|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
05-06-2008, 05:02 PM
|
#1 (permalink) |
|
Registered User
Join Date: May 2008
Posts: 1
OS: xp
|
Multi-User System, Lag Issues
Our home computer is shared by the family each person having their own account. After certain accounts are used other users will receive severe lag with windows and internet explorer. We think one of the younger users might have downloaded malware and other things of that nature.
Here is Main, from the Deckard System Scanner: Deckard's System Scanner v20071014.68 Run by Owner on 2008-05-06 19:26:22 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 56: 2008-05-06 23:26:37 UTC - RP595 - Deckard's System Scanner Restore Point 55: 2008-05-06 23:21:21 UTC - RP594 - Software Distribution Service 3.0 54: 2008-05-06 19:43:06 UTC - RP593 - System Checkpoint 53: 2008-05-04 15:11:42 UTC - RP592 - System Checkpoint 52: 2008-05-02 12:50:19 UTC - RP591 - System Checkpoint -- First Restore Point -- 1: 2008-02-07 23:23:48 UTC - RP540 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-05-06 19:30:26 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Grisoft\AVG7\avgamsvr.exe C:\Program Files\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\Program Files\McAfee\MSC\mcmscsvc.exe C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\SiteAdvisor\6253\SAService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\explorer.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Digital Media Reader\shwiconEM.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\McAfee\SpamKiller\MSKAgent.exe C:\Program Files\SiteAdvisor\6253\SiteAdv.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\McAfee\VirusScan\mcsysmon.exe C:\Program Files\McAfee\MSC\mcuimgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Owner\Desktop\dss.exe C:\WINDOWS\system32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nc.rr.com/default.cfm R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.rr.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar22.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar22.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: ymetray.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - CmdMapping - (file missing) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) - http://java.sun.com/products/plugin/...ndows-i586.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe -- End of file - 11788 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver> R3 SunkFilt (Alcor Micro Corp Reader) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt> S3 STEAMDVR - c:\program files\steam\bin\x86\steamdvr.sys (file missing) S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing) S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S2 MskService (McAfee SpamKiller Server) - c:\progra~1\mcafee\spamki~1\msksrvr.exe <Not Verified; McAfee Inc.; McAfee SpamKiller> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-05-06 17:09:27 364 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job 2008-04-01 01:00:56 332 --a------ C:\WINDOWS\Tasks\McQcTask.job 2007-09-22 18:05:44 340 --a------ C:\WINDOWS\Tasks\McDefragTask.job -- Files created between 2008-04-06 and 2008-05-06 ----------------------------- 2008-05-06 18:16:41 0 d-------- C:\ie-spyad_zo 2008-05-06 18:08:27 0 d-------- C:\Program Files\SpywareBlaster 2008-05-06 13:11:05 0 d-------- C:\Program Files\Panda Security 2008-05-06 13:11:03 0 d-------- C:\WINDOWS\LastGood 2008-04-28 18:46:16 0 d-------- C:\Documents and Settings\TEMP\Application Data\AVG7 2008-04-28 18:21:57 0 d-------- C:\Documents and Settings\TEMP\Application Data\Nova Development 2008-04-27 11:25:50 0 dr------- C:\Documents and Settings\TEMP\My Documents 2008-04-25 18:23:27 0 d-------- C:\Documents and Settings\TEMP\Application Data\Sun 2008-04-25 16:04:14 0 d-------- C:\Documents and Settings\TEMP\Application Data\Microsoft 2008-04-25 16:01:22 0 d-------- C:\Documents and Settings\TEMP\Application Data\Google 2008-04-25 16:01:17 0 d-------- C:\Documents and Settings\TEMP\Application Data 2008-04-25 16:01:17 0 d-------- C:\Documents and Settings\TEMP\Application Data\SiteAdvisor 2008-04-22 18:17:35 0 dr------- C:\Documents and Settings\TEMP\Favorites 2008-04-22 18:17:31 0 d-------- C:\Documents and Settings\TEMP\Start Menu 2008-04-22 18:17:31 0 dr-h----- C:\Documents and Settings\TEMP\Recent 2008-04-22 18:17:31 0 d-------- C:\Documents and Settings\TEMP\Desktop 2008-04-22 18:11:23 0 d--h----- C:\Documents and Settings\TEMP\Templates 2008-04-22 18:11:23 0 d--h----- C:\Documents and Settings\TEMP\Cookies 2008-04-22 18:11:21 0 d--h----- C:\Documents and Settings\TEMP\Local Settings 2008-04-22 18:11:03 262144 --ah----- C:\Documents and Settings\TEMP\ntuser.dat -- Find3M Report --------------------------------------------------------------- 2008-05-06 12:43:39 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7 2008-04-20 13:15:07 0 d-------- C:\Program Files\World of Warcraft 2008-04-05 15:23:20 0 d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor 2008-02-12 15:11:57 3449 --a------ C:\WINDOWS\unins000.dat 2008-02-12 15:11:08 691545 --a------ C:\WINDOWS\unins000.exe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [11/15/2004 06:04 PM] "@"="" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 02:50 PM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/09/2005 02:34 PM] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/18/2005 12:05 AM] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 11:24 PM] "Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [] "SoundMan"="SOUNDMAN.EXE" [12/01/2004 07:54 PM C:\WINDOWS\SOUNDMAN.EXE] "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [09/26/2005 10:26 AM] "MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [08/12/2005 04:16 PM] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [08/24/2007 05:57 PM] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 11:33 PM] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/15/2008 10:03 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 PM] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 05:45 PM] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/14/2007 09:07 PM] "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [09/28/2006 09:09 PM] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 12:43 PM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM] BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [5/9/2005 2:34:38 PM] ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [8/14/2006 1:12:46 PM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1abf2916-900c-11da-9876-0013d308b63a}] AutoRun\command- J:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28912b06-2fe0-11db-9a52-0013d308b63a}] AutoRun\command- J:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28912b07-2fe0-11db-9a52-0013d308b63a}] AutoRun\command- K:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6adc7af9-cd74-11d9-b105-806d6172696f}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 *Newly Created Service* - RKPAVPROC -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 8081 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-05-06 19:33:10 ------------ The Extra Log from the Deckard System Scanner as well as the Panda Scan are attached. Thank you in advance for any help with this matter. |
|
     |
|
05-08-2008, 09:17 PM
|
#2 (permalink) |
|
Security Team (ret.)
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,405
OS: XP Pro SP3
|
Re: Multi-User System, Lag Issues
I dont see any sign of malware but what I do see is to many anti virus programs.These can cause conflicts and slow downs.Keep one and remove the rest.
__________________
An Australian Member of  Eddy |
|
|
|
|
| Thread Tools | |
|
|
