cpu slow and buggy...

**grassi** · 02-11-2008, 10:43 AM

hello team, long time no see...

My computer freezes up and is acting slow lately. Because of my gaming i got rid of any antivirus program that i tried, cuz it slowed my gaming down. However i use the new Spybot, adaware, and spyguard. I also have a built in firewall i use. However lately its been pretty slow and even when im searchin for pics, the result page(for ex. searchin for a gun pic through msn or photobucket) the results page takes for ever to show the pic, and sometimes i dont even get one, but just that white box with a red x in the corner. Ive tried Deckards scanner but it just freezes after producing a HJT log? Since ive tried numerous times to get this scanner to work, i would like to remove Deckard, and htj, and start from scratch. Not sure how to properly remove them? Thanks for your time.

here is what deckard came up with, but it is now froze as we speak..

Logfile of HijackThis v1.99.1
Scan saved at 12:23:41 PM, on 08-02-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe (anti cheat program for my gaming
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe
C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Owner\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\HP_Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CreativeMS2020] C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1128469640765
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {A2EBA59E-C601-4AE3-900B-6B61F29500BE} (ActiveFormX Control) - https://widow1.factualdata.com/ocx/print3.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dellog32 - C:\WINDOWS\SYSTEM32\dellog32.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe (file missing)

some others besides my gaming look odd, ex. myspace url?

Ried · 02-12-2008, 09:02 PM

Hello grassi,

No need to get rid of dss.exe. Please run dss.exe again, but use these instructions:

Click Start>Select 'Run' - then copy/paste the following text into the run box & click OK

"%userprofile%\desktop\dss.exe" /config

In the dialog box that appears:

Under the Main Log heading-- Uncheck Temp Cleanup

Click Scan!

The main.txt and extra.txt will open up in Notepad. Copy/paste the contents of that report in your next reply.

**grassi** · 02-13-2008, 12:18 AM

k, it made it further but it ends up freezin. Ive been tryin for days, maybe its my link im using. Its from a past post.
I can try in the mornin, but dont think its gonna work...

Thank you for your time Ried

Ried · 02-13-2008, 05:50 AM

No, the link you downloaded from has nothing to do with it.

Take note at what stage dss.exe is hanging at, and using the previous instructions I gave you for running dss.exe from the Run box, untick whatever section dss.exe hung at.

**grassi** · 02-13-2008, 08:24 AM

okay well that was rough, lol. 1st i tried unchecking temp and registry, cuz it kept hangin on registry, then it hung on addremove programs, so i unchecked temp files, registry, and add remove programs. Dunno if i like the sound of that, and i hope i can still check these programs i unchecked? Anyway heres my main.txt.
Deckard's System Scanner v20071014.68
Run by HP_Owner on 2008-02-13 10:21:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

-- Last 5 Restore Point(s) --
89: 2008-02-13 14:15:38 UTC - RP276 - Deckard's System Scanner Restore Point
88: 2008-02-13 14:04:54 UTC - RP275 - Software Distribution Service 3.0
87: 2008-02-13 06:52:18 UTC - RP274 - Deckard's System Scanner Restore Point
86: 2008-02-12 18:14:29 UTC - RP273 - System Checkpoint
85: 2008-02-11 16:29:21 UTC - RP272 - Deckard's System Scanner Restore Point

-- First Restore Point --
1: 2007-11-16 03:38:15 UTC - RP188 - System Checkpoint

-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-13 10:22:27
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\hp\KBD\kbd.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\HP_Owner\Desktop\dss.exe
C:\Program Files\HijackThis\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CreativeMS2020] C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1128469640765
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {A2EBA59E-C601-4AE3-900B-6B61F29500BE} (ActiveFormX Control) - https://widow1.factualdata.com/ocx/print3.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: dellog32 - C:\WINDOWS\system32\dellog32.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe

--
End of file - 6924 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20070508-160356-148 O4 - Startup: PowerReg Scheduler.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 catchme - c:\docume~1\hp_owner\locals~1\temp\catchme.sys (file missing)
S3 jswmidin - c:\docume~1\hp_owner\locals~1\temp\jswmidin.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 szserver (STOPzilla Service) - c:\program files\common files\stopzilla!\szserver.exe (file missing)
S3 Symantec Core LC - "c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" (file missing)

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2008-01-13 and 2008-02-13 -----------------------------

2008-01-29 21:10:39 0 d-------- C:\WINDOWS\nview
2008-01-29 19:58:04 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-29 19:58:04 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-28 20:20:45 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\InstallShield

-- Find3M Report ---------------------------------------------------------------

2008-02-09 22:59:10 0 d-------- C:\Program Files\oldspybot
2008-01-31 20:34:20 0 d-------- C:\Program Files\Creative
2008-01-31 20:34:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-31 20:33:46 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-31 20:29:52 0 d-------- C:\Program Files\Common Files\Logitech
2008-01-31 20:22:15 0 d-------- C:\Program Files\Logitech
2008-01-31 20:22:01 0 d-------- C:\Program Files\Common Files\Logishrd
2008-01-28 18:02:01 0 d-------- C:\Program Files\SpywareBlaster
2008-01-28 14:26:23 0 d-------- C:\Program Files\SpywareGuard
2007-12-26 15:35:51 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\GSC

-- Hosts -----------------------------------------------------------------------

127.0.0.1 localhost #***Inserted By STOPzilla***
127.0.0.1 600pics.com # ***Inserted By STOPzilla***
127.0.0.1 all-tgp.org # ***Inserted By STOPzilla***
127.0.0.1 bailefunk.com # ***Inserted By STOPzilla***
127.0.0.1 best4all.net # ***Inserted By STOPzilla***
127.0.0.1 besthardcore.net # ***Inserted By STOPzilla***
127.0.0.1 bundleware.com # ***Inserted By STOPzilla***
127.0.0.1 dedmazai.com # ***Inserted By STOPzilla***
127.0.0.1 download.abetterinternet.com # ***Inserted By STOPzilla***
127.0.0.1 flavinha.com # ***Inserted By STOPzilla***

7973 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-02-13 10:23:39 ------------

__________________________________________________________________________
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) XP 3000+
Percentage of Memory in Use: 25%
Physical Memory (total/avail): 1535.48 MiB / 1144.38 MiB
Pagefile Memory (total/avail): 3388.64 MiB / 3158.64 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.04 MiB

C: is Fixed (NTFS) - 68.96 GiB total, 55.86 GiB free.
D: is Fixed (FAT32) - 5.58 GiB total, 0.76 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG SP0802N - 74.56 GiB - 2 partitions
\PARTITION0 - Unknown - 5.59 GiB - D:
\PARTITION1 (bootable) - Installable File System - 68.96 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-86339EB2BF
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Owner
LOGONSERVER=\\YOUR-86339EB2BF
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\STOPzilla!;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
USERDOMAIN=YOUR-86339EB2BF
USERNAME=HP_Owner
USERPROFILE=C:\Documents and Settings\HP_Owner
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

HP_Owner (admin)
Administrator (new local, admin)

-- Application Event Log -------------------------------------------------------

Event Record #/Type23096 / Error
Event Submitted/Written: 02/07/2008 00:10:03 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application et.exe, version 0.0.0.0, faulting module cgame_mp_x86.dll, version 0.0.0.0, fault address 0x0001d2f1.
Processing media-specific event for [et.exe!ws!]

Event Record #/Type23094 / Error
Event Submitted/Written: 02/06/2008 08:33:13 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application et.exe, version 0.0.0.0, faulting module cgame_mp_x86.dll, version 0.0.0.0, fault address 0x0001d2f1.
Processing media-specific event for [et.exe!ws!]

Event Record #/Type23092 / Error
Event Submitted/Written: 02/06/2008 02:13:50 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16574, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type23065 / Error
Event Submitted/Written: 01/29/2008 08:13:45 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application nvcplui.exe, version 1.5.30.38, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type23061 / Error
Event Submitted/Written: 01/29/2008 07:53:12 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application rundll32.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type108121 / Error
Event Submitted/Written: 02/13/2008 10:20:21 AM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Event Record #/Type108120 / Error
Event Submitted/Written: 02/13/2008 10:20:21 AM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'nist1.ny.glassey.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Event Record #/Type108118 / Error
Event Submitted/Written: 02/13/2008 09:56:19 AM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.

Event Record #/Type108117 / Error
Event Submitted/Written: 02/13/2008 09:56:19 AM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'nist1.ny.glassey.com,0x1'. NtpClient will try the DNS lookup again in 30
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Event Record #/Type108115 / Error
Event Submitted/Written: 02/13/2008 09:41:23 AM
Event ID/Source: 23 / Print
Event Description:
Printer Lexmark Z600 Series,0 failed to initialize because a suitable Lexmark Z600 Series driver could not be found.

-- End of Deckard's System Scanner: finished at 2008-02-13 10:23:39 ------------

i do a clean up and defrag at least twice a week, and i know i said this before but, everyday i defrag i have 85% free space
(yesterday)now all of a sudden i have 80(today), isnt that a dramatic change?

Ried · 02-13-2008, 10:09 PM

You've unchecked one of the most critical areas I needed to see. I think perhaps you didn't wait long enough for dss.exe to scan particular areas. While this is not an 'instant' scan, it typically takes up to 10 minutes to complete.

This is what I need you to do now, and in this order.

Get an anti-virus on here right away. The programs you left on the system are only anti-malware programs--they are not the same as an AV. Connecting to the Internet without Anti Virus protection is a "Welcome" doormat for infections.

If your subscription to Symantec has run out, here are 2 very good free Antivirus products which are available:

Download Avira AntiVir PersonalEdition Classic.
AVG

Select one of these, or another of your choice. Download, install, update definitions, and run a full system scan.

-----------------------------------------------

After you've completed the above, run dss.exe again, in the following manner:

Click Start>Select 'Run' - then copy/paste the following text into the run box & click OK

"%userprofile%\desktop\dss.exe" /config

In the dialog box that appears:

Click 'Check All'

Then Uncheck only these 2:

Temp Cleanup
Backing Registry Hives

----------------------------------------

Please post the logs it creates.

**grassi** · 02-14-2008, 12:32 AM

okay, i tried downloading avg, but found nothing after these last few yrs of no protection. I think im gonna end up uninstalling it, as these programs tend to slow my cpu down when im gaming. For the amount of cpu usage it takes up,conflicting with my game, and always same scan results. I got rid of Norton cuz it just didnt find anything either.

This deckard scanner just doesnt work for me, ive been workin on it for days now. I let the scan go for hrs before i have to shut my pc down. It freezes on "examining registry". And sometimes others...(doesnt even show up in the task manager)

Ried · 02-14-2008, 07:24 AM

Try running dss.exe in Safe Mode after running a full system scan.

It would be best if you could have that for me today sometime as I will be offline for the next 4 days.

**grassi** · 02-14-2008, 08:13 AM

okay, nothing found when scanning with avg, and thes comboscan does not work for me. I tried everything Ried... I just dont get it. Maybe its outdated? Ive tried this program over 30 times, no kiddin. Tried it in safe mode(signed on hp owner and administrator), safemode with networking, exited out of spybot and spyblaster, shut off firewall, did a scan with avg, did a clean up, a defrag, scanned with spybot, and adaware. Still hangs up on registry.

seems to me somethings wrong with my registry, if its always hangin on it?
Could an outdated "hjt" be a problem?

Ried · 02-14-2008, 12:44 PM

grassi, are you actually using ComboScan and not Deckard's System Scanner? If so, then yes--delete that as it is terribly outdated.

As noted in the final step (Step 5) of our sticky topic (Updated!) IMPORTANT - Read This Before Posting A Log, download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:

create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review.
DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
Please attach extra.txt to your post.

To attach a file to a new post, simply

Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:
C:\Deckard\System Scanner\extra.txt
Click Upload.

Please include the following in your next reply:

main.txt
an attached extra.txt

**grassi** · 02-14-2008, 04:52 PM

i meant to say deckard ried, sorry...im just going crazy over here cuz im tryin to read up on registry fix programs so we can get this resolved before your leave, and didnt mean to say combofix. I have just spent my only few days off, trying to get DSS to work...My cpu is really slow now, much worse, since i downloaded avg, and since it doesnt and probably never will find anything, im gonna go ahead and get rid of it.

I noticed another post here but they got no answer, same problem, hangs up on registry...

Ried · 02-14-2008, 09:29 PM

How long are you waiting?

Please try running it from safe mode.

**grassi** · 02-14-2008, 10:30 PM

Im still searchin around for this same problem, and am trying new scanning programs to try and get this to work for you. Im still trying but like i said its not working. Obviously there is something wrong here. Im following your directions but when DSS gets to examining registry it just sits on it. Since i know nothing about it i sit around for ever, before i check it, and next thing i know it says not responding. In safe mode it freezes also after many tries. I did notice im signed on as hp owner, does that matter? I tried signing on to administative through safe mode but desktop options were not there, except internet explorer, and recycling bin. Then i tried Hp owner in safe mode i had all desktop options but it froze at examining registry, went right through hjt and didnt produce logs, any of the times. gonna go through my past post, as this may have happend to me, before.

Ried · 02-14-2008, 11:00 PM

grassi, let's just keep moving as I'll be leaving tomorrow.

You have to leave an AV on this system. If you feel you must remove a program, then uninstall one of your anti-malware programs.

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

**grassi** · 02-15-2008, 12:30 AM

ComboFix 08-02-15.2 - HP_Owner 2008-02-15 2:15:35.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1110 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))
.

2008-02-14 23:59 . 2008-02-14 23:59 <DIR> d-------- C:\Deckard
2008-02-14 01:05 . 2008-02-14 01:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-14 01:05 . 2008-02-14 14:02 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\AVG7
2008-02-14 01:05 . 2008-02-14 01:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-14 01:05 . 2008-02-14 01:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-09 23:07 . 2008-02-09 23:07 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-29 21:10 . 2008-01-29 21:10 <DIR> d-------- C:\WINDOWS\nview
2008-01-29 21:10 . 2007-10-04 17:14 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-01-29 21:10 . 2008-01-29 21:16 140,158 --a------ C:\WINDOWS\system32\nvapps.xml
2008-01-29 20:37 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-01-29 20:37 . 2007-10-04 17:14 17,525 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-01-29 19:58 . 2008-01-29 19:58 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-29 19:58 . 2008-01-29 19:58 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-28 20:20 . 2008-01-28 20:20 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 05:38 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-15 05:38 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-02-10 04:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-10 03:59 --------- d-----w C:\Program Files\oldspybot
2008-02-01 01:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 01:34 --------- d-----w C:\Program Files\Creative
2008-02-01 01:33 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-01 01:29 --------- d-----w C:\Program Files\Common Files\Logitech
2008-02-01 01:22 --------- d-----w C:\Program Files\Logitech
2008-02-01 01:22 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-02-01 01:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-01-28 23:02 --------- d-----w C:\Program Files\SpywareBlaster
2008-01-28 19:26 --------- d-----w C:\Program Files\SpywareGuard
2007-12-26 20:35 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\GSC
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-05 06:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-29 07:17 55,824 ----a-w C:\WINDOWS\KHALMNPR.Exe
2005-12-21 03:49 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Mscomp]
@={89BDD0AB-5A19-4853-A47E-0EC759700527}

[HKEY_CLASSES_ROOT\CLSID\{89BDD0AB-5A19-4853-A47E-0EC759700527}]
2007-04-16 10:52 1365193 --a------ C:\WINDOWS\system32\winbios.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 04:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 05:43 57344]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 19:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-11 22:52 180269]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24 54840]
"AutoTBar"="c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"CreativeMS2020"="C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe" [2006-05-09 13:58 143360]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-14 01:07 579072]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-14 01:05 219136]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dellog32]
dellog32.dll 2007-04-16 10:52 581265 C:\WINDOWS\system32\dellog32.dll

R3 ctms2020;Creative HID USB Filter Driver1;C:\WINDOWS\system32\DRIVERS\ctms2020.Sys [2006-05-09 14:12]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 07:00]
S3 jswmidin;jswmidin;C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jswmidin.sys []

*Newly Created Service* - PNKBSTRB
*Newly Created Service* - PNKBSTRK
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 02:16:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\dellog32.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\winbios.dll
.
Completion time: 2008-02-15 2:17:25
.
2008-02-13 14

34 --- E O F ---
________________________________________________________________________________________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 02:24:39 AM, on 08-02-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe
C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HP_Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CreativeMS2020] C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1128469640765
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {A2EBA59E-C601-4AE3-900B-6B61F29500BE} (ActiveFormX Control) - https://widow1.factualdata.com/ocx/print3.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dellog32 - C:\WINDOWS\SYSTEM32\dellog32.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe (file missing)

________________________________________________________________________________________________________________________________
and i have this new spybot, all of a sudden i get these pop ups about registry changes, 4 or 5 today, i dont know to allow or not. here is that log,

08-02-09 10:57:14 PM Allowed (based on user decision) value "SpybotSD TeaTimer" (new data: "") deleted in System Startup user entry!
08-02-09 10:57:23 PM Allowed (based on user decision) value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") deleted in Browser Helper Object!
08-02-14 02:15:17 AM Allowed (based on user decision) value "AVG7_CC" (new data: "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP") added in System Startup global entry!
08-02-14 12:21:05 PM Allowed (based on user decision) value "Adobe Photo Downloader" (new data: ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"") added in System Startup global entry!
08-02-14 12:21:24 PM Allowed (based on user decision) value "MSConfig" (new data: "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto") added in System Startup global entry!
08-02-14 07:01:25 PM Allowed (based on user decision) value "QuickTime Task" (new data: ""C:\Program Files\QuickTime\qttask.exe" -atboottime") added in System Startup global entry!
08-02-14 07:01:33 PM Allowed (based on user decision) value "MSConfig" (new data: "") deleted in System Startup global entry!
2008-02-15 02:19:41 Denied (based on user decision) value "Search Bar" (new data: "") deleted in Browser page!
2008-02-15 02:19:56 Allowed (based on user decision) value "AutoRun" (new data: "") deleted in Command processor!

**grassi** · 02-15-2008, 01:49 AM

another pop up i just recieved, getting these all of a sudden(last few days or since avg)... dunno whats going on?

08-02-15 03:50:08 AM Denied (based on user decision) value "KernelFaultCheck" (new data: "%systemroot%\system32\dumprep 0 -k") added in System Startup global entry!

**Angelfire777** · 02-15-2008, 07:18 AM

Hi grassi,

I will be stepping in for Ried since she will be out for a few days.

Please take note that you should only follow instructions that I have posted. Should you encounter any problems, post back and let me know first. It will be hard for me to keep up with the status of the machine if you will do a lot of stuff with it without letting me know.

Quote:

08-02-15 03:50:08 AM Denied (based on user decision) value "KernelFaultCheck" (new data: "%systemroot%\system32\dumprep 0 -k") added in System Startup global entry!

It's a memorydump. It's harmless. It seems that there are infections on-board..
________

You have remnants of Norton AntiVirus in your system..Please run the tool HERE to clean all the leftovers of your Norton Antivirus..
________

I would like you to scan a file for me.

Please go HERE. Copy and paste the following file path in to the box.

C:\WINDOWS\SYSTEM32\dellog32.dll

Then click submit.

Do the same for these files:

C:\WINDOWS\system32\winbios.dll
C:\WINDOWS\system32\wininet.dll

Please post the results to your next reply.

If Jotti is too busy, you can go HERE and do the same as above.
________

You're using an old version of HijackThis..

Please click Here to download HijackThis to your desktop.

Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install.

It will be installed by default here: C:\Program Files\Trend Micro\HijackThis

A shortcut to the application will also be placed on your Desktop.

The program will open automatically after installation.

You can double-click the icon that was placed on the Desktop to run subsequent HijackThis scans or you can use the icon inside the folder. The folder HijackThis is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder.

Click on "Do a system scan and save logfile" When the log pops up in Notepad, copy and paste that file back here.
_________

HJT Uninstall list

Open HijackThis > Click "Misc Tools Section"
Click "Open Uninstall Manager".
Click "Save List".
Save it to your Desktop.
Copy the contents of the file to your next reply.

On your next reply, please include a

Fresh HijackThis log.
jotti online scan results
hijackthis uninstall list

**grassi** · 02-15-2008, 07:49 AM

Hello Angelfire777, thank you for your time. Im not sure which Norton i had, its been so long...Is there a way to figure out what norton removal link to click?

C:\WINDOWS\SYSTEM32\dellog32.dll
________________________________
Service load: 0% 100%

File: dellog32.dll
Status: OK
MD5: fe1736a74b4b70a4dca9a6d0eea0b4a6
Packers detected: -
Bit9 reports: File not found

C:\WINDOWS\system32\winbios.dll
_______________________________
Service load: 0% 100%

File: winbios.dll
Status: OK
MD5: aa27ac8b89885f61fe003168e787e203
Packers detected: -
Bit9 reports: File not found

C:\WINDOWS\system32\wininet.dll
________________________________
Service load: 0% 100%

File: wininet.dll
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 806d274c9a6c3aaea5eae8e4af841e04
Packers detected: PE_PATCH
Bit9 reports: No threat detected

____________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:44:30 AM, on 08-02-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\Explorer.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CreativeMS2020] C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1128469640765
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {A2EBA59E-C601-4AE3-900B-6B61F29500BE} (ActiveFormX Control) - https://widow1.factualdata.com/ocx/print3.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify: dellog32 - C:\WINDOWS\SYSTEM32\dellog32.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe (file missing)

--
End of file - 7490 bytes

_______________________________________________________________

Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Agere Systems PCI Soft Modem
AVG 7.5
CleanUp!
Creative Fatal1ty Professional Laser Mouse
Enemy Territory v2.60b - repack by KHB Clan
Enhanced Multimedia Keyboard Solution
FaxTools
GdiplusUpgrade
Help and Support Additions
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Update
IntelliMover Data Transfer Demo
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Lexmark Skin: Helix
Lexmark X1100 Series
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
NVIDIA Drivers
PC-Doctor for Windows
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
RealPlayer
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Sandlot Games Client Services
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Sonic RecordNow!
Spybot - Search & Destroy
SpywareBlaster v3.5.1
SpywareGuard v2.2
System Requirements Lab
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Updates from HP
VIA Rhine-Family Fast-Ethernet Adapter
VIA/S3G Display Driver
VIA/S3G Display Driver
ViewSonic Monitor Drivers
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086

_____________________________________________________

okay, im not sure what version of Norton i had, so im not sure which link to click on to get rid of any leftovers? Oh do i just delete my old HJT in "c:/programs/hijack this" since the new one was installed at c:/programs/trendmicro?

**Angelfire777** · 02-15-2008, 08:02 PM

Hi,

Quote:

Is there a way to figure out what norton removal link to click?

I don't think there's a way to do that. Please try your best to remember.

Quote:

okay, im not sure what version of Norton i had, so im not sure which link to click on to get rid of any leftovers? Oh do i just delete my old HJT in "c:/programs/hijack this" since the new one was installed at c:/programs/trendmicro?

Yes.

Download Gmer

Disconnect from internet and close running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double click gmer.exe
Let the gmer.sys driver load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run scan...say Ok.
If no warning....
Click "Rootkit" tab and click "Scan"
Once done, click "Copy"
Open Notepad and hit "ctrl+v" to paste the log.
Reconnect to the internet and post the log back to this thread please.

_______

Please do an online scan with Kaspersky WebScanner

Warning: If you had kaspersky online scanner installed before 10-5-2007, please uninstall it as kaspersky released a new version. Previous version had a serious flaw which could result in a buffer overflow.

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives
  Scan Mail Bases
Click OK
Now under select a target to scan:
- Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

**grassi** · 02-15-2008, 11:12 PM

okay, i didnt use my add/remove programs for Hijack This, instead i just deleted that old folder.

As far as Norton i believe and found my old 2005 norton box, so i clicked on the Norton uninstall link for 04/05(both included). But my confusion is i updated it in 2006. So do i need to click that one too? I wonder? I have also put in Norton 360 did 1 scan and took it out, so maybe i need to do that 1 too.

Heres my 1st log with no cpu crashes..

GMER 1.0.14.14116 - http://www.gmer.net
Rootkit scan 2008-02-15 23:29:50
Windows 5.1.2600 Service Pack 2

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\VTTimer.exe[592] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100536D7 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\VTTimer.exe[592] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 1005346C C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\VTTimer.exe[592] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10053B9C C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\VTTimer.exe[592] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 100538FE C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\VTTimer.exe[592] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 10053DF6 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\VTTimer.exe[592] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 1005C86A C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\VTTimer.exe[592] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 1005CBEC C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\VTTimer.exe[592] WS2_32.dll!connect 71AB406A 5 Bytes JMP 1005C240 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\VTTimer.exe[592] WS2_32.dll!send 71AB428A 5 Bytes JMP 1005C61E C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\VTTimer.exe[592] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 1005EB9B C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\VTTimer.exe[592] WS2_32.dll!recv 71AB615A 5 Bytes JMP 1005CAEB C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\VTTimer.exe[592] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 1005C721 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\VTTimer.exe[592] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 1005CE6B C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\VTTimer.exe[592] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 1005CD04 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\VTTimer.exe[592] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 1005C984 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\VTTimer.exe[592] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 1005C33D C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\VTTimer.exe[592] WS2_32.dll!WSAAccept 71AC0DA9 5 Bytes JMP 1005C532 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\VTTimer.exe[592] WS2_32.dll!accept 71AC1028 5 Bytes JMP 1005C452 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[688] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100536D7 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[688] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 1005346C C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[688] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10053B9C C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[688] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 100538FE C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[688] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 10053DF6 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[688] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 1005C86A C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[688] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 1005CBEC C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[688] WS2_32.dll!connect 71AB406A 5 Bytes JMP 1005C240 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[688] WS2_32.dll!send 71AB428A 5 Bytes JMP 1005C61E C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[688] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 1005EB9B C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[688] WS2_32.dll!recv 71AB615A 5 Bytes JMP 1005CAEB C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[688] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 1005C721 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[688] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 1005CE6B C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[688] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 1005CD04 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[688] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 1005C984 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[688] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 1005C33D C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[688] WS2_32.dll!WSAAccept 71AC0DA9 5 Bytes JMP 1005C532 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[688] WS2_32.dll!accept 71AC1028 5 Bytes JMP 1005C452 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\winlogon.exe[820] USER32.dll!SendMessageW 7E41B8BA 5 Bytes JMP 10007865 C:\WINDOWS\system32\dellog32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[944] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00AB36D7 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[944] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00AB346C C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[944] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00AB3B9C C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[944] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00AB38FE C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[944] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00AB3DF6 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[944] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 00ABC86A C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[944] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 00ABCBEC C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[944] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00ABC240 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[944] WS2_32.dll!send 71AB428A 5 Bytes JMP 00ABC61E C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[944] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00ABEB9B C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[944] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00ABCAEB C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[944] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00ABC721 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[944] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00ABCE6B C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[944] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 00ABCD04 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[944] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 00ABC984 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[944] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 00ABC33D C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[944] WS2_32.dll!WSAAccept 71AC0DA9 5 Bytes JMP 00ABC532 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[944] WS2_32.dll!accept 71AC1028 5 Bytes JMP 00ABC452 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe[984] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 016236D7 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe[984] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0162346C C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe[984] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 01623B9C C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe[984] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 016238FE C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe[984] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 01623DF6 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe[984] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 0162C86A C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe[984] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 0162CBEC C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe[984] WS2_32.dll!connect 71AB406A 5 Bytes JMP 0162C240 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe[984] WS2_32.dll!send 71AB428A 5 Bytes JMP 0162C61E C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe[984] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0162EB9B C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe[984] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0162CAEB C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe[984] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0162C721 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe[984] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0162CE6B C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe[984] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 0162CD04 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe[984] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 0162C984 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe[984] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 0162C33D C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe[984] WS2_32.dll!WSAAccept 71AC0DA9 5 Bytes JMP 0162C532 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe[984] WS2_32.dll!accept 71AC1028 5 Bytes JMP 0162C452 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\ctfmon.exe[1132] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100536D7 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\ctfmon.exe[1132] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 1005346C C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\ctfmon.exe[1132] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10053B9C C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\ctfmon.exe[1132] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 100538FE C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\ctfmon.exe[1132] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 10053DF6 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\ctfmon.exe[1132] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 1005C86A C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\ctfmon.exe[1132] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 1005CBEC C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\ctfmon.exe[1132] WS2_32.dll!connect 71AB406A 5 Bytes JMP 1005C240 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\ctfmon.exe[1132] WS2_32.dll!send 71AB428A 5 Bytes JMP 1005C61E C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\ctfmon.exe[1132] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 1005EB9B C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\ctfmon.exe[1132] WS2_32.dll!recv 71AB615A 5 Bytes JMP 1005CAEB C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\ctfmon.exe[1132] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 1005C721 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\ctfmon.exe[1132] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 1005CE6B C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\ctfmon.exe[1132] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 1005CD04 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\ctfmon.exe[1132] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 1005C984 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\ctfmon.exe[1132] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 1005C33D C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\ctfmon.exe[1132] WS2_32.dll!WSAAccept 71AC0DA9 5 Bytes JMP 1005C532 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\ctfmon.exe[1132] WS2_32.dll!accept 71AC1028 5 Bytes JMP 1005C452 C:\WINDOWS\system32\winbios.dll
.text C:\HP\KBD\KBD.EXE[1588] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100536D7 C:\WINDOWS\system32\winbios.dll
.text C:\HP\KBD\KBD.EXE[1588] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 1005346C C:\WINDOWS\system32\winbios.dll
.text C:\HP\KBD\KBD.EXE[1588] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10053B9C C:\WINDOWS\system32\winbios.dll
.text C:\HP\KBD\KBD.EXE[1588] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 100538FE C:\WINDOWS\system32\winbios.dll
.text C:\HP\KBD\KBD.EXE[1588] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 10053DF6 C:\WINDOWS\system32\winbios.dll
.text C:\HP\KBD\KBD.EXE[1588] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 1005C86A C:\WINDOWS\system32\winbios.dll
.text C:\HP\KBD\KBD.EXE[1588] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 1005CBEC C:\WINDOWS\system32\winbios.dll
.text C:\HP\KBD\KBD.EXE[1588] WS2_32.dll!connect 71AB406A 5 Bytes JMP 1005C240 C:\WINDOWS\system32\winbios.dll
.text C:\HP\KBD\KBD.EXE[1588] WS2_32.dll!send 71AB428A 5 Bytes JMP 1005C61E C:\WINDOWS\system32\winbios.dll
.text C:\HP\KBD\KBD.EXE[1588] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 1005EB9B C:\WINDOWS\system32\winbios.dll
.text C:\HP\KBD\KBD.EXE[1588] WS2_32.dll!recv 71AB615A 5 Bytes JMP 1005CAEB C:\WINDOWS\system32\winbios.dll
.text C:\HP\KBD\KBD.EXE[1588] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 1005C721 C:\WINDOWS\system32\winbios.dll
.text C:\HP\KBD\KBD.EXE[1588] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 1005CE6B C:\WINDOWS\system32\winbios.dll
.text C:\HP\KBD\KBD.EXE[1588] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 1005CD04 C:\WINDOWS\system32\winbios.dll
.text C:\HP\KBD\KBD.EXE[1588] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 1005C984 C:\WINDOWS\system32\winbios.dll
.text C:\HP\KBD\KBD.EXE[1588] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 1005C33D C:\WINDOWS\system32\winbios.dll
.text C:\HP\KBD\KBD.EXE[1588] WS2_32.dll!WSAAccept 71AC0DA9 5 Bytes JMP 1005C532 C:\WINDOWS\system32\winbios.dll
.text C:\HP\KBD\KBD.EXE[1588] WS2_32.dll!accept 71AC1028 5 Bytes JMP 1005C452 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\AGRSMMSG.exe[1660] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100536D7 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\AGRSMMSG.exe[1660] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 1005346C C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\AGRSMMSG.exe[1660] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10053B9C C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\AGRSMMSG.exe[1660] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 100538FE C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\AGRSMMSG.exe[1660] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 10053DF6 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\AGRSMMSG.exe[1660] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 1005C86A C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\AGRSMMSG.exe[1660] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 1005CBEC C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\AGRSMMSG.exe[1660] WS2_32.dll!connect 71AB406A 5 Bytes JMP 1005C240 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\AGRSMMSG.exe[1660] WS2_32.dll!send 71AB428A 5 Bytes JMP 1005C61E C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\AGRSMMSG.exe[1660] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 1005EB9B C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\AGRSMMSG.exe[1660] WS2_32.dll!recv 71AB615A 5 Bytes JMP 1005CAEB C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\AGRSMMSG.exe[1660] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 1005C721 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\AGRSMMSG.exe[1660] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 1005CE6B C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\AGRSMMSG.exe[1660] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 1005CD04 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\AGRSMMSG.exe[1660] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 1005C984 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\AGRSMMSG.exe[1660] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 1005C33D C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\AGRSMMSG.exe[1660] WS2_32.dll!WSAAccept 71AC0DA9 5 Bytes JMP 1005C532 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\AGRSMMSG.exe[1660] WS2_32.dll!accept 71AC1028 5 Bytes JMP 1005C452 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[2004] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009636D7 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[2004] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0096346C C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[2004] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00963B9C C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[2004] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 009638FE C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[2004] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00963DF6 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[2004] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 0096C86A C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[2004] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 0096CBEC C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[2004] WS2_32.dll!connect 71AB406A 5 Bytes JMP 0096C240 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[2004] WS2_32.dll!send 71AB428A 5 Bytes JMP 0096C61E C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[2004] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0096EB9B C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[2004] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0096CAEB C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[2004] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0096C721 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[2004] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0096CE6B C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[2004] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 0096CD04 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[2004] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 0096C984 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[2004] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 0096C33D C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[2004] WS2_32.dll!WSAAccept 71AC0DA9 5 Bytes JMP 0096C532 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[2004] WS2_32.dll!accept 71AC1028 5 Bytes JMP 0096C452 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\Explorer.EXE[2220] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100536D7 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\Explorer.EXE[2220] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 1005346C C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\Explorer.EXE[2220] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10053B9C C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\Explorer.EXE[2220] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 100538FE C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\Explorer.EXE[2220] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 10053DF6 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\Explorer.EXE[2220] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 1005C86A C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\Explorer.EXE[2220] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 1005CBEC C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\Explorer.EXE[2220] WS2_32.dll!connect 71AB406A 5 Bytes JMP 1005C240 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\Explorer.EXE[2220] WS2_32.dll!send 71AB428A 5 Bytes JMP 1005C61E C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\Explorer.EXE[2220] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 1005EB9B C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\Explorer.EXE[2220] WS2_32.dll!recv 71AB615A 5 Bytes JMP 1005CAEB C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\Explorer.EXE[2220] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 1005C721 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\Explorer.EXE[2220] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 1005CE6B C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\Explorer.EXE[2220] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 1005CD04 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\Explorer.EXE[2220] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 1005C984 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\Explorer.EXE[2220] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 1005C33D C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\Explorer.EXE[2220] WS2_32.dll!WSAAccept 71AC0DA9 5 Bytes JMP 1005C532 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\Explorer.EXE[2220] WS2_32.dll!accept 71AC1028 5 Bytes JMP 1005C452 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe[2444] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100536D7 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe[2444] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 1005346C C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe[2444] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10053B9C C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe[2444] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 100538FE C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe[2444] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 10053DF6 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe[2444] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 1005C86A C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe[2444] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 1005CBEC C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe[2444] WS2_32.dll!connect 71AB406A 5 Bytes JMP 1005C240 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe[2444] WS2_32.dll!send 71AB428A 5 Bytes JMP 1005C61E C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe[2444] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 1005EB9B C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe[2444] WS2_32.dll!recv 71AB615A 5 Bytes JMP 1005CAEB C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe[2444] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 1005C721 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe[2444] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 1005CE6B C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe[2444] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 1005CD04 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe[2444] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 1005C984 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe[2444] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 1005C33D C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe[2444] WS2_32.dll!WSAAccept 71AC0DA9 5 Bytes JMP 1005C532 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe[2444] WS2_32.dll!accept 71AC1028 5 Bytes JMP 1005C452 C:\WINDOWS\system32\winbios.dll
.text C:\windows\system\hpsysdrv.exe[2560] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100536D7 C:\WINDOWS\system32\winbios.dll
.text C:\windows\system\hpsysdrv.exe[2560] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 1005346C C:\WINDOWS\system32\winbios.dll
.text C:\windows\system\hpsysdrv.exe[2560] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10053B9C C:\WINDOWS\system32\winbios.dll
.text C:\windows\system\hpsysdrv.exe[2560] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 100538FE C:\WINDOWS\system32\winbios.dll
.text C:\windows\system\hpsysdrv.exe[2560] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 10053DF6 C:\WINDOWS\system32\winbios.dll
.text C:\windows\system\hpsysdrv.exe[2560] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 1005C86A C:\WINDOWS\system32\winbios.dll
.text C:\windows\system\hpsysdrv.exe[2560] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 1005CBEC C:\WINDOWS\system32\winbios.dll
.text C:\windows\system\hpsysdrv.exe[2560] WS2_32.dll!connect 71AB406A 5 Bytes JMP 1005C240 C:\WINDOWS\system32\winbios.dll
.text C:\windows\system\hpsysdrv.exe[2560] WS2_32.dll!send 71AB428A 5 Bytes JMP 1005C61E C:\WINDOWS\system32\winbios.dll
.text C:\windows\system\hpsysdrv.exe[2560] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 1005EB9B C:\WINDOWS\system32\winbios.dll
.text C:\windows\system\hpsysdrv.exe[2560] WS2_32.dll!recv 71AB615A 5 Bytes JMP 1005CAEB C:\WINDOWS\system32\winbios.dll
.text C:\windows\system\hpsysdrv.exe[2560] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 1005C721 C:\WINDOWS\system32\winbios.dll
.text C:\windows\system\hpsysdrv.exe[2560] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 1005CE6B C:\WINDOWS\system32\winbios.dll
.text C:\windows\system\hpsysdrv.exe[2560] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 1005CD04 C:\WINDOWS\system32\winbios.dll
.text C:\windows\system\hpsysdrv.exe[2560] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 1005C984 C:\WINDOWS\system32\winbios.dll
.text C:\windows\system\hpsysdrv.exe[2560] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 1005C33D C:\WINDOWS\system32\winbios.dll
.text C:\windows\system\hpsysdrv.exe[2560] WS2_32.dll!WSAAccept 71AC0DA9 5 Bytes JMP 1005C532 C:\WINDOWS\system32\winbios.dll
.text C:\windows\system\hpsysdrv.exe[2560] WS2_32.dll!accept 71AC1028 5 Bytes JMP 1005C452 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe[2836] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A736D7 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe[2836] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A7346C C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe[2836] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00A73B9C C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe[2836] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00A738FE C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe[2836] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00A73DF6 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe[2836] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 00A7C86A C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe[2836] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 00A7CBEC C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe[2836] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00A7C240 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe[2836] WS2_32.dll!send 71AB428A 5 Bytes JMP 00A7C61E C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe[2836] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00A7EB9B C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe[2836] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00A7CAEB C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe[2836] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00A7C721 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe[2836] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00A7CE6B C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe[2836] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 00A7CD04 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe[2836] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 00A7C984 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe[2836] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 00A7C33D C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe[2836] WS2_32.dll!WSAAccept 71AC0DA9 5 Bytes JMP 00A7C532 C:\WINDOWS\system32\winbios.dll
.text C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe[2836] WS2_32.dll!accept 71AC1028 5 Bytes JMP 00A7C452 C:\WINDOWS\system32\winbios.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3732] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E136D7 C:\WINDOWS\system32\winbios.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3732] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E1346C C:\WINDOWS\system32\winbios.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3732] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00E13B9C C:\WINDOWS\system32\winbios.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3732] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00E138FE C:\WINDOWS\system32\winbios.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3732] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00E13DF6 C:\WINDOWS\system32\winbios.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3732] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 00E1C86A C:\WINDOWS\system32\winbios.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3732] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 00E1CBEC C:\WINDOWS\system32\winbios.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3732] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00E1C240 C:\WINDOWS\system32\winbios.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3732] WS2_32.dll!send 71AB428A 5 Bytes JMP 00E1C61E C:\WINDOWS\system32\winbios.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3732] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00E1EB9B C:\WINDOWS\system32\winbios.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3732] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00E1CAEB C:\WINDOWS\system32\winbios.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3732] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00E1C721 C:\WINDOWS\system32\winbios.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3732] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00E1CE6B C:\WINDOWS\system32\winbios.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3732] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 00E1CD04 C:\WINDOWS\system32\winbios.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3732] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 00E1C984 C:\WINDOWS\system32\winbios.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3732] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 00E1C33D C:\WINDOWS\system32\winbios.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3732] WS2_32.dll!WSAAccept 71AC0DA9 5 Bytes JMP 00E1C532 C:\WINDOWS\system32\winbios.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[3732] WS2_32.dll!accept 71AC1028 5 Bytes JMP 00E1C452 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\lexpps.exe[3756] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100536D7 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\lexpps.exe[3756] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 1005346C C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\lexpps.exe[3756] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10053B9C C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\lexpps.exe[3756] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 100538FE C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\lexpps.exe[3756] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 10053DF6 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\lexpps.exe[3756] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 1005C86A C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\lexpps.exe[3756] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 1005CBEC C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\lexpps.exe[3756] WS2_32.dll!connect 71AB406A 5 Bytes JMP 1005C240 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\lexpps.exe[3756] WS2_32.dll!send 71AB428A 5 Bytes JMP 1005C61E C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\lexpps.exe[3756] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 1005EB9B C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\lexpps.exe[3756] WS2_32.dll!recv 71AB615A 5 Bytes JMP 1005CAEB C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\lexpps.exe[3756] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 1005C721 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\lexpps.exe[3756] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 1005CE6B C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\lexpps.exe[3756] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 1005CD04 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\lexpps.exe[3756] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 1005C984 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\lexpps.exe[3756] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 1005C33D C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\lexpps.exe[3756] WS2_32.dll!WSAAccept 71AC0DA9 5 Bytes JMP 1005C532 C:\WINDOWS\system32\winbios.dll
.text C:\WINDOWS\system32\lexpps.exe[3756] WS2_32.dll!accept 71AC1028 5 Bytes JMP 1005C452 C:\WINDOWS\system32\winbios.dll

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)

Device \Driver\Tcpip \Device\Ip avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\Tcpip \Device\Tcp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\Tcpip \Device\Udp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\Tcpip \Device\RawIp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\Tcpip \Device\IPMULTICAST avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

AttachedDevice \FileSystem\Fastfat \Fat avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\services\MRxDAV\EncryptedDirectories@
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts@QuigleyWiggly\t(TrueType) C:\WINDOWS\Fonts\Quigleyw.ttf

---- EOF - GMER 1.0.14 ----

_______________________________________Here is my kaspersky LOG________________

KASPERSKY ONLINE SCANNER REPORT
08-02-16 01:12:40 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/02/2008
Kaspersky Anti-Virus database records: 568431

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics
Total number of scanned objects 61745
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 01:09:36

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\HP_Owner\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\chandir.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\chandir.idx Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\chn.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\chn.idx Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\D0000000.FCS Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\inuse.txt Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\L0000001.FCS Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\main.log Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs.idx Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_die.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_die.idx Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_dnd.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_dnd.idx Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_ext.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_ext.idx Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_rcv.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_rcv.idx Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\storydb.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\storydb.idx Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP279\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

02-11-2008, 10:43 AM	#1 (permalink)
grassi TSF Enthusiast Join Date: Dec 2005 Location: upstate, n.y. Posts: 935 OS: xp pro, sp3 My System	cpu slow and buggy... hello team, long time no see... My computer freezes up and is acting slow lately. Because of my gaming i got rid of any antivirus program that i tried, cuz it slowed my gaming down. However i use the new Spybot, adaware, and spyguard. I also have a built in firewall i use. However lately its been pretty slow and even when im searchin for pics, the result page(for ex. searchin for a gun pic through msn or photobucket) the results page takes for ever to show the pic, and sometimes i dont even get one, but just that white box with a red x in the corner. Ive tried Deckards scanner but it just freezes after producing a HJT log? Since ive tried numerous times to get this scanner to work, i would like to remove Deckard, and htj, and start from scratch. Not sure how to properly remove them? Thanks for your time. here is what deckard came up with, but it is now froze as we speak.. Logfile of HijackThis v1.99.1 Scan saved at 12:23:41 PM, on 08-02-11 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe (anti cheat program for my gaming C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\VTTimer.exe C:\HP\KBD\KBD.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\HP_Owner\Desktop\dss.exe C:\PROGRA~1\HIJACK~1\HP_Owner.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CreativeMS2020] C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1128469640765 O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab O16 - DPF: {A2EBA59E-C601-4AE3-900B-6B61F29500BE} (ActiveFormX Control) - https://widow1.factualdata.com/ocx/print3.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: dellog32 - C:\WINDOWS\SYSTEM32\dellog32.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing) O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe (file missing) some others besides my gaming look odd, ex. myspace url? Last edited by grassi; 02-11-2008 at 11:00 AM.

02-12-2008, 09:02 PM	#2 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 27,072 OS: WinXP and Vista	Re: cpu slow and buggy... Hello grassi, No need to get rid of dss.exe. Please run dss.exe again, but use these instructions: Click Start>Select 'Run' - then copy/paste the following text into the run box & click OK "%userprofile%\desktop\dss.exe" /config In the dialog box that appears: Under the Main Log heading-- Uncheck Temp Cleanup Click Scan! The main.txt and extra.txt will open up in Notepad. Copy/paste the contents of that report in your next reply. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

02-13-2008, 12:18 AM	#3 (permalink)
grassi TSF Enthusiast Join Date: Dec 2005 Location: upstate, n.y. Posts: 935 OS: xp pro, sp3 My System	Re: cpu slow and buggy... k, it made it further but it ends up freezin. Ive been tryin for days, maybe its my link im using. Its from a past post. I can try in the mornin, but dont think its gonna work... Thank you for your time Ried Last edited by grassi; 02-13-2008 at 12:43 AM.

02-13-2008, 05:50 AM	#4 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 27,072 OS: WinXP and Vista	Re: cpu slow and buggy... No, the link you downloaded from has nothing to do with it. Take note at what stage dss.exe is hanging at, and using the previous instructions I gave you for running dss.exe from the Run box, untick whatever section dss.exe hung at. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

02-13-2008, 08:24 AM	#5 (permalink)
grassi TSF Enthusiast Join Date: Dec 2005 Location: upstate, n.y. Posts: 935 OS: xp pro, sp3 My System	Re: cpu slow and buggy... okay well that was rough, lol. 1st i tried unchecking temp and registry, cuz it kept hangin on registry, then it hung on addremove programs, so i unchecked temp files, registry, and add remove programs. Dunno if i like the sound of that, and i hope i can still check these programs i unchecked? Anyway heres my main.txt. Deckard's System Scanner v20071014.68 Run by HP_Owner on 2008-02-13 10:21:24 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- -- Last 5 Restore Point(s) -- 89: 2008-02-13 14:15:38 UTC - RP276 - Deckard's System Scanner Restore Point 88: 2008-02-13 14:04:54 UTC - RP275 - Software Distribution Service 3.0 87: 2008-02-13 06:52:18 UTC - RP274 - Deckard's System Scanner Restore Point 86: 2008-02-12 18:14:29 UTC - RP273 - System Checkpoint 85: 2008-02-11 16:29:21 UTC - RP272 - Deckard's System Scanner Restore Point -- First Restore Point -- 1: 2007-11-16 03:38:15 UTC - RP188 - System Checkpoint -- HijackThis (run as HP_Owner.exe) -------------------------------------------- Unable to find log (file not found); running clone. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-02-13 10:22:27 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\VTTimer.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\hp\KBD\kbd.exe C:\WINDOWS\system\hpsysdrv.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\HP_Owner\Desktop\dss.exe C:\Program Files\HijackThis\HP_Owner.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CreativeMS2020] C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.nvidia.com/content/Driver...sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1128469640765 O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab O16 - DPF: {A2EBA59E-C601-4AE3-900B-6B61F29500BE} (ActiveFormX Control) - https://widow1.factualdata.com/ocx/print3.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O20 - Winlogon Notify: dellog32 - C:\WINDOWS\system32\dellog32.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe -- End of file - 6924 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) -------------------- backup-20070508-160356-148 O4 - Startup: PowerReg Scheduler.exe -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)> R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell> R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell> S3 catchme - c:\docume~1\hp_owner\locals~1\temp\catchme.sys (file missing) S3 jswmidin - c:\docume~1\hp_owner\locals~1\temp\jswmidin.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S2 szserver (STOPzilla Service) - c:\program files\common files\stopzilla!\szserver.exe (file missing) S3 Symantec Core LC - "c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" (file missing) -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Files created between 2008-01-13 and 2008-02-13 ----------------------------- 2008-01-29 21:10:39 0 d-------- C:\WINDOWS\nview 2008-01-29 19:58:04 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-01-29 19:58:04 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2008-01-28 20:20:45 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\InstallShield -- Find3M Report --------------------------------------------------------------- 2008-02-09 22:59:10 0 d-------- C:\Program Files\oldspybot 2008-01-31 20:34:20 0 d-------- C:\Program Files\Creative 2008-01-31 20:34:19 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-01-31 20:33:46 0 d-------- C:\Program Files\Common Files\InstallShield 2008-01-31 20:29:52 0 d-------- C:\Program Files\Common Files\Logitech 2008-01-31 20:22:15 0 d-------- C:\Program Files\Logitech 2008-01-31 20:22:01 0 d-------- C:\Program Files\Common Files\Logishrd 2008-01-28 18:02:01 0 d-------- C:\Program Files\SpywareBlaster 2008-01-28 14:26:23 0 d-------- C:\Program Files\SpywareGuard 2007-12-26 15:35:51 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\GSC -- Hosts ----------------------------------------------------------------------- 127.0.0.1 localhost #*Inserted By STOPzilla* 127.0.0.1 600pics.com # *Inserted By STOPzilla* 127.0.0.1 all-tgp.org # *Inserted By STOPzilla* 127.0.0.1 bailefunk.com # *Inserted By STOPzilla* 127.0.0.1 best4all.net # *Inserted By STOPzilla* 127.0.0.1 besthardcore.net # *Inserted By STOPzilla* 127.0.0.1 bundleware.com # *Inserted By STOPzilla* 127.0.0.1 dedmazai.com # *Inserted By STOPzilla* 127.0.0.1 download.abetterinternet.com # *Inserted By STOPzilla* 127.0.0.1 flavinha.com # *Inserted By STOPzilla* 7973 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-02-13 10:23:39 ------------ __________________________________________________________________________ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Athlon(tm) XP 3000+ Percentage of Memory in Use: 25% Physical Memory (total/avail): 1535.48 MiB / 1144.38 MiB Pagefile Memory (total/avail): 3388.64 MiB / 3158.64 MiB Virtual Memory (total/avail): 2047.88 MiB / 1932.04 MiB C: is Fixed (NTFS) - 68.96 GiB total, 55.86 GiB free. D: is Fixed (FAT32) - 5.58 GiB total, 0.76 GiB free. E: is CDROM (No Media) F: is Removable (No Media) G: is Removable (No Media) H: is Removable (No Media) I: is Removable (No Media) \\.\PHYSICALDRIVE0 - SAMSUNG SP0802N - 74.56 GiB - 2 partitions \PARTITION0 - Unknown - 5.59 GiB - D: \PARTITION1 (bootable) - Installable File System - 68.96 GiB - C: \\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device \\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device \\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device \\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FirstRunDisabled is set. AntiVirusDisableNotify is set. [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe::Enabled:Updates from HP" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE::Enabled:LEXPPS.EXE" "C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe::Enabled:ET" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\HP_Owner\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=YOUR-86339EB2BF ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\HP_Owner LOGONSERVER=\\YOUR-86339EB2BF NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\STOPzilla!;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0a00 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp TMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp USERDOMAIN=YOUR-86339EB2BF USERNAME=HP_Owner USERPROFILE=C:\Documents and Settings\HP_Owner windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- HP_Owner (admin)* Administrator (new local, admin) -- Application Event Log ------------------------------------------------------- Event Record #/Type23096 / Error Event Submitted/Written: 02/07/2008 00:10:03 AM Event ID/Source: 1000 / Application Error Event Description: Faulting application et.exe, version 0.0.0.0, faulting module cgame_mp_x86.dll, version 0.0.0.0, fault address 0x0001d2f1. Processing media-specific event for [et.exe!ws!] Event Record #/Type23094 / Error Event Submitted/Written: 02/06/2008 08:33:13 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application et.exe, version 0.0.0.0, faulting module cgame_mp_x86.dll, version 0.0.0.0, fault address 0x0001d2f1. Processing media-specific event for [et.exe!ws!] Event Record #/Type23092 / Error Event Submitted/Written: 02/06/2008 02:13:50 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application iexplore.exe, version 7.0.6000.16574, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type23065 / Error Event Submitted/Written: 01/29/2008 08:13:45 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application nvcplui.exe, version 1.5.30.38, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type23061 / Error Event Submitted/Written: 01/29/2008 07:53:12 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application rundll32.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type108121 / Error Event Submitted/Written: 02/13/2008 10:20:21 AM Event ID/Source: 29 / W32Time Event Description: The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Event Record #/Type108120 / Error Event Submitted/Written: 02/13/2008 10:20:21 AM Event ID/Source: 17 / W32Time Event Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'nist1.ny.glassey.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Event Record #/Type108118 / Error Event Submitted/Written: 02/13/2008 09:56:19 AM Event ID/Source: 29 / W32Time Event Description: The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 29 minutes. NtpClient has no source of accurate time. Event Record #/Type108117 / Error Event Submitted/Written: 02/13/2008 09:56:19 AM Event ID/Source: 17 / W32Time Event Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'nist1.ny.glassey.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Event Record #/Type108115 / Error Event Submitted/Written: 02/13/2008 09:41:23 AM Event ID/Source: 23 / Print Event Description: Printer Lexmark Z600 Series,0 failed to initialize because a suitable Lexmark Z600 Series driver could not be found. -- End of Deckard's System Scanner: finished at 2008-02-13 10:23:39 ------------ i do a clean up and defrag at least twice a week, and i know i said this before but, everyday i defrag i have 85% free space (yesterday)now all of a sudden i have 80(today), isnt that a dramatic change? Last edited by grassi; 02-13-2008 at 08:32 AM.

02-13-2008, 10:09 PM	#6 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 27,072 OS: WinXP and Vista	Re: cpu slow and buggy... You've unchecked one of the most critical areas I needed to see. I think perhaps you didn't wait long enough for dss.exe to scan particular areas. While this is not an 'instant' scan, it typically takes up to 10 minutes to complete. This is what I need you to do now, and in this order. Get an anti-virus on here right away. The programs you left on the system are only anti-malware programs--they are not the same as an AV. Connecting to the Internet without Anti Virus protection is a "Welcome" doormat for infections. If your subscription to Symantec has run out, here are 2 very good free Antivirus products which are available: Download Avira AntiVir PersonalEdition Classic. AVG Select one of these, or another of your choice. Download, install, update definitions, and run a full system scan. ----------------------------------------------- After you've completed the above, run dss.exe again, in the following manner: Click Start>Select 'Run' - then copy/paste the following text into the run box & click OK "%userprofile%\desktop\dss.exe" /config In the dialog box that appears: Click 'Check All' Then Uncheck only these 2: Temp Cleanup Backing Registry Hives ---------------------------------------- Please post the logs it creates. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

02-14-2008, 12:32 AM	#7 (permalink)
grassi TSF Enthusiast Join Date: Dec 2005 Location: upstate, n.y. Posts: 935 OS: xp pro, sp3 My System	Re: cpu slow and buggy... okay, i tried downloading avg, but found nothing after these last few yrs of no protection. I think im gonna end up uninstalling it, as these programs tend to slow my cpu down when im gaming. For the amount of cpu usage it takes up,conflicting with my game, and always same scan results. I got rid of Norton cuz it just didnt find anything either. This deckard scanner just doesnt work for me, ive been workin on it for days now. I let the scan go for hrs before i have to shut my pc down. It freezes on "examining registry". And sometimes others...(doesnt even show up in the task manager) Last edited by grassi; 02-14-2008 at 12:41 AM.

02-14-2008, 07:24 AM	#8 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 27,072 OS: WinXP and Vista	Re: cpu slow and buggy... Try running dss.exe in Safe Mode after running a full system scan. It would be best if you could have that for me today sometime as I will be offline for the next 4 days. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

02-14-2008, 08:13 AM	#9 (permalink)
grassi TSF Enthusiast Join Date: Dec 2005 Location: upstate, n.y. Posts: 935 OS: xp pro, sp3 My System	Re: cpu slow and buggy... okay, nothing found when scanning with avg, and thes comboscan does not work for me. I tried everything Ried... I just dont get it. Maybe its outdated? Ive tried this program over 30 times, no kiddin. Tried it in safe mode(signed on hp owner and administrator), safemode with networking, exited out of spybot and spyblaster, shut off firewall, did a scan with avg, did a clean up, a defrag, scanned with spybot, and adaware. Still hangs up on registry. seems to me somethings wrong with my registry, if its always hangin on it? Could an outdated "hjt" be a problem? Last edited by grassi; 02-14-2008 at 08:27 AM.

02-14-2008, 12:44 PM	#10 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 27,072 OS: WinXP and Vista	Re: cpu slow and buggy... grassi, are you actually using ComboScan and not Deckard's System Scanner? If so, then yes--delete that as it is terribly outdated. As noted in the final step (Step 5) of our sticky topic (Updated!) IMPORTANT - Read This Before Posting A Log, download Deckard's System Scanner (DSS) to your Desktop. What DSS will do: create a new System Restore point in Windows XP and Vista. clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives. check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed. Note: You must be logged onto an account with administrator privileges. Close all applications and windows. Double-click on dss.exe to run it, and follow the prompts. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply. Please attach extra.txt to your post. To attach a file to a new post, simply Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and copy and paste the following into the "Upload File from your Computer" box: C:\Deckard\System Scanner\extra.txt Click Upload. Please include the following in your next reply: main.txt an attached extra.txt __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

02-14-2008, 04:52 PM	#11 (permalink)
grassi TSF Enthusiast Join Date: Dec 2005 Location: upstate, n.y. Posts: 935 OS: xp pro, sp3 My System	Re: cpu slow and buggy... i meant to say deckard ried, sorry...im just going crazy over here cuz im tryin to read up on registry fix programs so we can get this resolved before your leave, and didnt mean to say combofix. I have just spent my only few days off, trying to get DSS to work...My cpu is really slow now, much worse, since i downloaded avg, and since it doesnt and probably never will find anything, im gonna go ahead and get rid of it. I noticed another post here but they got no answer, same problem, hangs up on registry...

02-14-2008, 09:29 PM	#12 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 27,072 OS: WinXP and Vista	Re: cpu slow and buggy... How long are you waiting? Please try running it from safe mode. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

02-14-2008, 10:30 PM	#13 (permalink)
grassi TSF Enthusiast Join Date: Dec 2005 Location: upstate, n.y. Posts: 935 OS: xp pro, sp3 My System	Re: cpu slow and buggy... Im still searchin around for this same problem, and am trying new scanning programs to try and get this to work for you. Im still trying but like i said its not working. Obviously there is something wrong here. Im following your directions but when DSS gets to examining registry it just sits on it. Since i know nothing about it i sit around for ever, before i check it, and next thing i know it says not responding. In safe mode it freezes also after many tries. I did notice im signed on as hp owner, does that matter? I tried signing on to administative through safe mode but desktop options were not there, except internet explorer, and recycling bin. Then i tried Hp owner in safe mode i had all desktop options but it froze at examining registry, went right through hjt and didnt produce logs, any of the times. gonna go through my past post, as this may have happend to me, before.

02-14-2008, 11:00 PM	#14 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 27,072 OS: WinXP and Vista	Re: cpu slow and buggy... grassi, let's just keep moving as I'll be leaving tomorrow. You have to leave an AV on this system. If you feel you must remove a program, then uninstall one of your anti-malware programs. Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix Link 1 Link 2 Link 3 Note: It is important that it is saved directly to your desktop -------------------------------------------------------------------- 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. -------------------------------------------------------------------- Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt along with a new HijackThis log for further review. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

02-15-2008, 12:30 AM	#15 (permalink)
grassi TSF Enthusiast Join Date: Dec 2005 Location: upstate, n.y. Posts: 935 OS: xp pro, sp3 My System	Re: cpu slow and buggy... ComboFix 08-02-15.2 - HP_Owner 2008-02-15 2:15:35.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1110 [GMT -5:00] Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 ))))))))))))))))))))))))))))))) . 2008-02-14 23:59 . 2008-02-14 23:59 <DIR> d-------- C:\Deckard 2008-02-14 01:05 . 2008-02-14 01:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-02-14 01:05 . 2008-02-14 14:02 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\AVG7 2008-02-14 01:05 . 2008-02-14 01:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-14 01:05 . 2008-02-14 01:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-02-09 23:07 . 2008-02-09 23:07 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-01-29 21:10 . 2008-01-29 21:10 <DIR> d-------- C:\WINDOWS\nview 2008-01-29 21:10 . 2007-10-04 17:14 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2008-01-29 21:10 . 2008-01-29 21:16 140,158 --a------ C:\WINDOWS\system32\nvapps.xml 2008-01-29 20:37 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-01-29 20:37 . 2007-10-04 17:14 17,525 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-01-29 19:58 . 2008-01-29 19:58 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-01-29 19:58 . 2008-01-29 19:58 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2008-01-28 20:20 . 2008-01-28 20:20 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\InstallShield . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-15 05:38 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-02-15 05:38 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-02-10 04:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-10 03:59 --------- d-----w C:\Program Files\oldspybot 2008-02-01 01:34 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-01 01:34 --------- d-----w C:\Program Files\Creative 2008-02-01 01:33 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-01 01:29 --------- d-----w C:\Program Files\Common Files\Logitech 2008-02-01 01:22 --------- d-----w C:\Program Files\Logitech 2008-02-01 01:22 --------- d-----w C:\Program Files\Common Files\Logishrd 2008-02-01 01:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech 2008-01-28 23:02 --------- d-----w C:\Program Files\SpywareBlaster 2008-01-28 19:26 --------- d-----w C:\Program Files\SpywareGuard 2007-12-26 20:35 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\GSC 2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys 2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-05 06:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll 2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-11-29 07:17 55,824 ----a-w C:\WINDOWS\KHALMNPR.Exe 2005-12-21 03:49 774,144 ----a-w C:\Program Files\RngInterstitial.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Mscomp] @={89BDD0AB-5A19-4853-A47E-0EC759700527} [HKEY_CLASSES_ROOT\CLSID\{89BDD0AB-5A19-4853-A47E-0EC759700527}] 2007-04-16 10:52 1365193 --a------ C:\WINDOWS\system32\winbios.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [2005-03-08 04:33 53248 C:\WINDOWS\system32\VTTimer.exe] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472] "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 05:43 57344] "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44 61440] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 19:06 88363 C:\WINDOWS\AGRSMMSG.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-11 22:52 180269] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24 54840] "AutoTBar"="c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE" [ ] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008] "nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920] "CreativeMS2020"="C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe" [2006-05-09 13:58 143360] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-14 01:07 579072] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-14 01:05 219136] C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\ SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dellog32] dellog32.dll 2007-04-16 10:52 581265 C:\WINDOWS\system32\dellog32.dll R3 ctms2020;Creative HID USB Filter Driver1;C:\WINDOWS\system32\DRIVERS\ctms2020.Sys [2006-05-09 14:12] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 07:00] S3 jswmidin;jswmidin;C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jswmidin.sys [] Newly Created Service - PNKBSTRB Newly Created Service - PNKBSTRK . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-15 02:16:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\dellog32.dll PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> C:\WINDOWS\system32\winbios.dll . Completion time: 2008-02-15 2:17:25 . 2008-02-13 1434 --- E O F --- ________________________________________________________________________________________________________________________________ Logfile of HijackThis v1.99.1 Scan saved at 02:24:39 AM, on 08-02-15 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\VTTimer.exe C:\HP\KBD\KBD.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\WINDOWS\explorer.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\explorer.exe C:\Program Files\HijackThis\HP_Owner.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CreativeMS2020] C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1128469640765 O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab O16 - DPF: {A2EBA59E-C601-4AE3-900B-6B61F29500BE} (ActiveFormX Control) - https://widow1.factualdata.com/ocx/print3.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: dellog32 - C:\WINDOWS\SYSTEM32\dellog32.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing) O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe (file missing) ________________________________________________________________________________________________________________________________ and i have this new spybot, all of a sudden i get these pop ups about registry changes, 4 or 5 today, i dont know to allow or not. here is that log, 08-02-09 10:57:14 PM Allowed (based on user decision) value "SpybotSD TeaTimer" (new data: "") deleted in System Startup user entry! 08-02-09 10:57:23 PM Allowed (based on user decision) value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") deleted in Browser Helper Object! 08-02-14 02:15:17 AM Allowed (based on user decision) value "AVG7_CC" (new data: "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP") added in System Startup global entry! 08-02-14 12:21:05 PM Allowed (based on user decision) value "Adobe Photo Downloader" (new data: ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"") added in System Startup global entry! 08-02-14 12:21:24 PM Allowed (based on user decision) value "MSConfig" (new data: "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto") added in System Startup global entry! 08-02-14 07:01:25 PM Allowed (based on user decision) value "QuickTime Task" (new data: ""C:\Program Files\QuickTime\qttask.exe" -atboottime") added in System Startup global entry! 08-02-14 07:01:33 PM Allowed (based on user decision) value "MSConfig" (new data: "") deleted in System Startup global entry! 2008-02-15 02:19:41 Denied (based on user decision) value "Search Bar" (new data: "") deleted in Browser page! 2008-02-15 02:19:56 Allowed (based on user decision) value "AutoRun" (new data: "") deleted in Command processor!

02-15-2008, 01:49 AM	#16 (permalink)
grassi TSF Enthusiast Join Date: Dec 2005 Location: upstate, n.y. Posts: 935 OS: xp pro, sp3 My System	Re: cpu slow and buggy... another pop up i just recieved, getting these all of a sudden(last few days or since avg)... dunno whats going on? 08-02-15 03:50:08 AM Denied (based on user decision) value "KernelFaultCheck" (new data: "%systemroot%\system32\dumprep 0 -k") added in System Startup global entry! Last edited by grassi; 02-15-2008 at 01:51 AM.

02-15-2008, 07:49 AM	#18 (permalink)
grassi TSF Enthusiast Join Date: Dec 2005 Location: upstate, n.y. Posts: 935 OS: xp pro, sp3 My System	Re: cpu slow and buggy... Hello Angelfire777, thank you for your time. Im not sure which Norton i had, its been so long...Is there a way to figure out what norton removal link to click? C:\WINDOWS\SYSTEM32\dellog32.dll ________________________________ Service load: 0% 100% File: dellog32.dll Status: OK MD5: fe1736a74b4b70a4dca9a6d0eea0b4a6 Packers detected: - Bit9 reports: File not found C:\WINDOWS\system32\winbios.dll _______________________________ Service load: 0% 100% File: winbios.dll Status: OK MD5: aa27ac8b89885f61fe003168e787e203 Packers detected: - Bit9 reports: File not found C:\WINDOWS\system32\wininet.dll ________________________________ Service load: 0% 100% File: wininet.dll Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5: 806d274c9a6c3aaea5eae8e4af841e04 Packers detected: PE_PATCH Bit9 reports: No threat detected ____________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:44:30 AM, on 08-02-15 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\VTTimer.exe C:\HP\KBD\KBD.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\Grisoft\AVG7\avgw.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\Explorer.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CreativeMS2020] C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1128469640765 O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab O16 - DPF: {A2EBA59E-C601-4AE3-900B-6B61F29500BE} (ActiveFormX Control) - https://widow1.factualdata.com/ocx/print3.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O20 - Winlogon Notify: dellog32 - C:\WINDOWS\SYSTEM32\dellog32.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing) O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe (file missing) -- End of file - 7490 bytes _______________________________________________________________ Ad-Aware SE Personal Adobe Flash Player 9 ActiveX Agere Systems PCI Soft Modem AVG 7.5 CleanUp! Creative Fatal1ty Professional Laser Mouse Enemy Territory v2.60b - repack by KHB Clan Enhanced Multimedia Keyboard Solution FaxTools GdiplusUpgrade Help and Support Additions High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) HP Update IntelliMover Data Transfer Demo InterVideo WinDVD Creator 2 InterVideo WinDVD Player J2SE Runtime Environment 5.0 Update 11 Java(TM) 6 Update 2 Java(TM) 6 Update 3 Java(TM) SE Runtime Environment 6 Update 1 Lexmark Skin: Helix Lexmark X1100 Series Macromedia Shockwave Player Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Plus! Digital Media Edition Installer Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable MSN MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) NVIDIA Drivers PC-Doctor for Windows PS2 Python 2.2 combined Win32 extensions Python 2.2.1 RealPlayer S3 S3Display S3 S3Gamma2 S3 S3Info2 S3 S3Overlay Sandlot Games Client Services Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893066) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB946026) Sonic RecordNow! Spybot - Search & Destroy SpywareBlaster v3.5.1 SpywareGuard v2.2 System Requirements Lab Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB910437) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB933360) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Updates from HP VIA Rhine-Family Fast-Ethernet Adapter VIA/S3G Display Driver VIA/S3G Display Driver ViewSonic Monitor Drivers Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Messenger Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB883667 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893086 _____________________________________________________ okay, im not sure what version of Norton i had, so im not sure which link to click on to get rid of any leftovers? Oh do i just delete my old HJT in "c:/programs/hijack this" since the new one was installed at c:/programs/trendmicro? Last edited by grassi; 02-15-2008 at 07:52 AM.