Tech Support Forum banner
Status
Not open for further replies.
1 - 20 of 38 Posts

·
Registered
Joined
·
35 Posts
Discussion Starter · #1 ·
i have been having problems with this computer for a while
what will happen is that it will slow down and freeze at times
like its trying to do too much at one time,then it will go slow
alot of times it will open different windows with just the movement of the mouse without clicking anything,the more the mouse is moved the faster and more windows that will open it will then lock up and i will have to shut down and reboot to get it to work again.
also it will come and go sometimes it won't happen for days then it will happen 4,5 times in a row.
when i go into safe mode it will act up and it also will act up when i have tried to dump everything and reformat. it seems no matter where i am or go it sticks around.
also it will corrupt downloads to avg and other antivirus progs.:upset:
here are my results of the 5 steps
1. i found and uninstalled veiwpoint media player as told
2.i completed the panda scan it took a long timehere is the log

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-05-23 09:00:49
PROTECTIONS: 1
MALWARE: 30
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton Internet Security 2005 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00149104 Cookie/Date TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
184380 MEDIUM MS08-002
184379 MEDIUM MS08-001
182048 HIGH MS07-069
182046 HIGH MS07-067
182043 HIGH MS07-064
179553 HIGH MS07-061
176382 HIGH MS07-057
176383 HIGH MS07-058
170911 HIGH MS07-050
170907 HIGH MS07-046
170906 HIGH MS07-045
170904 HIGH MS07-043
164915 HIGH MS07-035
164913 HIGH MS07-033
164911 HIGH MS07-031
160623 HIGH MS07-027
157262 HIGH MS07-022
157261 HIGH MS07-021
157260 HIGH MS07-020
157259 HIGH MS07-019
156477 HIGH MS07-017
150253 HIGH MS07-016
150249 HIGH MS07-013
150248 HIGH MS07-012
150247 HIGH MS07-011
150243 HIGH MS07-008
150242 HIGH MS07-007
150241 MEDIUM MS07-006
141034 HIGH MS06-076
141033 MEDIUM MS06-075
141030 HIGH MS06-072
137571 HIGH MS06-070
137568 HIGH MS06-067
133387 MEDIUM MS06-065
133386 MEDIUM MS06-064
133385 MEDIUM MS06-063
133379 HIGH MS06-057
131654 HIGH MS06-055
129977 MEDIUM MS06-053
129976 MEDIUM MS06-052
126093 HIGH MS06-051
126092 MEDIUM MS06-050
126087 HIGH MS06-046
126086 MEDIUM MS06-045
126083 HIGH MS06-042
126082 HIGH MS06-041
126081 HIGH MS06-040
123421 HIGH MS06-036
123420 HIGH MS06-035
120825 MEDIUM MS06-032
120823 MEDIUM MS06-030
120818 HIGH MS06-025
120815 HIGH MS06-022
120814 HIGH MS06-021
117384 MEDIUM MS06-018
114666 HIGH MS06-015
114664 HIGH MS06-013
108744 MEDIUM MS06-008
108743 MEDIUM MS06-007
108742 MEDIUM MS06-006
104567 HIGH MS06-002
104237 HIGH MS06-001
96574 HIGH MS05-053
93395 HIGH MS05-051
93394 HIGH MS05-050
93454 MEDIUM MS05-049
;===================================================================================================================================================================================


3.spyware balster and ie-spyad are downloaded and installed
4.sp1a is downloaded,when i try to install it says
c:\Documents and setting\owner\myDocuments\xpspla_EN_x86.exe is not a valid win32 application
and it won't let me run it?????
5. the dss scanner is downloaded and on my desktop
but when i go to run it will go to an error and will make me shut it off???

i thank anyone who helps beforehand because this thing is driving me crazy:upset::upset::upset:
 

·
Registered
Joined
·
35 Posts
Discussion Starter · #5 ·
i had problems so bad yesterday that i had lost the use of the mouse
i ended up reformatting the computer
3 times in a row before it seemed to work right.
when i got back online i went thru the steps again and i have had alot better sucess in getting things to work.
here is my css scan that finally worked for me
i still suspect that i have something lurking ,ready to
do this to me all over here is the css scan


Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-31 03:08:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-05-31 07:08:50 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2008-05-30 18:29:27 UTC - RP3 - Software Distribution Service 3.0
2: 2008-05-30 14:27:44 UTC - RP2 - Software Distribution Service 3.0
1: 2008-05-31 06:30:38 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 383 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-31 03:10:06
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Digital Media Reader\shwiconEM.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msscli.exe
C:\Program Files\Common Files\AOL\1212214156\EE\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1212214156\EE\AOLServiceHost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1212214156\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212217990828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212217920296
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{87963452-40F9-4277-9BF1-4883BDED03DB}: NameServer = 205.188.146.145
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


--
End of file - 9923 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 SunkFilt (Alcor Micro Corp Reader) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McAfeeAntiSpyware (McAfee AntiSpyware Real-Time Scanner) - c:\program files\mcafee\mcafee antispyware\msssrv.exe <Not Verified; Network Associates, Inc.; McAfee AntiSpyware>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-31 04:17:00 476 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (YOUR-CA66427893-Owner).job
2008-05-31 02:30:28 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 3.job
2008-05-31 02:30:27 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 2.job
2008-05-31 02:30:27 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job
2008-05-31 01:59:16 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-05-30 21:00:00 344 --a------ C:\WINDOWS\Tasks\McAfee AntiSpyware.job


-- Files created between 2008-04-30 and 2008-05-31 -----------------------------

2008-05-31 03:27:22 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-31 03:10:22 0 d---s---- C:\Documents and Settings\Owner\UserData
2008-05-31 03:02:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-05-31 02:55:47 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-31 02:55:39 0 d-------- C:\Program Files\MetaStream
2008-05-31 02:55:34 0 d-------- C:\Program Files\SpywareBlaster
2008-05-31 02:55:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-31 02:32:21 0 d-------- C:\Documents and Settings\Owner\Application Data\AOL
2008-05-31 02:31:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Help
2008-05-31 02:30:22 0 d-------- C:\Documents and Settings\Default User\WINDOWS
2008-05-31 02:30:22 0 d-------- C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver
2008-05-31 02:30:22 0 d-------- C:\Documents and Settings\Default User\Application Data\SampleView
2008-05-31 02:30:22 0 d-------- C:\Documents and Settings\Default User\Application Data\McAfee
2008-05-31 02:30:22 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities
2008-05-31 02:15:10 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-31 02:14:24 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-31 02:14:23 0 d-------- C:\Program Files\McAfee
2008-05-31 02:14:23 0 d-------- C:\Program Files\Common Files\McAfee
2008-05-31 02:14:23 0 d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2008-05-31 02:14:14 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-05-31 02:14:02 0 d-------- C:\Program Files\McAfee.com
2008-05-31 02:12:57 0 d-------- C:\WINDOWS\RegisteredPackages
2008-05-31 02:12:46 67072 --a------ C:\WINDOWS\POWERCFG.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-31 02:12:30 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-31 02:12:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-31 02:12:02 0 d-------- C:\Program Files\MSN Encarta Plus
2008-05-31 02:11:10 0 d-------- C:\Program Files\Microsoft Money 2005
2008-05-31 02:10:45 0 d-------- C:\Documents and Settings\Owner\Application Data\You've Got Pictures Screensaver
2008-05-31 02:10:43 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-05-31 02:10:29 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2008-05-31 02:10:22 0 d-------- C:\WINDOWS\system32\QuickTime
2008-05-31 02:10:22 0 d-------- C:\Program Files\QuickTime
2008-05-31 02:10:22 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-05-31 02:10:18 0 d-------- C:\My Music
2008-05-31 02:10:17 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
2008-05-31 02:10:14 0 d-------- C:\Program Files\Real
2008-05-31 02:10:14 0 d-------- C:\Program Files\Common Files\Real
2008-05-31 02:10:06 10752 --a------ C:\WINDOWS\system32\aamd532.dll <Not Verified; Almeida & Andrade Ltda; MD5 Maker DLL>
2008-05-31 02:10:05 102400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll <Not Verified; 4Developers LLC; SimpleRegistry Control>
2008-05-31 02:09:59 0 d-------- C:\Program Files\Viewpoint
2008-05-31 02:09:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-05-31 02:09:54 0 d-------- C:\Program Files\Pure Networks
2008-05-31 02:09:44 0 d-------- C:\Program Files\AOL Toolbar
2008-05-31 02:09:35 0 d-------- C:\Program Files\Common Files\AolCoach
2008-05-31 02:09:22 0 d-------- C:\Documents and Settings\Owner\Application Data\SampleView
2008-05-31 02:09:13 0 d-------- C:\Program Files\Common Files\aolshare
2008-05-31 02:09:13 0 d-------- C:\Program Files\America Online 9.0
2008-05-31 02:09:13 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-05-31 02:09:05 335 --a------ C:\WINDOWS\nsreg.dat
2008-05-31 02:09:05 0 d-------- C:\Program Files\Common Files\AOL
2008-05-31 02:08:12 40960 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-05-31 02:08:09 294912 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2008-05-31 02:08:09 200704 --a------ C:\WINDOWS\alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing driver Tool>
2008-05-31 02:08:06 192512 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-05-31 02:07:53 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-05-31 02:07:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Napster
2008-05-31 02:07:37 0 d-------- C:\Program Files\Napster
2008-05-31 02:07:31 20480 --a------ C:\WINDOWS\system32\Marker32.exe <Not Verified; Gateway; Marker32>
2008-05-31 02:06:50 0 d-------- C:\Program Files\Java
2008-05-31 02:06:49 0 d-------- C:\Program Files\Common Files\Java
2008-05-31 02:06:22 0 d-------- C:\Program Files\CyberLink
2008-05-31 02:06:13 471300 --a------ C:\WINDOWS\wallpe.exe <Not Verified; ; wallpe>
2008-05-31 02:04:15 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-05-31 02:03:36 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-31 02:03:15 0 d-------- C:\WINDOWS\SHELLNEW
2008-05-31 02:02:59 0 d-------- C:\Program Files\Microsoft.NET
2008-05-31 02:02:37 0 dr-h----- C:\MSOCache
2008-05-31 02:02:22 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-31 02:01:48 0 d-------- C:\Program Files\ATI Technologies
2008-05-31 01:57:32 0 d-------- C:\Program Files\Norton Internet Security
2008-05-31 01:56:08 0 d-------- C:\Program Files\Google
2008-05-31 01:56:05 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-31 01:55:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-31 01:55:57 0 d-------- C:\Program Files\Symantec
2008-05-31 01:55:40 18000 --a------ C:\WINDOWS\BigFixClientOverride.dll <Not Verified; BigFix, Inc.; BigFix>
2008-05-31 01:55:40 0 d-------- C:\Program Files\BigFix
2008-05-31 01:55:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-31 01:54:40 0 d-------- C:\Program Files\Digital Media Reader
2008-05-31 01:54:36 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-31 01:54:35 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-31 01:54:24 76288 -ra------ C:\WINDOWS\system32\PUBOLE32.DLL <Not Verified; Microsoft Corporation; Microsoft Publisher for Windows>
2008-05-31 01:54:24 212480 -ra------ C:\WINDOWS\system32\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2008-05-31 01:54:24 37888 -ra------ C:\WINDOWS\system32\ochlp30e.dll <Not Verified; Microsoft Corporation; Microsoft Multimedia Controls>
2008-05-31 01:54:24 82432 --a------ C:\WINDOWS\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2008-05-31 01:54:24 1233920 --a------ C:\WINDOWS\system32\msxml4.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP 2>
2008-05-31 01:54:24 91136 -ra------ C:\WINDOWS\system32\msls2.dll <Not Verified; Microsoft Corporation; Microsoft® Line Services>
2008-05-31 01:54:23 31744 -ra------ C:\WINDOWS\system32\hlp95en.dll <Not Verified; Microsoft Corporation; Microsoft Office>
2008-05-31 01:54:01 0 d-------- C:\Program Files\Microsoft Works
2008-05-31 01:51:50 2658304 -----n--- C:\WINDOWS\UNNeroBurnRights.exe <Not Verified; Nero AG; Nero WebEngine>
2008-05-31 01:51:50 90184 --a------ C:\WINDOWS\system32\NeroCo.dll <Not Verified; Ahead Software AG
im Stoeckmaedle 18
76307 Karlsbad, Germany
Fax: ++49-7248-911-888
e-mail: [email protected]; Nero Burning Rom>
2008-05-31 01:51:16 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-05-31 01:51:13 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-05-31 01:51:13 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-05-31 01:51:13 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-05-31 01:51:13 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-05-31 01:51:12 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-31 01:51:12 0 d-------- C:\Program Files\Ahead
2008-05-31 01:47:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Prism Deploy
2008-05-31 01:47:04 0 d-------- C:\Program Files\Common Files\New Boundary
2008-05-31 01:44:23 0 d-------- C:\WINDOWS\system32\URTTemp
2008-05-31 01:44:19 2 -r-hs---- C:\USER
2008-05-31 01:43:02 0 d-------- C:\Program Files\CONEXANT
2008-05-31 01:40:29 0 d--hs---- C:\System Volume Information
2008-05-31 01:11:20 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT
2008-05-31 01:11:17 0 d-------- C:\WINDOWS\creator
2008-05-31 01:09:41 0 d-------- C:\WINDOWS\SMINST
2008-05-31 01:09:37 0 d-------- C:\WINDOWS\I386
2008-05-30 21:35:58 0 d-------- C:\Documents and Settings\Owner\Application Data\CyberLink
2008-05-30 21:35:27 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-05-30 21:32:12 0 d-------- C:\WINDOWS\Prefetch
2008-05-30 21:24:33 0 d-------- C:\WINDOWS\system32\scripting
2008-05-30 21:24:32 0 d-------- C:\WINDOWS\l2schemas
2008-05-30 21:24:31 0 d-------- C:\WINDOWS\system32\en
2008-05-30 21:24:30 0 d-------- C:\WINDOWS\system32\bits
2008-05-30 21:21:29 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-30 21:18:58 0 d-------- C:\WINDOWS\network diagnostic
2008-05-30 21:13:26 0 d-------- C:\WINDOWS\EHome
2008-05-30 10:29:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-30 10:28:26 0 d-------- C:\WINDOWS\system32\PreInstall


-- Find3M Report ---------------------------------------------------------------

2008-05-31 02:14:23 0 d-------- C:\Program Files\Common Files
2008-05-31 01:04:58 0 d-------- C:\Program Files\Online Services
2008-05-31 01:04:58 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-31 01:04:58 0 d-------- C:\Program Files\microsoft frontpage
2008-05-31 01:04:58 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-31 01:04:58 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-31 01:04:58 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-31 01:04:51 0 d-------- C:\Documents and Settings\Owner\Application Data\Identities
2008-05-30 21:31:36 0 d-------- C:\Program Files\Messenger
2008-05-30 21:24:30 0 d-------- C:\Program Files\Movie Maker
2008-05-30 21:21:15 0 d-------- C:\Program Files\Windows NT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 02:50 PM]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [11/15/2004 06:04 PM]
"@"="" []
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [08/05/2004 08:23 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/27/2004 07:22 PM]
"IS CfgWiz"="C:\Program Files\Norton Internet Security\cfgwiz.exe" [08/17/2004 06:36 PM]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [08/30/2004 10:29 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/18/2005 12:05 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 11:24 PM]
"SoundMan"="SOUNDMAN.EXE" [04/15/2005 02:01 PM C:\WINDOWS\SOUNDMAN.EXE]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"HostManager"="C:\Program Files\Common Files\AOL\1212214156\EE\AOLHostManager.exe" [11/03/2004 05:03 PM]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [10/18/2004 08:42 PM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [08/17/2004 09:26 PM]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [10/02/2004 07:34 PM]
"_AntiSpyware"="C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe" [10/19/2004 04:00 AM]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [04/05/2004 05:33 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/13/2008 08:12 PM]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [06/23/2005 12:24 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 7:44:06 AM]
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [5/31/2008 1:55:40 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"= C:\Program Files\McAfee\McAfee AntiSpyware\MssShell.dll [10/19/2004 04:00 AM 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{508aba02-2eda-11dd-9fb6-806d6172696f}]
PlayWithPowerDVD\Command- "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"

*Newly Created Service* - UDFS



-- End of Deckard's System Scanner: finished at 2008-05-31 03:12:46 ------------
 

·
Registered
Joined
·
35 Posts
Discussion Starter · #6 ·
and here is the extra txt file..
i hope this will
help someone help me........

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 3400+
Percentage of Memory in Use: 71%
Physical Memory (total/avail): 382.48 MiB / 109.88 MiB
Pagefile Memory (total/avail): 918.55 MiB / 575.34 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.32 MiB

C: is Fixed (NTFS) - 181.85 GiB total, 174.84 GiB free.
D: is Fixed (FAT32) - 4.44 GiB total, 2.23 GiB free.
E: is CDROM (UDF)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2000BB-22GUC0 - 186.31 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 181.85 GiB - C:
\PARTITION1 - Unknown - 4.45 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-CA66427893
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\YOUR-CA66427893
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\America Online 9.0;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PortMagicSDKIsRunning=1
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=YOUR-CA66427893
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\aolunins_us.exe
AOL Coach Version 2.0(Build:20041026.5 en) --> C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Connectivity Services --> "C:\Program Files\Common Files\AOL\ACS\AcsUninstall.exe" /c
AOL Spyware Protection --> C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
AOL Toolbar --> "C:\Program Files\AOL Toolbar\UNWISE.EXE" /u "C:\Program Files\AOL Toolbar\INSTALL.LOG"
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
CC_ccProxyExt --> MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
ccPxyCore --> MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 2.5 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
McAfee AntiSpyware --> MsiExec.exe /I{F39A74A0-FAE2-401C-AED1-1C941AA28EA8}
McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security --> MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Internet Security 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Norton Security Center --> MsiExec.exe /X{503AA035-41E2-4858-B31F-1E49AC66C309}
Norton WMI Update --> MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Pure Networks Port Magic --> C:\Program Files\Pure Networks\Port Magic\PortAOL.exe -Uninstall -ShowUI
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for Step By Step Interactive Training (KB898458) -->
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type36 / Warning
Event Submitted/Written: 05/30/2008 09:25:50 PM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Event Record #/Type35 / Error
Event Submitted/Written: 05/30/2008 06:58:45 PM
Event ID/Source: 485 / ESENT
Event Description:
wuauclt (2628) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail with error -1032 (0xfffffbf8).

Event Record #/Type34 / Error
Event Submitted/Written: 05/30/2008 06:19:34 PM
Event ID/Source: 485 / ESENT
Event Description:
wuauclt (3892) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The delete file operation will fail with error -1032 (0xfffffbf8).

Event Record #/Type33 / Error
Event Submitted/Written: 05/30/2008 06:19:34 PM
Event ID/Source: 485 / ESENT
Event Description:
wuauclt (3892) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The delete file operation will fail with error -1032 (0xfffffbf8).

Event Record #/Type32 / Error
Event Submitted/Written: 05/30/2008 04:28:59 PM
Event ID/Source: 485 / ESENT
Event Description:
wuauclt (400) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail with error -1032 (0xfffffbf8).



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

No Errors/Warnings found.


-- End of Deckard's System Scanner: finished at 2008-05-31 03:12:46 ------------
 

·
Premium Member
Joined
·
29,790 Posts
Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please save this page to Notepad in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.


Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

The reasons you probably didn't get a response are because you reformatted, the logs you posted afterward had no malware in them, and helpers look for threads with 0 or 1 replies to respond.

Is your Norton Antivirus program current? I can't be sure from your logs.

If it is not and you cannot update it, I can suggest a good, free one.

------------------------------------------------------

Did you alter your Path?

Path=C:\Program Files\America Online 9.0;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI
It's OK if you did, I just need to know.

------------------------------------------------------

If your system seems sluggish, it is most likely due to low RAM.

Total Physical Memory: 383 MiB (512 MiB recommended).
Percentage of Memory in Use: 71%
Physical Memory (total/avail): 382.48 MiB / 109.88 MiB
Please read the following article: http://www.techsupportforum.com/security-center/hijackthis-log-help/247567-your-pc-running-slow.html

Please visit Crucial where you can either input your model number or download a small application that will tell you exactly the type of RAM you need.

------------------------------------------------------

Since it has been awhile, please do the following:

Please download HijackThis and Save it to your Desktop.

Alternate link

Double-click on the file you just downloaded. Click on the Unzip button to install.

It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

When it does, just close it, please. Next....

------------------------------------------------------

Please run Deckard's System Scanner again, this time using these instructions(this assumes dss.exe is on your desktop):

Go Start >> Run and then copy/paste this into the Run box & click OK
"%userprofile%\desktop\dss.exe" /config

Click Run

In the dialog box that appears:

Make sure all items are checked.

Click Scan!

  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and Paste (Ctrl+V) the contents of main.txt here.
  • Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the Manage Attachments button under Additional Options > Attach Files on the post composition page, and
  2. Copy and Paste the following into the Upload File from your Computer box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload
------------------------------------------------------

Please post the following in your next reply:

main.txt
an attached extra.txt


If you have any questions along the way...STOP and ask them before proceeding.
 

·
Registered
Joined
·
35 Posts
Discussion Starter · #13 ·
Is your Norton Antivirus program current? I can't be sure from your logs.

If it is not and you cannot update it, I can suggest a good, free one.

no its not, so i could use a suggestion

Did you alter your Path?

not sure what that means but the only thing i did was reformat
because this thing just gets so bad that after time it makes my computer useless

If your system seems sluggish, it is most likely due to low RAM

it runs good until this malware takes over and makes my mouse go crazy
opening all kinds of windows up and will lock the computer up
until i shut it down and reboot it.

i will follow what you said and post my results in a min
thanks
 

·
Registered
Joined
·
35 Posts
Discussion Starter · #14 ·
i am having problems opening the dialog box for dss
it just goes to run when i open it and starts scanning right away without being able to
put "%userprofile%\desktop\dss.exe" /config
anywhere???????
 

·
Premium Member
Joined
·
29,790 Posts
Hello flypaper.

it just goes to run when i open it
Don't click on dss.exe

Just follow the instructions:

Go Start >> Run and then copy/paste this into the Run box & click OK
"%userprofile%\desktop\dss.exe" /config

Click Run

In the dialog box that appears:

Make sure all items are checked.

Click Scan!

  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and Paste (Ctrl+V) the contents of main.txt here.
  • Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the Manage Attachments button under Additional Options > Attach Files on the post composition page, and
  2. Copy and Paste the following into the Upload File from your Computer box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload
 

·
Premium Member
Joined
·
29,790 Posts
Try this:

Go Start >> Run and then copy/paste this into the Run box & click OK
"%userprofile%\desktop\dss.exe" /config

Click Run

In the dialog box that appears:

Make sure all items are checked, except Temp Cleanup and Event Logs

Click Scan!

  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and Paste (Ctrl+V) the contents of main.txt here.
  • Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the Manage Attachments button under Additional Options > Attach Files on the post composition page, and
  2. Copy and Paste the following into the Upload File from your Computer box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload
 

·
Registered
Joined
·
35 Posts
Discussion Starter · #18 ·
Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-20 16:53:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
22: 2008-06-20 19:41:49 UTC - RP22 - Deckard's System Scanner Restore Point
21: 2008-06-19 23:01:04 UTC - RP21 - Software Distribution Service 3.0
20: 2008-06-19 17:25:09 UTC - RP20 - System Checkpoint
19: 2008-06-18 03:08:03 UTC - RP19 - System Checkpoint
18: 2008-06-16 20:59:22 UTC - RP18 - System Checkpoint


-- First Restore Point --
1: 2008-05-31 06:30:38 UTC - RP1 - System Checkpoint


Backed up registry hives.

Total Physical Memory: 383 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:53:56 PM, on 6/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\AOL\1212214156\ee\AOLSoftware.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\Owner\desktop\dss.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\TEMPOR~1.ZIP\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1212214156\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212217990828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212217920296
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{87963452-40F9-4277-9BF1-4883BDED03DB}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9726 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 SunkFilt (Alcor Micro Corp Reader) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McAfeeAntiSpyware (McAfee AntiSpyware Real-Time Scanner) - c:\program files\mcafee\mcafee antispyware\msssrv.exe <Not Verified; Network Associates, Inc.; McAfee AntiSpyware>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\explorer.exe (pid 1272)
2004-10-19 04:00:00 86016 --a------ C:\Program Files\McAfee\McAfee AntiSpyware\MssShell.dll <Not Verified; Network Associates, Inc.; McAfee AntiSpyware>
2005-06-23 12:24:17 6144 --a------ C:\Program Files\America Online 9.0\idleproc.dll <Not Verified; America Online, Inc.; America Online>


-- Scheduled Tasks -------------------------------------------------------------

2008-06-20 12:35:10 476 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (YOUR-CA66427893-Owner).job
2008-06-13 21:00:00 344 --a------ C:\WINDOWS\Tasks\McAfee AntiSpyware.job
2008-05-31 01:59:16 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-05-20 and 2008-06-20 -----------------------------

2008-06-16 14:14:08 0 d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2008-06-06 21:10:02 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-06-06 21:09:15 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-06-04 22:08:59 0 d-------- C:\Documents and Settings\Owner\Application Data\Viewpoint
2008-05-31 12:01:17 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-31 03:27:22 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-31 03:10:22 0 d---s---- C:\Documents and Settings\Owner\UserData
2008-05-31 03:02:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-05-31 02:55:47 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-31 02:55:39 0 d-------- C:\Program Files\MetaStream
2008-05-31 02:55:34 0 d-------- C:\Program Files\SpywareBlaster
2008-05-31 02:55:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-31 02:32:21 0 d-------- C:\Documents and Settings\Owner\Application Data\AOL
2008-05-31 02:31:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Help
2008-05-31 02:30:22 0 d-------- C:\Documents and Settings\Default User\WINDOWS
2008-05-31 02:30:22 0 d-------- C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver
2008-05-31 02:30:22 0 d-------- C:\Documents and Settings\Default User\Application Data\SampleView
2008-05-31 02:30:22 0 d-------- C:\Documents and Settings\Default User\Application Data\McAfee
2008-05-31 02:30:22 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities
2008-05-31 02:15:10 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-31 02:14:24 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-31 02:14:23 0 d-------- C:\Program Files\McAfee
2008-05-31 02:14:23 0 d-------- C:\Program Files\Common Files\McAfee
2008-05-31 02:14:23 0 d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2008-05-31 02:14:14 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-05-31 02:14:02 0 d-------- C:\Program Files\McAfee.com
2008-05-31 02:12:57 0 d-------- C:\WINDOWS\RegisteredPackages
2008-05-31 02:12:46 67072 --a------ C:\WINDOWS\POWERCFG.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-31 02:12:30 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-31 02:12:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-31 02:12:02 0 d-------- C:\Program Files\MSN Encarta Plus
2008-05-31 02:11:10 0 d-------- C:\Program Files\Microsoft Money 2005
2008-05-31 02:10:45 0 d-------- C:\Documents and Settings\Owner\Application Data\You've Got Pictures Screensaver
2008-05-31 02:10:43 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-05-31 02:10:29 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2008-05-31 02:10:22 0 d-------- C:\WINDOWS\system32\QuickTime
2008-05-31 02:10:22 0 d-------- C:\Program Files\QuickTime
2008-05-31 02:10:22 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-05-31 02:10:18 0 d-------- C:\My Music
2008-05-31 02:10:17 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
2008-05-31 02:10:14 0 d-------- C:\Program Files\Real
2008-05-31 02:10:14 0 d-------- C:\Program Files\Common Files\Real
2008-05-31 02:10:06 10752 --a------ C:\WINDOWS\system32\aamd532.dll <Not Verified; Almeida & Andrade Ltda; MD5 Maker DLL>
2008-05-31 02:10:05 102400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll <Not Verified; 4Developers LLC; SimpleRegistry Control>
2008-05-31 02:09:59 0 d-------- C:\Program Files\Viewpoint
2008-05-31 02:09:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-05-31 02:09:54 0 d-------- C:\Program Files\Pure Networks
2008-05-31 02:09:44 0 d-------- C:\Program Files\AOL Toolbar
2008-05-31 02:09:35 0 d-------- C:\Program Files\Common Files\AolCoach
2008-05-31 02:09:22 0 d-------- C:\Documents and Settings\Owner\Application Data\SampleView
2008-05-31 02:09:13 0 d-------- C:\Program Files\Common Files\aolshare
2008-05-31 02:09:13 0 d-------- C:\Program Files\America Online 9.0
2008-05-31 02:09:13 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-05-31 02:09:05 335 --a------ C:\WINDOWS\nsreg.dat
2008-05-31 02:09:05 0 d-------- C:\Program Files\Common Files\AOL
2008-05-31 02:08:12 40960 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-05-31 02:08:09 294912 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2008-05-31 02:08:09 200704 --a------ C:\WINDOWS\alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing driver Tool>
2008-05-31 02:08:06 192512 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-05-31 02:07:53 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-05-31 02:07:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Napster
2008-05-31 02:07:37 0 d-------- C:\Program Files\Napster
2008-05-31 02:07:31 20480 --a------ C:\WINDOWS\system32\Marker32.exe <Not Verified; Gateway; Marker32>
2008-05-31 02:06:50 0 d-------- C:\Program Files\Java
2008-05-31 02:06:49 0 d-------- C:\Program Files\Common Files\Java
2008-05-31 02:06:22 0 d-------- C:\Program Files\CyberLink
2008-05-31 02:06:13 471300 --a------ C:\WINDOWS\wallpe.exe <Not Verified; ; wallpe>
2008-05-31 02:04:15 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-05-31 02:03:36 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-31 02:03:15 0 d-------- C:\WINDOWS\SHELLNEW
2008-05-31 02:02:59 0 d-------- C:\Program Files\Microsoft.NET
2008-05-31 02:02:37 0 dr-h----- C:\MSOCache
2008-05-31 02:02:22 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-31 02:01:48 0 d-------- C:\Program Files\ATI Technologies
2008-05-31 01:57:32 0 d-------- C:\Program Files\Norton Internet Security
2008-05-31 01:56:08 0 d-------- C:\Program Files\Google
2008-05-31 01:56:05 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-31 01:55:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-31 01:55:57 0 d-------- C:\Program Files\Symantec
2008-05-31 01:55:40 18000 --a------ C:\WINDOWS\BigFixClientOverride.dll <Not Verified; BigFix, Inc.; BigFix>
2008-05-31 01:55:40 0 d-------- C:\Program Files\BigFix
2008-05-31 01:55:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-31 01:54:40 0 d-------- C:\Program Files\Digital Media Reader
2008-05-31 01:54:36 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-31 01:54:35 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-31 01:54:24 76288 -ra------ C:\WINDOWS\system32\PUBOLE32.DLL <Not Verified; Microsoft Corporation; Microsoft Publisher for Windows>
2008-05-31 01:54:24 212480 -ra------ C:\WINDOWS\system32\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2008-05-31 01:54:24 37888 -ra------ C:\WINDOWS\system32\ochlp30e.dll <Not Verified; Microsoft Corporation; Microsoft Multimedia Controls>
2008-05-31 01:54:24 82432 --a------ C:\WINDOWS\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2008-05-31 01:54:24 1233920 --a------ C:\WINDOWS\system32\msxml4.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP 2>
2008-05-31 01:54:24 91136 -ra------ C:\WINDOWS\system32\msls2.dll <Not Verified; Microsoft Corporation; Microsoft® Line Services>
2008-05-31 01:54:23 31744 -ra------ C:\WINDOWS\system32\hlp95en.dll <Not Verified; Microsoft Corporation; Microsoft Office>
2008-05-31 01:54:01 0 d-------- C:\Program Files\Microsoft Works
2008-05-31 01:51:50 2658304 -----n--- C:\WINDOWS\UNNeroBurnRights.exe <Not Verified; Nero AG; Nero WebEngine>
2008-05-31 01:51:50 90184 --a------ C:\WINDOWS\system32\NeroCo.dll <Not Verified; Ahead Software AG
im Stoeckmaedle 18
76307 Karlsbad, Germany
Fax: ++49-7248-911-888
e-mail: [email protected]; Nero Burning Rom>
2008-05-31 01:51:16 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-05-31 01:51:13 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-05-31 01:51:13 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-05-31 01:51:13 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-05-31 01:51:13 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-05-31 01:51:12 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-31 01:51:12 0 d-------- C:\Program Files\Ahead
2008-05-31 01:47:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Prism Deploy
2008-05-31 01:47:04 0 d-------- C:\Program Files\Common Files\New Boundary
2008-05-31 01:44:23 0 d-------- C:\WINDOWS\system32\URTTemp
2008-05-31 01:44:19 2 -r-hs---- C:\USER
2008-05-31 01:43:02 0 d-------- C:\Program Files\CONEXANT
2008-05-31 01:40:29 0 d--hs---- C:\System Volume Information
2008-05-31 01:11:20 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT
2008-05-31 01:11:17 0 d-------- C:\WINDOWS\creator
2008-05-31 01:09:41 0 d-------- C:\WINDOWS\SMINST
2008-05-31 01:09:37 0 d-------- C:\WINDOWS\I386
2008-05-30 21:35:58 0 d-------- C:\Documents and Settings\Owner\Application Data\CyberLink
2008-05-30 21:35:27 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-05-30 21:32:12 0 d-------- C:\WINDOWS\Prefetch
2008-05-30 21:24:33 0 d-------- C:\WINDOWS\system32\scripting
2008-05-30 21:24:32 0 d-------- C:\WINDOWS\l2schemas
2008-05-30 21:24:31 0 d-------- C:\WINDOWS\system32\en
2008-05-30 21:24:30 0 d-------- C:\WINDOWS\system32\bits
2008-05-30 21:21:29 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-30 21:18:58 0 d-------- C:\WINDOWS\network diagnostic
2008-05-30 21:13:26 0 d-------- C:\WINDOWS\EHome
2008-05-30 10:29:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-30 10:28:26 0 d-------- C:\WINDOWS\system32\PreInstall


-- Find3M Report ---------------------------------------------------------------

2008-05-31 02:14:23 0 d-------- C:\Program Files\Common Files
2008-05-31 01:04:58 0 d-------- C:\Program Files\Online Services
2008-05-31 01:04:58 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-31 01:04:58 0 d-------- C:\Program Files\microsoft frontpage
2008-05-31 01:04:58 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-31 01:04:58 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-31 01:04:58 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-31 01:04:51 0 d-------- C:\Documents and Settings\Owner\Application Data\Identities
2008-05-30 21:31:36 0 d-------- C:\Program Files\Messenger
2008-05-30 21:24:30 0 d-------- C:\Program Files\Movie Maker
2008-05-30 21:21:15 0 d-------- C:\Program Files\Windows NT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 02:50 PM]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [11/15/2004 06:04 PM]
"@"="" []
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [08/05/2004 08:23 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/27/2004 07:22 PM]
"IS CfgWiz"="C:\Program Files\Norton Internet Security\cfgwiz.exe" [08/17/2004 06:36 PM]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [08/30/2004 10:29 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/18/2005 12:05 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 11:24 PM]
"SoundMan"="SOUNDMAN.EXE" [04/15/2005 02:01 PM C:\WINDOWS\SOUNDMAN.EXE]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"HostManager"="C:\Program Files\Common Files\AOL\1212214156\ee\AOLSoftware.exe" [03/10/2006 06:22 PM]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [10/18/2004 08:42 PM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [08/17/2004 09:26 PM]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [10/02/2004 07:34 PM]
"_AntiSpyware"="C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe" [10/19/2004 04:00 AM]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [04/05/2004 05:33 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/31/2008 02:10 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/13/2008 08:12 PM]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [07/25/2005 10:30 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 7:44:06 AM]
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [5/31/2008 1:55:40 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"= C:\Program Files\McAfee\McAfee AntiSpyware\MssShell.dll [10/19/2004 04:00 AM 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-06-20 16:56:22 ------------
 

Attachments

·
Premium Member
Joined
·
29,790 Posts
Hello again, flypaper. Your logs appear clean. Let's address your antivirus situation.

Please download the Norton Removal Tool and Save it to your Desktop.

Download Avira AntiVir PersonalEdition Classic and Save it to your Desktop.

Disconnect from the internet(pull the plug!).

Please uninstall the following via the Add or Remove Programs in your Control Panel:

CC_ccProxyExt
ccCommon
ccPxyCore
LiveReg
LiveUpdate 2.5
Norton AntiSpam
- both of them
Norton AntiVirus 2005
Norton Internet Security
- all of them
Norton Internet Security 2005
Norton Security Center
Norton WMI Update
- both of them
Symantec Script Blocking Installer
SymNet


  • Close all programs and double-click the Norton_Removal_Tool.exe then click Run
  • Follow the on-screen instructions.
  • Restart the computer if asked.
  • Then delete Norton_Removal_Tool.exe from your desktop.
------------------------------------------------------

Install Avira, connect back to the internet, update Avira, and run a full system scan.

See this tutorial on its setup and use.

Do not install more than one antivirus program as they will conflict with each other. Update your antivirus once a week so it remains effective against new malware.

------------------------------------------------------

You are running HijackThis from a temporary folder.

C:\DOCUME~1\Owner\LOCALS~1\Temp\TEMPOR~1.ZIP\Owner.exe
Move it to your desktop or create its own folder.

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Add or Remove Programs if it still exists:

Viewpoint Media Player<<This is considered foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". Please read here and here

If you decide to uninstall it, also delete the following Folders if they still exist:

C:\Program Files\Viewpoint
C:\Documents and Settings\Owner\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\ViewpointViewpoint

------------------------------------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and Save it to your Desktop.
  • Scroll down to where it says Java Runtime Environment (JRE) 6 Update 6 The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click Continue
  • Click on the link to download Windows Offline Installation and Save the file to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start(or My Computer) > Control Panel and click on Add or Remove Programs
  • Click (highlight) the following items:
    • J2SE Runtime Environment 5.0 Update 2
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.
  • After the install is complete, go back to your Control Panel and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants.

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and Save a Logfile'. Save the logfile and post it here.

------------------------------------------------------

Please post the following in your next reply:

Kaspersky report
new HijackThis log
 

·
Registered
Joined
·
35 Posts
Discussion Starter · #20 ·
the karpersky found nothing and the report was blank???????
i find that very hard to believe
this thing of my mouse going crazy will even happen when i
reformat before windows will even load.
i did have problems finding all that you wanted me to uninstall
i couldn't find them in the remove programs section or even in a search???
i also had problems with the avira it wouldn't install??????
saying the files were corrupt
i did try to download it and do it again but the same thing happened???

here is the hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:35 PM, on 6/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\AOL\1212214156\ee\AOLSoftware.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\waol.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1212214156\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,[email protected]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1212217990828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1212217920296
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{87963452-40F9-4277-9BF1-4883BDED03DB}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 7016 bytes
 
1 - 20 of 38 Posts
Status
Not open for further replies.
Top