgbkend.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:12:39 582656 --a------ C:\WINDOWS\System32\catsrvut.dll <Not Verified; Microsoft Corporation; COM Services>
2008-04-25 10:12:38 1172992 --a------ C:\WINDOWS\System32\comsvcs.dll <Not Verified; Microsoft Corporation; COM Services>
2008-04-25 10:12:34 57856 --a------ C:\WINDOWS\System32\licwmi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:11:00 50048 --a------ C:\WINDOWS\System32\drivers\DMusic.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:08:47 56832 --a------ C:\WINDOWS\System32\drivers\USBAUDIO.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:07:42 49664 --a------ C:\WINDOWS\System32\vfwwdm32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:07:40 5888 --a------ C:\WINDOWS\System32\drivers\splitter.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:07:28 56576 --a------ C:\WINDOWS\System32\drivers\redbook.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:02:30 38024 --a------ C:\WINDOWS\System32\drivers\termdd.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:02:29 182400 --a------ C:\WINDOWS\System32\drivers\rdpdr.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:01:40 24661 --a------ C:\WINDOWS\System32\spxcoins.dll <Not Verified; Perle Systems Ltd.; Specialix Multi-port Serial Device Class CoInstaller>
2008-04-25 10:01:40 13312 --a------ C:\WINDOWS\System32\irclass.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:01:40 10496 --a------ C:\WINDOWS\System32\drivers\irenum.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 10:01:39 71168 --a------ C:\WINDOWS\System32\storprop.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-23 19:51:55 11264 -----n--- C:\WINDOWS\System32\drivers\asapiW2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>
2008-04-23 19:51:55 19456 -----n--- C:\WINDOWS\System32\asapi.dll <Not Verified; VoB Computersysteme GmbH; >
2008-04-23 19:46:29 138752 -----n--- C:\WINDOWS\System32\MASE32.DLL
2008-04-23 19:46:29 57856 -----n--- C:\WINDOWS\System32\MASD32.DLL
2008-04-23 19:46:29 136192 -----n--- C:\WINDOWS\System32\MAMC32.DLL <Not Verified; ; MAMC32 Dynamic Link Library>
2008-04-23 19:46:29 196096 -----n--- C:\WINDOWS\System32\MACD32.DLL <Not Verified; ; MACD32 Dynamic Link Library>
2008-04-23 19:46:29 27648 -----n--- C:\WINDOWS\System32\MA32.DLL
2008-04-23 19:46:29 41472 -----n--- C:\WINDOWS\System32\CacheX.dll <Not Verified; Pinnacle Systems GmbH; Cache DLL>
2008-04-21 08:02:46 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2008-04-21 08:02:46 0 d-------- C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
2008-04-20 11:23:51 85504 -----n--- C:\WINDOWS\System32\lame_enc.dll
2008-04-19 18:29:18 0 dr-h----- C:\Documents and Settings\Gerry\Recent
2008-04-17 08:53:34 0 d-------- C:\Program Files\Norton Security Scan
2008-04-17 08:52:29 0 d-------- C:\WINDOWS\System32\Adobe
2008-04-16 10:34:35 0 d-------- C:\Program Files\Huawei technologies
2008-04-15 16:21:07 0 d-------- C:\Documents and Settings\All Users\Application Data\IM
2008-04-15 16:18:56 0 d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-03-27 22:24:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-03-27 20:27:31 0 d-------- C:\Documents and Settings\All Users\Application Data\pixelStorm
2008-03-27 17:26:44 0 d-------- C:\Program Files\Sybex
2008-03-27 13:52:14 0 d-------- C:\Program Files\Kontiki
2008-03-27 13:52:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-03-27 13:52:07 0 d-------- C:\logs3


-- Find3M Report ---------------------------------------------------------------

2008-04-27 11:08:38 0 d-------- C:\Program Files\Messenger
2008-04-26 12:21:35 0 d-------- C:\Program Files\MSN Messenger
2008-04-26 12:14:52 0 d-------- C:\Program Files\Common Files
2008-04-26 11:47:21 0 d-------- C:\Program Files\SpeedFan
2008-04-25 15:23:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-25 10:33:51 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-25 10:14:24 0 d-------- C:\Program Files\Movie Maker
2008-04-25 10:13:11 23388 --a------ C:\WINDOWS\System32\emptyregdb.dat
2008-04-25 10:12:53 0 d-------- C:\Program Files\Windows NT
2008-04-23 20:01:40 0 d-------- C:\Program Files\Pinnacle
2008-04-22 07:42:59 0 d-------- C:\Program Files\McAfee
2008-04-19 18:29:33 0 d-------- C:\Program Files\DivX
2008-04-18 1811 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-17 11:56:39 0 d-------- C:\Documents and Settings\Gerry\Application Data\Adobe
2008-03-26 11:33:52 0 d-------- C:\Program Files\AOL 9.0a
2008-03-21 1930 0 d-------- C:\Program Files\Common Files\aolshare
2008-03-21 1922 0 d-------- C:\Program Files\Common Files\AOL
2008-03-17 09:54:35 0 d-------- C:\Program Files\Java


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [05/12/2007 01:41 C:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/03/2007 19:01]
"HostManager"="C:\Program Files\Common Files\AOL\1173550792\ee\AOLSoftware.exe" [17/11/2006 14:21]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [18/01/2005 18:47]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [18/01/2005 18:37]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [05/12/2007 01:41]
"AOLAspSunset2"="C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [10/03/2007 19:01]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [19/05/2005 14:47]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [07/12/2007 16:30]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 23:33]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [24/08/2007 22:57]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [10/11/2003 17:06]
"SoundMan"="SOUNDMAN.EXE" [15/08/2003 08:34 C:\WINDOWS\SOUNDMAN.EXE]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [05/12/2007 01:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [02/12/2004 19:23]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [18/01/2005 18:07]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" []
"McAfee QuickClean Imonitor"="C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe" [26/12/2005 06:01]
"AOL Dialer"="C:\Program Files\Common Files\AOL\ACS\AOlDial.exe" [07/12/2007 16:30]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [13/11/2006 13:39]
"Aim6"="" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0a\aoltray.exe [11/03/2007 10:20:40]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [03/11/2007 11:36:50]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 02:01:04]
Photo Loader supervisory.lnk - C:\Program Files\CASIO\Photo Loader\Plauto.exe [10/03/2007 19:16:41]
Pinnacle ShowCenter StreamServer.lnk - C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe [23/04/2008 19:44:21]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"rdihost"= {277A082E-A28A-46DA-9CDE-07B64E356568} - rdihost.dll [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55632fb8-cf1e-11db-919c-806d6172696f}]
AutoRun\command- F:\autorun.exe




-- End of Deckard's System Scanner: finished at 2008-04-27 16:32:34 ------------
Attached Files
File Type: txt extra.txt (22.0 KB, 0 views)
theGman is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 04-27-2008, 10:23 AM   #2 (permalink)
Analyst, Security Team
 
Rahina's Avatar
 
Join Date: Feb 2007
Posts: 209
OS: Windows XP Pro


Re: PC running very slow and some programs shut down as soon as I start them?
Welcome!

Unfortunately i have some bad news for you!

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
__________________
Rahina is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 04-27-2008, 12:08 PM   #3 (permalink)
Registered User
 
Join Date: Jun 2007
Location: Troon, Scotland
Posts: 47
OS: WinXP, Vista


Send a message via MSN to theGman
Re: PC running very slow and some programs shut down as soon as I start them?
Rahina, thanks for the advice. Not good news Could you please assist me with the clean operation. Thank you in advance.
theGman is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 04-27-2008, 12:38 PM   #4 (permalink)
Analyst, Security Team
 
Rahina's Avatar
 
Join Date: Feb 2007
Posts: 209
OS: Windows XP Pro


Re: PC running very slow and some programs shut down as soon as I start them?
I'd be glad to.

But please keep in mind what i posted in my previous post!

Please download Malwarebytes' Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Double-click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • If you have trouble with the update process, please download the latest updates here.
  • Double-click the mbam-rules.exe file on your desktop and let it update the application.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (see extra note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Please copy and paste the entire report in your next reply. :)
Extra note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

===========================

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  2. Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleaning the system:

C:\ComboFix.txt
New HijackThis log
Malwarebytes Log..
__________________
Rahina is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 04-27-2008, 01:12 PM   #5 (permalink)
Registered User
 
Join Date: Jun 2007
Location: Troon, Scotland
Posts: 47
OS: WinXP, Vista


Send a message via MSN to theGman
Re: PC running very slow and some programs shut down as soon as I start them?
Rahina, do I install the recovery console before I do the malwares scan?
theGman is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 04-27-2008, 01:14 PM   #6 (permalink)