Tech Support banner

Status
Not open for further replies.
1 - 8 of 8 Posts

·
Registered
Joined
·
36 Posts
Discussion Starter #1
Hello.

Firstly thanks in advance for your time.

My machine, an old compaq armada e500 isn't very fast but lately it's got very slow. Also at times there seems to a lot of disk activity when I'm not actually doing anything. The Task Manager shows System Idle in the high 90 % yet the disk is whirring away like crazy.

Protection installed asfollows:

Comodo firewall
AVG anti- virus
Ad-aware
Spybot search & destroy
Superantispyware

I update and run these fairly regularly and also run CCleaner

I ran an online scan with Kaspersky and it showed

D:\Documents and Settings\Administrator\My Documents\MyStuff\Downloads\SpySweeper\ssf-snr-a-setup481.exe/file13 Infected: Trojan-Clicker.Win32.Small.tl skipped

D:\Documents and Settings\Administrator\My Documents\MyStuff\Downloads\SpySweeper\ssf-snr-a-setup481.exe Inno: infected - 1 skipped

and

D:\Documents and Settings\Administrator\My Documents\MyStuff\Downloads\Zonealarm\KYLG\FamilyKeyLogger\cisvc.exe Infected: not-a-virus:Monitor.Win32.FamilyKeyLogger.230 skipped

Spysweeper, I can't recall downloading or installing tho' it's possible I did or my son did.

Keylogger I did install and uninstalled quite a long time ago.

I have followed the pre-post steps.

here is the text of the DDS scan

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-05-08 10:38:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 87% (more than 75%).
System Drive C: has 0.41 GiB (less than 15%) free.


-- HijackThis (run as Administrator.exe) ---------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-08 10:42:05
Platform: Windows 2000 Service Pack 4 (5.00.2195)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\system32\SMSS.EXE
C:\WINNT\system32\WINLOGON.EXE
C:\WINNT\system32\SERVICES.EXE
C:\WINNT\system32\LSASS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Altiris\AClient\ACLIENT.EXE
C:\WINNT\system32\ati2plab.exe
C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Compaq\Compaq Management Agents\Cpqalert.exe
C:\WINNT\system32\nalntsrv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\mstask.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\WINNT\system32\wbem\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\wm.exe
C:\Program Files\Compaq\Compaq Management Agents\Cpqdmi.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\nwtray.exe
C:\Program Files\Comodo\Firewall\cpf.exe
C:\Program Files\Belkin\F5D9010\Belkinwcui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\PGP\PGP55\PGPtray.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Yahoo!\browser\ycommon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [F5D9010] C:\Program Files\Belkin\F5D9010\Belkinwcui.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: PGPtray.lnk = C:\Program Files\PGP\PGP55\PGPtray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\Accessories\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\Accessories\PartyPoker\RunApp.exe
O10 - Unknown file in Winsock LSP: C:\WINNT\system32\NWPROVAU.DLL
O15 - Trusted Zone: https://myfolders.learningni.net (HKCU)
O15 - Trusted Zone: https://forms.real.com (HKCU)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {32564D57-0000-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/wmv8ax.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210098289972
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0) - http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab65872.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37863.4880555556
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/prequal/MotivePreQual.cab
O16 - DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B} () - http://windowsupdate.microsoft.com/R778/V31Controls/x86/nt5/en/actsetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://www.c2kremote.net/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} () - http://register.btinternet.com/templates/btwebcontrol023.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://www.paltalk.com/prod/RegDload.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
O20 - AppInit_DLLs: WIKI.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Altiris\AClient\ACLIENT.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\ati2plab.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\Cpqalert.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\Cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Unknown owner - C:\PROGRA~1\Compaq\COMPAQ~2\CPQWEB~1\WebDmi.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\system32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\WINNT\system32\nalntsrv.exe
O23 - Service: WIN32SL - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
O23 - Service: Novell Workstation Manager (WM) - Novell, Inc. - C:\WINNT\system32\wm.exe


--
End of file - 12295 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\winnt\system32\drivers\bantext.sys
R1 ClntMgmt.sys (ClntMgmt) - c:\winnt\system32\drivers\clntmgmt.sys <Not Verified; Compaq Computer Corporation; Client Management Device Driver>
R1 cpqp6cpu (Compaq CPU driver) - c:\winnt\system32\drivers\cpqp6cpu.sys <Not Verified; Compaq Computer Corporation; Compaq Management Agents>
R1 NICM (%ProductNICMDisplayName%) - c:\winnt\system32\drivers\nicm.sys
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R2 NetwareWorkstation (Novell Client for Windows 2000) - c:\winnt\system32\netware\nwfs.sys <Not Verified; Novell, Inc.; Novell Client for Windows NT>
R2 NWDHCP (Novell DHCP Inform Client) - c:\winnt\system32\netware\nwdhcp.sys
R2 NWSIPX32 (Novell NetWare IPX/SPX Transport Interface) - c:\winnt\system32\netware\nwsipx32.sys <Not Verified; Novell, Inc.; Novell Client for Windows NT>
R2 PRPC - c:\winnt\system32\drivers\prpc.sys <Not Verified; Intel Corp.; Intel(R) SpeedStep(TM) technology applet>
R2 RESMGR (Novell NetWare Resource Manager) - c:\winnt\system32\netware\resmgr.sys <Not Verified; Novell, Inc.; Novell Client for Windows NT>
R2 SRVLOC (Novell Service Location) - c:\winnt\system32\netware\srvloc.sys <Not Verified; Novell, Inc.; Novell Client for Windows NT>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\program files\belkin\f5d9010\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 ltmodem5 (Lucent Modem Driver) - c:\winnt\system32\drivers\ltmdmnt.sys <Not Verified; LT; LT V.90 Data+Fax+Voice Modem Version 5.63b>
R3 NWDNS (Novell DNS Name Space Service Provider) - c:\winnt\system32\netware\nwdns.sys
R3 NWHOST (Novell Host File Name Space Service Provider) - c:\winnt\system32\netware\nwhost.sys
R3 NWSAP (Novell SAP Name Space Provider) - c:\winnt\system32\netware\nwsap.sys
R3 NWSLP (Novell SLP Name Space Service Provider) - c:\winnt\system32\netware\nwslp.sys
R3 NWSNS (Novell Simple Naming Services) - c:\winnt\system32\netware\nwsns.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 ZD1211BU(ZyDAS) (ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)) - c:\winnt\system32\drivers\zd1211bu.sys (file missing)
S3 ZD1211U(ZyDAS) (ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS)) - c:\winnt\system32\drivers\zd1211u.sys (file missing)
S3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\winnt\system32\drivers\zdpsp50.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AClient (Altiris Client Service) - c:\altiris\aclient\aclient.exe -service <Not Verified; Altiris, Inc.; Altiris Client Agent for Windows>
R2 CPQALERT (Compaq Local Alerter) - c:\program files\compaq\compaq management agents\cpqalert.exe <Not Verified; Compaq Computer Corporation; Compaq Management Agents>
R2 cpqdmi - c:\progra~1\compaq\compaq~2\cpqdmi.exe <Not Verified; Compaq Computer Corporation; Compaq Management Agents>
R2 NALNTSERVICE (Novell Application Launcher) - c:\winnt\system32\nalntsrv.exe <Not Verified; Novell, Inc.; Novell nalntsrv>
R2 WIN32SL - c:\program files\compaq\compaq management agents\dmi\win32\bin\win32sl.exe <Not Verified; Intel; DMI 2.0 SDK>
R2 WM (Novell Workstation Manager) - c:\winnt\system32\wm.exe <Not Verified; Novell, Inc.; Novell Client for Windows NT>

S2 cpqWebDmi (Compaq DMI Web Agent) - c:\progra~1\compaq\compaq~2\cpqweb~1\webdmi.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-15 18:17:00 286 --a------ C:\WINNT\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-06-19 17:17:11 408 --a------ C:\WINNT\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2008-04-08 and 2008-05-08 -----------------------------

2008-05-07 20:31:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-07 20:30:58 0 d-------- C:\WINNT\system32\Kaspersky Lab
2008-05-05 14:17:19 0 d-------- C:\Program Files\Panda Security
2008-04-15 21:51:17 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_7ec.dat
2008-04-15 18:34:26 0 --a------ C:\WINNT\r
2008-04-15 18:33:30 0 d-------- C:\Program Files\Common Files\Logitech


-- Find3M Report ---------------------------------------------------------------

2008-05-08 10:26:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-05-04 19:07:05 0 d-------- C:\Program Files\iPod
2008-05-04 19:04:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-29 21:12:48 0 d-------- C:\Program Files\PokerStars
2008-04-27 13:49:52 0 d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-04-27 13:49:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Audacity
2008-04-15 22:42:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\U3
2008-04-06 22:14:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\wsInspector
2008-04-03 18:30:15 1524 --a------ C:\WINNT\system32\d3d8caps.dat
2008-04-03 18:30:11 1636 --a------ C:\WINNT\system32\d3d9caps.dat
2008-04-03 18:27:20 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_470.dat
2008-04-01 23:36:52 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_22c.dat
2008-03-23 15:18:30 0 d-------- C:\Program Files\Snood
2008-03-21 12:07:48 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-20 11:42:34 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_13c4.dat
2008-02-23 18:21:20 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_740.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NWTRAY"="NWTRAY.EXE" [02/17/00 12:40p C:\WINNT\system32\nwtray.exe]
"Synchronization Manager"="mobsync.exe" [06/19/03 08:05p C:\WINNT\system32\mobsync.exe]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [03/28/07 04:21p]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [04/27/08 12:13p]
"F5D9010"="C:\Program Files\Belkin\F5D9010\Belkinwcui.exe" [07/20/06 07:55a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/25/05 11:05a]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [04/29/03 11:40a]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [03/11/08 08:32p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
PGPtray.lnk - C:\Program Files\PGP\PGP55\PGPtray.exe [09/24/2001 6:42:12 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [03/14/07 09:45a 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 04/28/07 11:50a 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau]
nwprovau.dll 09/01/06 06:49a 140048 C:\WINNT\system32\NWPROVAU.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=WIKI.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

*Newly Created Service* - NETFXUPDATE_V1.1.4322



-- End of Deckard's System Scanner: finished at 2008-05-08 10:52:53 ------------

Please find attached DDS extra file & active scan txt

Any help/advice appreciated.
 

Attachments

1 - 8 of 8 Posts
Status
Not open for further replies.
Top