Very Slow Computer

[metal66]

Hello.for the last week my computer is getting slower and slower, and even freezes up on me,in which sometimes i have to reboot to come out of it.I currently have AVG free 8.0 as my anti virus and i did a scan on that and found nothing. I also have spybot and did a scan and found only a few tracking cookies.I also did a registry fix with reg suprem pro.. None of this helped.
I have followed and completed the 5 steps here and im ready for any help i can get as this is about to get me.
My operating system is windows xp with sp3.My computer is an hp pavilion 763n 2.53 ghz pentium 4.512 DDR SDRAM memory,80 GB hard drive.My computer runs slow online and off.here is my log files from active scan and HiJackThis..Thanks in Advance!!

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-09-30 23:15:19
PROTECTIONS: 1
MALWARE: 15
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free 8.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00039204 adware/cws Adware No 0 Yes No hkey_classes_root\iehlprobj.iehlprobj.1
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@com[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[2].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@stat.onestat[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@go[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
01048936 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location )
;===================================================================================================================================================================================
No C:\hp\bin\KillIt.exe )
No C:\hp\bin\ProcessLogger.exe )
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description )
;===================================================================================================================================================================================
;===================================================================================================================================================================================



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:41:14 AM, on 10/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PC Pitstop Optimize Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1221518303078
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/downlo...BundleId=23100
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6725 bytes

[Billy O'Neal]

Hello, metal66
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:

• In the meantime, please refrain from making any changes to your computer.
• Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
• If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
• Finally, please reply using the button in the lower left hand corner of your screen.
• Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .

We need to run a Scan with DDS

1. Please download DDS, and save it to your desktop, from one of the following mirrors:
   • This is a mirror
   • This is another mirror
2. Disable any type of "Script Blockers" or "Script Protection" installed on your system.
3. Double click on your desktop.
4. If prompted by any script blocking tools, please allow any actions taken by DDS.
5. When prompted to preform an Optional Scan, please select
6. Two reports will open. Please reply with the generated reports:
   • DDS.txt <-- Copy and paste into your next post
   • Attach.txt <-- Attach to your next post

We need to scan for rootkits with GMER

1. Please download gmer.zip and save to your desktop.
   • alternate download site 1
   • alternate download site 2
2. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.)
3. When you have done this, disconnect from the Internet and close all running programs.
   Note: There is a small chance this application may crash your computer so save any work you have open.
4. Double-click on Gmer.exe to start the program.
5. Allow the gmer.sys driver to load if asked.
6. If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
7. Click on "Settings", then check the first five settings:
   • System Protection and Tracing
   • Processes
   • Save created processes to the log
   • Drivers
   • Save loaded drivers to the log
8. You will be prompted to restart your computer. Please do so.
9. Run Gmer again and click on the Rootkit tab.
10. Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
11. Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
    Important! Please do not select the "Show all" checkbox during the scan.
12. Click on the "Scan" and wait for the scan to finish.
    • Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
13. When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
14. Note: If you have any problems, try running GMER in Safe Mode

In your next reply, please include the following:

• DDS.txt
• Attach.txt
• GMER's Log

Billy3

[Billy O'Neal]

Hello, metal66
Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

http://www.techsupportforum.com/secu...oval-help.html

Billy3

[Billy O'Neal]

User returned; topic reopened. Please post your log(s) below:

Billy3

[metal66]

DDS (Version 1.0) - NTFSx86
Run by Owner at 6:34:16.17 on Fri 11/28/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1109 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Psuedo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://srch-us6.hpwis.com/
uDefault_Page_URL = hxxp://us6.hpwis.com/
uDefault_Search_URL = hxxp://srch-us6.hpwis.com/
uSearch Bar = hxxp://srch-us6.hpwis.com/
mSearch Bar = hxxp://srch-us6.hpwis.com/
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\hp\explorebar\HPTOOLKT.DLL
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [StorageGuard] "c:\program files\veritas software\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [LTMSG] LTMSG.exe 7
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CamMonitor] c:\program files\hewlett-packard\digital imaging\unload\hpqcmon.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: www.cinergyregulatedbiz.com
Trusted Zone: www2.duke-energy.com
Trusted Zone: www.dukepower.com
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = :\WINDOW

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-18 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-18 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-18 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-18 76040]
R2 IJPLMSVC;PIXMA Extended Survey Program;c:\program files\canon\ijplm\IJPLMSVC.EXE [2008-10-26 101528]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [2008-8-10 29696]
S4 hpt3xx;hpt3xx; []

=============== Created Last 30 ================

2008-11-06 16:08 921,618 a------- C:\snap10.tga
2008-11-06 16:08 921,618 a------- C:\snap9.tga
2008-11-06 16:07 921,618 a------- C:\snap8.tga
2008-11-06 16:07 921,618 a------- C:\snap7.tga
2008-11-06 16:07 921,618 a------- C:\snap6.tga
2008-11-06 16:07 921,618 a------- C:\snap5.tga
2008-11-06 16:07 921,618 a------- C:\snap4.tga
2008-11-06 16:06 921,618 a------- C:\snap3.tga
2008-11-01 07:43 <DIR> --d----- c:\program files\PCPitstop

==================== Find3M ====================

2008-11-01 07:26 <DIR> --d----- c:\program files\iConcepts Music Express
2008-11-01 07:25 <DIR> --d----- c:\program files\Snap 'n Share
2008-11-01 07:16 <DIR> --d----- c:\program files\Canon
2008-10-31 05:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCPitstop
2008-10-26 17:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CanonIJPLM
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-08 14:22 <DIR> --d----- c:\program files\BFG
2008-10-08 14:22 <DIR> --d----- c:\program files\Windows Media Connect 2
2008-10-03 12:38 <DIR> --d----- c:\program files\Ascentive
2008-10-03 05:37 <DIR> --d----- c:\program files\WildTangent
2008-10-01 16:28 <DIR> --d----- c:\program files\Digeus
2008-10-01 05:38 <DIR> --d----- c:\program files\Trend Micro
2008-09-30 16:47 <DIR> --d----- c:\docume~1\owner\applic~1\MSN6
2008-09-30 16:44 <DIR> --d----- c:\program files\913D Camera
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-30 05:27 <DIR> --d----- c:\program files\Yahoo!
2008-09-17 13:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-09-15 16:30 <DIR> --d----- c:\docume~1\owner\applic~1\Business Logic
2008-09-15 06:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-09 19:14 1,307,648 -------- c:\windows\system32\msxml6.dll
2008-09-06 13:14 <DIR> --d----- c:\docume~1\owner\applic~1\VERITAS
2008-09-04 11:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-08-30 20:09 <DIR> --d----- c:\docume~1\owner\applic~1\iWinArcade
2008-08-30 20:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\iWin Games
2008-07-25 06:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MSN6
2008-07-19 09:18 <DIR> --d----- c:\docume~1\owner\applic~1\AVGTOOLBAR
2008-07-18 14:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-07-18 12:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2002-07-26 22:23 <DIR> --d----- c:\docume~1\owner\applic~1\Symantec
2002-07-26 22:23 <DIR> --d----- c:\docume~1\owner\applic~1\InterTrust
2002-07-26 22:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sbsi

============= FINISH: 6:34:35.81 ===============

[metal66]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/18/2008 1:51:18 PM
System Uptime: 11/28/2008 5:46:51 AM (1 hours ago)

Motherboard: Hewlett-Packard | | HP System Board
Processor: Intel(R) Pentium(R) 4 CPU 2.53GHz | Socket 478 | 2524/133mhz
BIOS: Phoenix - AwardBIOS v6.00PG | IntelR - 42302e31 | VG31313 | 9/10/2002 7:00:00 PM

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 70 GiB total, 57.892 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 0.233 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (FAT32) - 149 GiB total, 136.806 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP121: 11/1/2008 8:29:14 AM - Removed HP Photo and Imaging 1.1 - Photosmart Cameras
RP122: 11/2/2008 10:26:25 AM - System Checkpoint
RP123: 11/6/2008 3:11:39 PM - System Checkpoint
RP124: 11/8/2008 11:10:13 AM - System Checkpoint
RP125: 11/9/2008 9:09:31 PM - System Checkpoint
RP126: 11/10/2008 9:44:50 PM - System Checkpoint
RP127: 11/10/2008 11:04:43 PM - Avg8 Update
RP128: 11/13/2008 4:31:51 PM - System Checkpoint
RP129: 11/14/2008 10:16:47 PM - System Checkpoint
RP130: 11/16/2008 10:24:43 AM - Software Distribution Service 3.0
RP131: 11/20/2008 8:10:50 AM - System Checkpoint
RP132: 11/21/2008 3:38:21 PM - System Checkpoint
RP133: 11/22/2008 7:51:22 PM - System Checkpoint
RP134: 11/26/2008 6:27:45 PM - System Checkpoint
RP135: 11/28/2008 5:50:25 AM - Avg8 Update

==== Installed Programs ======================


913D Camera
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Shockwave Player
ArcSoft ShowBiz
ArcSoft Software Suite
AVG Free 8.0
Canon iP2600 series
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
DLA
DTR2 Toolkit
GameSpy Arcade
Hitman 2 Silent Assassin
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
hp center
HP Instant Support
HP Memories Disc
HP Photo and Imaging 1.1 - Photosmart Cameras
hp toolkit
Inactive HP Printer Drivers (Remove only)
Intel(R) 845G Chipset Graphics Driver Software
InterVideo WinDVD
iWin Games (remove only)
Java(TM) 6 Update 7
KBD
Kublox
Lernout & Hauspie TruVoice American English TTS Engine
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MUSICMATCH Jukebox
MyDVD
Mystery Case Files - Huntsville (remove only)
Mysteryville (remove only)
NVIDIA Windows 2000/XP Display Drivers
PC Pitstop Driver Alert 1.0.0.13
PigPen
PIXMA Extended Survey Program
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
RecordNow
RecordNow Update Manager
Registry Cleaner 4.7
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Spybot - Search & Destroy
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
WebFldrs XP
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WordPerfect Productivity Pack
Yahoo! Internet Mail
Yahoo! Messenger

==== Event Viewer Messages ===================

11/21/2008 12:43:17 PM, error: Dhcp [1002] - The IP address lease 74.137.216.21 for the Network Card with network address 0040CA341522 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

[metal66]

For some reason, it wont let me post the gmer log

[Billy O'Neal]

Hello, metal66
If the GMER log is too long, you can upload it here:
http://bleepingcomputer.com/submit-m...php?channel=54

We need to uninstall one or more programs
Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):
iWin Games (remove only)

We need to execute an OTMoveIt3 script

1. Please download OTMoveIt3 by OldTimer and save it to your desktop.
2. Double click the icon on your desktop.
3. Paste the following code under the area. Do not include the word "Code".
   
   Code:

   :services
   hpt3xx
   :reg
   [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
   "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
   :commands
   [EmptyTemp]

4. Push the large button.
5. OTMI3 may ask to reboot the machine. Please do so if asked.
6. Copy/Paste the contents under the line here in your next reply.
7. If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

In your next reply, please include the following:

• OTMoveIt3's Log
• A new DDS.txt

Billy3

[metal66]

Ok i uploaded the gmer.txt file to that site you wanted.

This is what it said in the results of the OTMovit 3 results
=====SERVICES/DRIVERS========
unable to stop service hpt 3xx.
======Registry==========

I wrote it down cause it when i tried to copy it ,the program quit responding everytime.


DDS (Version 1.0) - NTFSx86
Run by Owner at 18:50:18.43 on Mon 12/01/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1106 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://srch-us6.hpwis.com/
uDefault_Page_URL = hxxp://us6.hpwis.com/
uDefault_Search_URL = hxxp://srch-us6.hpwis.com/
uSearch Bar = hxxp://srch-us6.hpwis.com/
mSearch Bar = hxxp://srch-us6.hpwis.com/
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\hp\explorebar\HPTOOLKT.DLL
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam] "h:\counter strike\Steam.exe" -silent
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [StorageGuard] "c:\program files\veritas software\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [LTMSG] LTMSG.exe 7
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CamMonitor] c:\program files\hewlett-packard\digital imaging\unload\hpqcmon.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: www.cinergyregulatedbiz.com
Trusted Zone: www2.duke-energy.com
Trusted Zone: www.dukepower.com
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = :\WINDOW

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-18 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-18 26824]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-18 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-18 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-18 76040]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [2008-8-10 29696]

=============== Created Last 30 ================

2008-12-01 18:43 <DIR> --d----- C:\_OTMoveIt
2008-11-28 06:39 345 a------- c:\windows\gmer.ini

==================== Find3M ====================

2008-11-30 08:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-11-01 07:43 <DIR> --d----- c:\program files\PCPitstop
2008-11-01 07:26 <DIR> --d----- c:\program files\iConcepts Music Express
2008-11-01 07:25 <DIR> --d----- c:\program files\Snap 'n Share
2008-11-01 07:16 <DIR> --d----- c:\program files\Canon
2008-10-31 05:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCPitstop
2008-10-26 17:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CanonIJPLM
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-08 14:22 <DIR> --d----- c:\program files\BFG
2008-10-08 14:22 <DIR> --d----- c:\program files\Windows Media Connect 2
2008-10-03 12:38 <DIR> --d----- c:\program files\Ascentive
2008-10-03 05:37 <DIR> --d----- c:\program files\WildTangent
2008-09-30 16:47 <DIR> --d----- c:\docume~1\owner\applic~1\MSN6
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 16:30 <DIR> --d----- c:\docume~1\owner\applic~1\Business Logic
2008-09-15 06:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-09 19:14 1,307,648 -------- c:\windows\system32\msxml6.dll
2008-09-06 13:14 <DIR> --d----- c:\docume~1\owner\applic~1\VERITAS
2008-09-04 11:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-08-30 20:09 <DIR> --d----- c:\docume~1\owner\applic~1\iWinArcade
2008-08-30 20:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\iWin Games
2008-07-25 06:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MSN6
2008-07-19 09:18 <DIR> --d----- c:\docume~1\owner\applic~1\AVGTOOLBAR
2008-07-18 14:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-07-18 12:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2002-07-26 22:23 <DIR> --d----- c:\docume~1\owner\applic~1\Symantec
2002-07-26 22:23 <DIR> --d----- c:\docume~1\owner\applic~1\InterTrust
2002-07-26 22:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sbsi

============= FINISH: 18:50:55.10 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/18/2008 1:51:18 PM
System Uptime: 12/1/2008 4:42:01 PM (2 hours ago)

Motherboard: Hewlett-Packard | | HP System Board
Processor: Intel(R) Pentium(R) 4 CPU 2.53GHz | Socket 478 | 2523/133mhz
BIOS: Phoenix - AwardBIOS v6.00PG | IntelR - 42302e31 | VG31313 | 9/10/2002 7:00:00 PM

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 70 GiB total, 57.815 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 0.233 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP125: 11/9/2008 9:09:31 PM - System Checkpoint
RP126: 11/10/2008 9:44:50 PM - System Checkpoint
RP127: 11/10/2008 11:04:43 PM - Avg8 Update
RP128: 11/13/2008 4:31:51 PM - System Checkpoint
RP129: 11/14/2008 10:16:47 PM - System Checkpoint
RP130: 11/16/2008 10:24:43 AM - Software Distribution Service 3.0
RP131: 11/20/2008 8:10:50 AM - System Checkpoint
RP132: 11/21/2008 3:38:21 PM - System Checkpoint
RP133: 11/22/2008 7:51:22 PM - System Checkpoint
RP134: 11/26/2008 6:27:45 PM - System Checkpoint
RP135: 11/28/2008 5:50:25 AM - Avg8 Update
RP136: 11/28/2008 2:08:28 PM - Installed Steam(TM)
RP137: 11/28/2008 2:11:30 PM - Installed Counter-Strike(TM)
RP138: 11/29/2008 4:27:12 PM - System Checkpoint
RP139: 11/30/2008 4:32:21 PM - System Checkpoint
RP140: 12/1/2008 5:53:51 PM - System Checkpoint

==== Installed Programs ======================


913D Camera
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Shockwave Player
ArcSoft ShowBiz
ArcSoft Software Suite
AVG Free 8.0
Canon iP2600 series
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Counter-Strike(TM)
DLA
DTR2 Toolkit
GameSpy Arcade
Hitman 2 Silent Assassin
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
hp center
HP Instant Support
HP Memories Disc
HP Photo and Imaging 1.1 - Photosmart Cameras
hp toolkit
Inactive HP Printer Drivers (Remove only)
Intel(R) 845G Chipset Graphics Driver Software
InterVideo WinDVD
iWin Games (remove only)
Java(TM) 6 Update 7
KBD
Kublox
Lernout & Hauspie TruVoice American English TTS Engine
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MUSICMATCH Jukebox
MyDVD
Mystery Case Files - Huntsville (remove only)
Mysteryville (remove only)
NVIDIA Windows 2000/XP Display Drivers
PC Pitstop Driver Alert 1.0.0.13
PigPen
PIXMA Extended Survey Program
Python 2.2 combined Win32 extensions
Python 2.2.1
RecordNow
RecordNow Update Manager
Registry Cleaner 4.7
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Steam(TM)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
WebFldrs XP
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WordPerfect Productivity Pack
Yahoo! Internet Mail
Yahoo! Messenger

==== Event Viewer Messages ===================

11/24/2008 6:32:15 AM, error: Dhcp [1002] - The IP address lease 74.137.216.21 for the Network Card with network address 0040CA341522 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

[metal66]

Oh also i did not find iwin games in add/remove program.

[Billy O'Neal]

Hello, metal66
We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

How to run ComboFix:

1. Please download ComboFix from one of the following mirrors, and save it to your desktop.
   • This is a mirror.
   • This is another mirror.
   • This is yet another mirror.
2. Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.
3. Double click on your desktop.
4. Read and accept (Press Yes) to the disclaimer.
5. For Windows XP Systems: Install the Recovery Console:
   • If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible), and press Yes. If for some reason your internet is not working, please press No. If you are not using Windows XP, you will not be prompted.
   • When prompted to accept the EULA, press OK.
   • Accept Microsoft's EULA (Press Yes).
   • When you are told that the RC is installed correctly, please press YES to continue scanning for malware.
6. ComboFix will run. Simply wait for it to finish.
7. When it finishes, ComboFix will produce a log. Please post that log in your next reply here :)

In your next reply, please include the following:

• ComboFix.txt

Billy3

[metal66]

That iwin games was from a game i installed on the computer called mysteryville.It is one of those i spy games.I ran combofix and here is the log....

ComboFix 08-12-01.01 - Owner 2008-12-02 6:37:16.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1077 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-11-02 to 2008-12-02 )))))))))))))))))))))))))))))))
.

2008-12-01 18:43 . 2008-12-01 18:43 <DIR> d-------- C:\_OTMoveIt
2008-11-28 06:39 . 2008-11-28 06:47 345 --a------ c:\windows\gmer.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 14:38 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-09 12:22 --------- d-----w c:\documents and settings\Owner\Application Data\Corel
2008-11-01 13:43 --------- d-----w c:\program files\PCPitstop
2008-11-01 13:26 --------- d-----w c:\program files\iConcepts Music Express
2008-11-01 13:26 --------- d-----w c:\documents and settings\Owner\Application Data\Yahoo!
2008-11-01 13:26 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-01 13:25 --------- d-----w c:\program files\Snap 'n Share
2008-11-01 13:16 --------- d-----w c:\program files\Canon
2008-10-31 11:29 --------- d-----w c:\documents and settings\All Users\Application Data\PCPitstop
2008-10-26 23:58 --------- d-----w c:\documents and settings\All Users\Application Data\CanonIJPLM
2008-10-26 23:50 --------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ
2008-10-26 23:49 --------- d--h--w c:\program files\CanonBJ
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-08 20:22 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-08 20:22 --------- d-----w c:\program files\BFG
2008-10-03 18:38 --------- d-----w c:\program files\Ascentive
2008-10-03 11:39 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-03 11:37 --------- d-----w c:\program files\WildTangent
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Steam"="h:\counter strike\Steam.exe" [2008-11-28 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"KBD"="c:\hp\KBD\KBD.EXE" [2001-07-06 61440]
"StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-05-09 155648]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2002-07-16 106549]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2001-12-19 212992]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2002-05-15 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-05-15 114688]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-28 1261336]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-18 69632]
"nwiz"="nwiz.exe" [2003-07-28 c:\windows\system32\nwiz.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]
"LTMSG"="LTMSG.exe" [2003-07-14 c:\windows\ltmsg.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Games\\Infogrames\\Dirt Track Racing 2\\DTR2.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Games\\Infogrames\\Dirt Track Racing 2\\Server.exe"=
"h:\\counter strike\\SteamApps\\metal39\\condition zero\\hl.exe"=
"h:\\counter strike\\SteamApps\\metal39\\condition zero deleted scenes\\hl.exe"=
"h:\\counter strike\\SteamApps\\metal39\\counter-strike\\hl.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-07-18 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-18 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-18 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-07-18 76040]
S3 SQTECH913D;913D Camera;c:\windows\system32\Drivers\Capt913D.sys [2008-08-10 29696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c7e73ad-bd4b-11dd-9fe7-0040ca341522}]
\Shell\AutoRun\command - G:\DPFMate.exe
.
Contents of the 'Scheduled Tasks' folder

2008-10-01 c:\windows\Tasks\jusched.job
- c:\program files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 03:27]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PS2 - c:\windows\system32\ps2.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://srch-us6.hpwis.com/
mSearch Bar = hxxp://srch-us6.hpwis.com/
Trusted Zone: www.cinergyregulatedbiz.com
Trusted Zone: www2.duke-energy.com
Trusted Zone: www.dukepower.com

O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 06:40:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-02 6:45:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-02 12:45:47

Pre-Run: 62,073,212,928 bytes free
Post-Run: 62,186,381,312 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

141 --- E O F --- 2008-11-16 16:26:53

[Billy O'Neal]

Quote:

That iwin games was from a game i installed on the computer called mysteryville.It is one of those i spy games.

That is likely what infected this machine in the first place. Read here:
http://www.systemlookup.com/Startup/...lerts_exe.html
http://www.systemlookup.com/O23/1405-iwinapp_exe.html
http://www.threatexpert.com/report.a...3-94261dd31588

That log looks good. How are things running?

Billy3

[metal66]

Its running better than it was but still not what it was before.I was wondering if my d drive(recovery) being so full could cause it to slow down.I tried to defrag it the other day and it says it doesent have enough space to defrag.But yes it is running a bit faster now.Thanks!!

[Billy O'Neal]

Hello, metal66
Not saying we're done.... just wondering how it was going.

I would like us to use ESET (NOD32)'s Online Scanner

1. Please go to ESET OnlineScan (NOD32)
2. You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
3. Now click Start
4. Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
5. Click Start
   • Note: (the Onlinescanner will now prepare itself for running on your pc)
6. To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
7. Press Scan
8. The Onlinescan will now start and scan your pc (this could take a while)
9. When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
10. Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
11. The Scanresults will now open in Notepad
12. Click into the text area, right-click and chose "select all" (or use <Control>+A)
13. Right-click again and chose "Copy" (or <Control>+C)
14. Close/Exit Notepad
15. Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.

Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:

• ESET OnlineScan's Log

Billy3

[metal66]

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3659 (20081202)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=0d12dfc3a95ac84eb8e8b732605f47f5
# end=finished
# remove_checked=true
# unwanted_checked=false
# utc_time=2008-12-03 04:02:19
# local_time=2008-12-02 10:02:19 (-0600, Central Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=337925
# found=3
# scan_time=3250
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoPlay.exe Win32/Agent.NVP trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\hp\bin\AUTOPLAY.EXE Win32/Agent.NVP trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\ConTest.dll Win32/Adware.Ascentive application (unable to clean - deleted) 00000000000000000000000000000000

[metal66]

Just making sure u havent forgot me.The puter is running better after that but bootup is slow.

[Billy O'Neal]

Hello, metal66
Congratulations! You now appear clean!

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware
We Need to Remove ComboFix

1. Please go to Start -> Run
2. Enter "ComboFix /u" (without quotes). Note the space betwen "ComboFix" and "/u", it needs to be there.
   
3. Press OK (Or hit enter).
4. Allow ComboFix to remove itself.

We Need to Clean Up Our Mess

1. Please reopen on your desktop.
2. Push the large "Cleanup" button
3. Allow your system to reboot

Recommendations
Below are some recommendations to lower your chances of (re)infection.

1. Install Spyware Blaster and update it regularly
   If you wish, the commercial version provides automatic updating.
2. Install the MVPs hosts file, and update it regularly
   You can use the HostMan host file manager to do this automaticly if you wish.
   For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
3. Install an Anti-Spyware program, and update it regularly
   Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
   SUPERAntiSpyware is another good scanner with high detection and removal rates.
   Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
4. Keep Windows (and your other Microsoft software) up to date!
   I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
   
   If you are using Windows XP or earlier
   Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
   
   If you are using Windows Vista
   1. Click the "Start Menu" (or Windows Orb)
   2. Click "All Programs"
   3. Click "Windows Update"
   4. On the left, choose "Change Settings"
   5. Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
   6. Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
   7. Click "Check for Updates" in the upper left corner.
   8. Follow the instructions to install the latest updates.
   9. Reboot and repeat the "Check for Updates" until there are no more critical updates to install
5. Keep your other software up to date as well
   Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
6. Stay up to date!
   The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

Billy3

[metal66]

Thanks, my puter is running alote faster now. Thank you very much.I will try the anti spyware and malware software that you recomended.And the startuplite.One question though, I have avg free 8.0.176 and it has anti spyware and resident sheild on it too. Will i need to deactivate the antispyware on avg so it doesnt mess with spyware blaster or is it ok to stay active?

[Billy O'Neal]

Spyware Blaster is not resident protection. It simply modifies standard windows system settings to passively prevent certain types of malicious activex controls from installing themselves.

It should not conflict with AVG in any way.

Billy3