Computer really Slow/Ads popping up everywhere!

1062 Views 1 Reply 2 Participants Last post by tetonbob, Jun 11, 2008

angeline

Discussion Starter · Jun 8, 2008

I dont know what happened but I cant get rid of the ads popping up on my computer...it is also going really slow.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:25 AM, on 6/8/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\AIM6\aim6.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\explorer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\Louise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GTI02HH1\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Louise.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8053AF4F-F35D-4EC6-A411-039EFB515CD8} - C:\Windows\system32\awtrPhEx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VAIOSecurity] "C:\Program Files\Sony\VAIO Security Center\VSC.exe" 1
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [VAIOSurvey] C:\Program Files\Sony Corporation\VAIO Survey\Vista VAIO Survey.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\awtrPhEx.dll,#1
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Louise\AppData\Local\Temp\byXNeEWn.dll,#1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Louise\AppData\Local\Temp\fcccbcdd.dll,c
O4 - HKCU\..\Run: [f4a145d8] rundll32.exe "C:\Users\Louise\AppData\Local\Temp\vftipnaq.dll",b
O4 - HKCU\..\Run: [BMf7927644] Rundll32.exe "C:\Users\Louise\AppData\Local\Temp\xmnwkroa.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14452 bytes

-- Files created between 2008-05-08 and 2008-06-08 -----------------------------

2008-06-07 08:48:18 0 d-------- C:\Windows\Intuit
2008-06-06 12:53:41 0 d-------- C:\Program Files\AltoMP3 Gold
2008-06-06 12:41:52 32768 --a------ C:\Windows\system32\Wnaspi32.dll <Not Verified; Frog ASPI / Millenod; frogaspi.dll>
2008-06-05 19:40:03 0 d-------- C:\Program Files\Trend Micro
2008-06-05 15:52:17 0 d-------- C:\Program Files\SpywareBlaster
2008-06-05 09:02:45 0 d-------- C:\Program Files\Panda Security
2008-06-04 17:23:08 141312 --a------ C:\Windows\system32\drivers\sp_rsdrv2.sys
2008-06-04 17:23:00 0 d-------- C:\Program Files\Spyware Terminator
2008-06-04 15:20:57 0 d-------- C:\Program Files\Lavasoft
2008-06-02 17:55:43 0 d-------- C:\Program Files\Common Files\Protexis
2008-06-02 13:23:46 1073152 -ra------ C:\Windows\system32\cdintf210.dll <Not Verified; Amyuni Technologies
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-06-02 13:21:53 0 d-------- C:\Program Files\Final Draft Tagger
2008-06-02 13:21:53 0 d-------- C:\Program Files\Final Draft 7
2008-06-02 13:13:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-02 11:25:28 0 d-------- C:\Program Files\Common Files\InterVideo
2008-06-02 11:21:12 0 d-------- C:\Program Files\Windows Media Components
2008-06-02 11:15:28 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-06-02 11:15:19 0 d-------- C:\Program Files\Ulead Systems
2008-06-02 10:59:53 57344 --a------ C:\Windows\system32\awtrPhEx.dll
2008-06-02 09:16:13 0 d-------- C:\Program Files\Banner Maker Pro 6
2008-05-30 11:02:07 57344 --a------ C:\Windows\system32\Wnaspint.dll <Not Verified; NexiTech, Inc.; NexiTech ASPI for Win32>
2008-05-30 11:01:59 0 d-------- C:\Program Files\Acoustica Shared Effects
2008-05-30 11:01:58 0 d-------- C:\Program Files\Acoustica Mixcraft
2008-05-29 18:14:25 5642 --ahs---- C:\Windows\system32\KGyGaAvL.sys
2008-05-29 18:14:25 168 -r-hs---- C:\Windows\system32\605D5E275B.sys
2008-05-28 10:57:50 0 d-------- C:\Program Files\Studio V5
2008-05-27 00:21:47 0 d-------- C:\Program Files\Canon
2008-05-27 00:21:43 0 d-------- C:\Program Files\Common Files\Canon
2008-05-19 14:13:15 0 d-------- C:\Program Files\iPod
2008-05-19 14:12:27 0 d-------- C:\Program Files\iTunes
2008-05-19 14:02:56 0 d-------- C:\Program Files\Apple Software Update
2008-05-19 13:59:58 0 d-------- C:\Program Files\Common Files\Apple
2008-05-19 13:30:47 0 d-------- C:\Program Files\QuickTime
2008-05-13 16:00:01 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-13 15:58:35 0 d-------- C:\Program Files\Windows Live
2008-05-12 21:42:16 0 d-------- C:\Program Files\FriendBlasterPro
2008-05-12 18:07:00 0 d-------- C:\Users\Louise\Loops
2008-05-09 22:37:33 306688 --a------ C:\Windows\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-05-09 22:25:59 0 d-------- C:\Program Files\Sony Setup
2008-05-09 22:19:08 0 d-------- C:\Program Files\Selteco
2008-05-09 22:13:52 774144 --a------ C:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>
2008-05-09 22:13:43 0 d-------- C:\Program Files\Real
2008-05-09 22:13:31 0 d-------- C:\Program Files\Common Files\Real
2008-05-09 20:38:08 0 d-------- C:\Program Files\Mp3 Song Plays Increaser
2008-05-09 15:08:54 0 d-------- C:\Program Files\Bonjour
2008-05-09 13:21:41 0 d-------- C:\Program Files\VstPlugins
2008-05-09 13:19:50 0 d-------- C:\Program Files\Image-Line
2008-05-09 00:32:19 0 d-------- C:\Program Files\Tencent
2008-05-09 00:31:12 0 d-------- C:\Program Files\AIMTunes
2008-05-09 00:25:40 0 d-------- C:\Program Files\AIM6
2008-05-08 23:42:43 0 d--h----- C:\Windows\PIF
2008-05-08 23:16:17 0 dr------- C:\Users\Louise\Searches
2008-05-08 23:16:10 0 dr------- C:\Users\Louise\Contacts
2008-05-08 23:15:33 0 dr------- C:\Users\Louise\Videos
2008-05-08 23:15:33 0 d--hs---- C:\Users\Louise\Templates <TEMPLA~1>
2008-05-08 23:15:33 0 d--hs---- C:\Users\Louise\Start Menu <STARTM~1>
2008-05-08 23:15:33 0 d--hs---- C:\Users\Louise\SendTo
2008-05-08 23:15:33 0 dr------- C:\Users\Louise\Saved Games <SAVEDG~1>
2008-05-08 23:15:33 0 d--hs---- C:\Users\Louise\Recent
2008-05-08 23:15:33 0 d--hs---- C:\Users\Louise\PrintHood <PRINTH~1>
2008-05-08 23:15:33 0 dr------- C:\Users\Louise\Pictures
2008-05-08 23:15:33 2621440 --ahs---- C:\Users\Louise\NTUSER.DAT
2008-05-08 23:15:33 0 d--hs---- C:\Users\Louise\NetHood
2008-05-08 23:15:33 0 d--hs---- C:\Users\Louise\My Documents <MYDOCU~1>
2008-05-08 23:15:33 0 dr------- C:\Users\Louise\Music
2008-05-08 23:15:33 0 d--hs---- C:\Users\Louise\Local Settings <LOCALS~1>
2008-05-08 23:15:33 0 dr------- C:\Users\Louise\Links
2008-05-08 23:15:33 0 dr------- C:\Users\Louise\Favorites <FAVORI~1>
2008-05-08 23:15:33 0 dr------- C:\Users\Louise\Downloads <DOWNLO~1>
2008-05-08 23:15:33 0 dr------- C:\Users\Louise\Documents <DOCUME~1>
2008-05-08 23:15:33 0 dr------- C:\Users\Louise\Desktop
2008-05-08 23:15:33 0 d--hs---- C:\Users\Louise\Cookies
2008-05-08 23:15:33 0 d--hs---- C:\Users\Louise\Application Data <APPLIC~1>
2008-05-08 23:15:33 0 d--h----- C:\Users\Louise\AppData
2008-05-08 15:50:10 0 d-------- C:\Program Files\Conduit
2008-05-08 15:48:10 0 d-------- C:\Program Files\Live_TV
2008-05-08 15:00:37 0 d-------- C:\Program Files\DNA
2008-05-08 14:49:50 0 d-------- C:\Program Files\LimeWire
2008-05-08 03:50:23 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-08 01:55:01 101888 --a------ C:\Windows\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-05-08 01:39:41 4 --a------ C:\Windows\Pix11.dat
2008-05-08 01:36:47 0 d-------- C:\Program Files\Microsoft Digital Image 2006

-- Find3M Report ---------------------------------------------------------------

2008-06-07 08:47:20 0 d-------- C:\Program Files\Common Files\Intuit
2008-06-07 08:46:41 0 d-------- C:\Program Files\Common Files
2008-06-06 12:41:43 0 d-------- C:\Users\Louise\AppData\Roaming\Acoustica
2008-06-05 18:19:59 0 d-------- C:\Users\Louise\AppData\Roaming\LimeWire
2008-06-04 19:12:01 0 d-------- C:\Users\Louise\AppData\Roaming\Spyware Terminator
2008-06-02 17:59:40 0 d-------- C:\Users\Louise\AppData\Roaming\Corel
2008-06-02 17:40:17 0 d-------- C:\Program Files\Common Files\Corel
2008-06-02 17:37:37 0 d-------- C:\Program Files\Corel
2008-06-02 13:34:15 0 d-------- C:\Users\Louise\AppData\Roaming\Final Draft
2008-06-02 11:34:20 0 d-------- C:\Users\Louise\AppData\Roaming\Ulead Systems
2008-06-02 11:24:51 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-02 09:31:34 0 d-------- C:\Users\Louise\AppData\Roaming\LogoMaker
2008-05-30 10:53:24 0 d-------- C:\Users\Louise\AppData\Roaming\ZoomBrowser EX
2008-05-28 12:16:05 360 --a------ C:\Users\Louise\AppData\Roaming\wklnhst.dat
2008-05-28 10:27:09 0 d-------- C:\Users\Louise\AppData\Roaming\Template
2008-05-19 14:14:27 0 d-------- C:\Users\Louise\AppData\Roaming\Apple Computer
2008-05-17 03:15:38 0 d-------- C:\Program Files\Microsoft SQL Server
2008-05-14 03:05:53 0 d-------- C:\Program Files\Windows Mail
2008-05-12 21:25:27 0 d-------- C:\Users\Louise\AppData\Roaming\Sony
2008-05-12 17:55:53 0 d-------- C:\Users\Louise\AppData\Roaming\Publish Providers
2008-05-12 17:55:53 0 d-------- C:\Users\Louise\AppData\Roaming\NetMedia Providers
2008-05-12 12:44:45 0 d-------- C:\Users\Louise\AppData\Roaming\Adobe
2008-05-09 22:27:47 0 d-------- C:\Program Files\Sony
2008-05-09 15:08:50 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-09 00:39:28 0 d-------- C:\Program Files\Norton Internet Security
2008-05-09 00:34:34 0 d-------- C:\Users\Louise\AppData\Roaming\QQ Games Plugin
2008-05-09 00:34:15 0 d-------- C:\Users\Louise\AppData\Roaming\acccore
2008-05-09 00:26:18 0 d-------- C:\Program Files\Common Files\AOL
2008-05-08 23:37:28 0 d-------- C:\Users\Louise\AppData\Roaming\Macromedia
2008-05-08 23:26:49 0 d-------- C:\Program Files\Java
2008-05-08 23:16:14 0 d-------- C:\Users\Louise\AppData\Roaming\Identities
2008-05-08 23:15:36 0 d-------- C:\Users\Louise\AppData\Roaming\Sony Corporation
2008-05-08 04:46:15 174 --ahs---- C:\Program Files\desktop.ini
2008-05-08 04:35:26 0 d-------- C:\Program Files\Windows Calendar
2008-05-08 04:35:22 0 d-------- C:\Program Files\Windows Defender
2008-05-08 04:35:09 0 d-------- C:\Program Files\Windows Sidebar
2008-05-08 01:28:40 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-08 00:59:51 0 d-------- C:\Users\Louise\AppData\Roaming\InstallShield
2008-05-08 00:49:21 0 d-------- C:\Program Files\Symantec
2008-05-07 23:57:28 0 d-------- C:\Program Files\InterVideo
2008-05-07 23:53:14 0 d-------- C:\Program Files\Sony Corporation
2008-05-07 23:52:38 0 d-------- C:\Program Files\Common Files\Sony Shared
2008-05-07 23:45:43 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-07 23:44:55 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-05-07 23:44:55 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-05-07 23:44:40 0 d-------- C:\Program Files\Roxio
2008-05-07 23:41:59 0 d-------- C:\Program Files\Intuit
2008-05-07 23:41:54 0 d-------- C:\Program Files\Common Files\supportsoft
2008-05-07 23:38:36 0 d-------- C:\Program Files\MSXML 4.0
2008-05-07 23:33:11 0 d-------- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2008-05-07 23:31:40 0 d-------- C:\Program Files\Microsoft Works
2008-05-07 23:31:04 0 d-------- C:\Program Files\Microsoft.NET
2008-05-07 23:18:13 0 d-------- C:\Program Files\Sony Picture Games
2008-05-07 23:14:14 0 d-------- C:\Program Files\Online Services

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8053AF4F-F35D-4EC6-A411-039EFB515CD8}]
06/02/2008 10:59 AM 57344 --a------ C:\Windows\system32\awtrPhEx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [05/08/2008 04:14 AM]
"RtHDVCpl"="RtHDVCpl.exe" [11/15/2006 06:09 PM C:\Windows\RtHDVCpl.exe]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [11/13/2006 06:32 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [11/11/2006 04:35 PM]
"VAIOSecurity"="C:\Program Files\Sony\VAIO Security Center\VSC.exe" [11/28/2006 03:30 PM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [11/14/2006 11:39 AM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [11/14/2006 11:38 AM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [11/14/2006 11:39 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/24/2006 09:08 PM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [10/26/2006 11:18 PM]
"VAIOSurvey"="C:\Program Files\Sony Corporation\VAIO Survey\Vista VAIO Survey.exe" [12/06/2006 05:08 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 05:38 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/19/2008 01:30 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"MSServer"="C:\Windows\system32\awtrPhEx.dll" [06/02/2008 10:59 AM]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [03/03/2007 02:12 PM]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [08/28/2007 12:00 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [05/08/2008 03:28 AM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/25/2008 01:21 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 05:35 AM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"MSServer"="C:\Users\Louise\AppData\Local\Temp\byXNeEWn.dll,#1" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"cmds"="C:\Users\Louise\AppData\Local\Temp\jkkHBSKD.dll,c" []
"f4a145d8"="C:\Users\Louise\AppData\Local\Temp\vftipnaq.dll,b" []
"BMf7927644"="C:\Users\Louise\AppData\Local\Temp\xmnwkroa.dll,s" []

C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [8/24/2007 4:45:42 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 2:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/23/2006 1:01:50 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{8053AF4F-F35D-4EC6-A411-039EFB515CD8}"= C:\Windows\system32\awtrPhEx.dll [06/02/2008 10:59 AM 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 11/24/2006 11:36 AM 73728 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-06-08 09:46:46 ------------

See less See more

Save

Status: Not open for further replies.

1 - 2 of 2 Posts

tetonbob

· #2 · Jun 11, 2008

Hello -

C:\Users\Louise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GTI02HH1\dss[1].exe

It appears as though you chose "Run" instead of "Save" when it came to downloading DSS. This file is in TEMP, and will be lost when our tools clear out that area.

Please do this:

Download Deckard's System Scanner (DSS) once again, and this time "Save" it to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.

Please run Deckard's System Scanner once again, this time using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK

"%userprofile%\desktop\dss.exe" /config

Click on "Check All"

Click Scan!

When finished, it shall produce two logs for you. Post those logs in your next reply.