Tech Support banner

Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
17 Posts
Discussion Starter #1
I believe I'm having some malware issues. When computer idles for an hour or so, I lose my screensaver and get a total black screen and have to reboot. The computer will also go to disk check on startup even after I've restarted the computer correctly. Also I have a file that won't be deleted when using McAfee, it says something like 'JunkNavQuar'. The computer seems sluggish, and I suspect some type of infection(s).
Thanks for your help.
Here's my PandaScan:


"Incident
Status Location

Potentially unwanted tool:application/altnet
Not disinfected
hkey_local_machine\software\microsoft\windows\currentversion\app
management\arpcache\AltnetDM
Adware:adware/sahagent
Not disinfected Windows Registry
Adware:adware/sqwire
Not disinfected Windows Registry
Potentially unwanted tool:application/myway
Not disinfected
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-
F8E0-41AD-92A3-14154ECE70AC}
Spyware:Cookie/Toplist
Not disinfected C:\Documents and Settings\Scott
Silverman\Application Data\Mozilla\Firefox\Profiles\4q2byxn6.default\COOKIES.TXT[.toplist.cz/]
Spyware:Cookie/Go
Not disinfected C:\Documents and Settings\Scott
Silverman\Application
Data\Mozilla\Firefox\Profiles\4q2byxn6.default\COOKIES.TXT[.go.com/]
Spyware:Cookie/Searchportal
Not disinfected C:\Documents and Settings\Scott
Silverman\Application
Data\Mozilla\Firefox\Profiles\4q2byxn6.default\COOKIES.TXT[searchportal.informat
ion.com/]
Spyware:Cookie/Target
Not disinfected C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
Spyware:Cookie/Target
Not disinfected C:\Documents and
Settings\Diane\Cookies\[email protected][3].txt
Spyware:Cookie/Atlas DMT
Not disinfected C:\Documents and
Settings\Diane\Cookies\[email protected][2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents
and Settings\Diane\Cookies\[email protected][1].txt
Spyware:Cookie/Go
Not disinfected C:\Documents and
Settings\Diane\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo
Not disinfected C:\Documents and
Settings\Diane\Cookies\[email protected][1].txt
Spyware:Cookie/YieldManager
Not disinfected C:\Documents and
Settings\Diane\Cookies\[email protected][2].txt
Spyware:Cookie/myaffiliateprogram
Not disinfected C:\Documents and
Settings\Diane\Cookies\[email protected][1].txt
Spyware:Cookie/Go
Not disinfected C:\Documents and
Settings\Diane\Cookies\[email protected][3].txt
Spyware:Cookie/Adrevolver
Not disinfected C:\Documents and Settings\Diane\Application
Data\Mozilla\Firefox\Profiles\3ot5q4sv.default\COOKIES.TXT[.adrevolver.com/]
Spyware:Cookie/Atlas DMT
Not disinfected C:\Documents and Settings\Diane\Application
Data\Mozilla\Firefox\Profiles\3ot5q4sv.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/FastClick
Not disinfected C:\Documents and Settings\Diane\Application
Data\Mozilla\Firefox\Profiles\3ot5q4sv.default\COOKIES.TXT[.fastclick.net/]
Spyware:Cookie/Tribalfusion
Not disinfected C:\Documents and Settings\Diane\Application
Data\Mozilla\Firefox\Profiles\3ot5q4sv.default\COOKIES.TXT[.tribalfusion.com/]
Spyware:Cookie/Doubleclick
Not disinfected C:\Documents and Settings\Diane\Application
Data\Mozilla\Firefox\Profiles\3ot5q4sv.default\COOKIES.TXT[.doubleclick.net/]
Spyware:Cookie/YieldManager
Not disinfected C:\Documents and Settings\Diane\Application
Data\Mozilla\Firefox\Profiles\3ot5q4sv.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware:Cookie/QuestionMarket
Not disinfected C:\Documents and Settings\Diane\Application
Data\Mozilla\Firefox\Profiles\3ot5q4sv.default\COOKIES.TXT[.questionmarket.com/]
Spyware:Cookie/Atwola
Not disinfected C:\Documents and Settings\Diane\Application
Data\Mozilla\Firefox\Profiles\3ot5q4sv.default\COOKIES.TXT[.atwola.com/]
Spyware:Cookie/Mediaplex Not
disinfected C:\Documents and Settings\Diane\Application
Data\Mozilla\Firefox\Profiles\3ot5q4sv.default\COOKIES.TXT[.mediaplex.com/]
Spyware:Cookie/RealMedia
Not disinfected C:\Documents and Settings\Diane\Application
Data\Mozilla\Firefox\Profiles\3ot5q4sv.default\COOKIES.TXT[.247realmedia.com/]
Spyware:Cookie/Go
Not disinfected C:\Documents and Settings\Diane\Application
Data\Mozilla\Firefox\Profiles\3ot5q4sv.default\COOKIES.TXT[.go.com/]
Spyware:Cookie/Zedo
Not disinfected C:\Documents and Settings\Diane\Application
Data\Mozilla\Firefox\Profiles\3ot5q4sv.default\COOKIES.TXT[.zedo.com/]
Spyware:Cookie/Hitbox
Not disinfected C:\Documents and Settings\Diane\Application
Data\Mozilla\Firefox\Profiles\3ot5q4sv.default\COOKIES.TXT[.ehg-dig.hitbox.com/]
Spyware:Cookie/Bluestreak
Not disinfected C:\Documents and Settings\Diane\Application
Data\Mozilla\Firefox\Profiles\3ot5q4sv.default\COOKIES.TXT[.bluestreak.com/]
Spyware:Cookie/PointRoll
Not disinfected C:\Documents and Settings\Diane\Application
Data\Mozilla\Firefox\Profiles\3ot5q4sv.default\COOKIES.TXT[.ads.pointroll.com/]
Spyware:Cookie/Target
Not disinfected C:\Documents and
Settings\Jonathan\Cookies\[email protected][2].txt
Spyware:Cookie/Target
Not disinfected C:\Documents and Settings\Jonathan\Cookies\[email protected][3].txt
Spyware:Cookie/fe.lea.lycos
Not disinfected C:\Documents and
Settings\Jonathan\Cookies\[email protected][1].txt
Spyware:Cookie/Go
Not disinfected C:\Documents and
Settings\Jonathan\Cookies\[email protected][1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and
Settings\Jonathan\Cookies\[email protected][1].txt
Spyware:Cookie/Target
Not disinfected C:\Documents and
Settings\Jonathan\Cookies\[email protected][4].txt
Spyware:Cookie/Doubleclick
Not disinfected C:\Documents and Settings\Jonathan\Application
Data\Mozilla\Firefox\Profiles\5x01twkl.default\COOKIES.TXT[.doubleclick.net/]
Spyware:Cookie/Tribalfusion
Not disinfected C:\Documents and Settings\Jonathan\Application
Data\Mozilla\Firefox\Profiles\5x01twkl.default\COOKIES.TXT[.tribalfusion.com/]
Spyware:Cookie/YieldManager
Not disinfected C:\Documents and Settings\Jonathan\Application
Data\Mozilla\Firefox\Profiles\5x01twkl.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT
Not disinfected C:\Documents and Settings\Jonathan\Application
Data\Mozilla\Firefox\Profiles\5x01twkl.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/Atwola
Not disinfected C:\Documents and Settings\Jonathan\Application
Data\Mozilla\Firefox\Profiles\5x01twkl.default\COOKIES.TXT[.atwola.com/]
Spyware:Cookie/QuestionMarket
Not disinfected C:\Documents and Settings\Jonathan\Application
Data\Mozilla\Firefox\Profiles\5x01twkl.default\COOKIES.TXT[.questionmarket.com/]
Spyware:Cookie/Mediaplex
Not disinfected C:\Documents and Settings\Jonathan\Application
Data\Mozilla\Firefox\Profiles\5x01twkl.default\COOKIES.TXT[.mediaplex.com/]
Spyware:Cookie/PointRoll
Not disinfected C:\Documents and Settings\Jonathan\Application
Data\Mozilla\Firefox\Profiles\5x01twkl.default\COOKIES.TXT[.ads.pointroll.com/]
Spyware:Cookie/Zedo
Not disinfected C:\Documents and Settings\Jonathan\Application
Data\Mozilla\Firefox\Profiles\5x01twkl.default\COOKIES.TXT[.zedo.com/]
Spyware:Cookie/Com.com
Not disinfected C:\Documents and Settings\Jonathan\Application
Data\Mozilla\Firefox\Profiles\5x01twkl.default\COOKIES.TXT[.com.com/]
Spyware:Cookie/Cgi-bin
Not disinfected C:\Documents and
Settings\Michael\Cookies\[email protected][1].txt
Spyware:Cookie/Target
Not disinfected C:\Documents and
Settings\Michael\Cookies\[email protected][1].txt
Spyware:Cookie/Go Not disinfected
C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
Spyware:Cookie/Atwola
Not disinfected C:\Documents and Settings\Michael\Application
Data\Mozilla\Firefox\Profiles\4d7sl0xe.default\COOKIES.TXT[.atwola.com/]
Spyware:Cookie/Doubleclick
Not disinfected C:\Documents and Settings\Michael\Application
Data\Mozilla\Firefox\Profiles\4d7sl0xe.default\COOKIES.TXT[.doubleclick.net/]
Spyware:Cookie/Mediaplex
Not disinfected C:\Documents and Settings\Michael\Application
Data\Mozilla\Firefox\Profiles\4d7sl0xe.default\COOKIES.TXT[.mediaplex.com/]
Spyware:Cookie/PointRoll
Not disinfected C:\Documents and Settings\Michael\Application
Data\Mozilla\Firefox\Profiles\4d7sl0xe.default\COOKIES.TXT[.ads.pointroll.com/]
Spyware:Cookie/Atlas DMT
Not disinfected C:\Documents and Settings\Michael\Application
Data\Mozilla\Firefox\Profiles\4d7sl0xe.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/YieldManager
Not disinfected C:\Documents and Settings\Michael\Application
Data\Mozilla\Firefox\Profiles\4d7sl0xe.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware:Cookie/Adrevolver
Not disinfected C:\Documents and Settings\Alex New\Local
Settings\Temp\~DFC4F6.TMP
Spyware:Cookie/Go
Not disinfected C:\Documents and Settings\Alex New\Cookies\alex [email protected][1].txt
Spyware:Cookie/Advertising
Not disinfected C:\Documents and Settings\Alex New\Application
Data\Mozilla\Firefox\Profiles\41scnx4l.default\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/Atwola
Not disinfected C:\Documents and Settings\Alex New\Application
Data\Mozilla\Firefox\Profiles\41scnx4l.default\COOKIES.TXT[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Alex New\Application
Data\Mozilla\Firefox\Profiles\41scnx4l.default\COOKIES.TXT[.go.com/]
Spyware:Cookie/Target
Not disinfected C:\Documents and Settings\Alex New\Application
Data\Mozilla\Firefox\Profiles\41scnx4l.default\COOKIES.TXT[.target.com/]
Spyware:Cookie/Searchportal
Not disinfected C:\Documents and Settings\Alex New\Application
Data\Mozilla\Firefox\Profiles\41scnx4l.default\COOKIES.TXT[searchportal.informat
ion.com/]
Potentially unwanted tool:Application/MyWay
Not disinfected C:\!KillBox\MyWay\myBar\1.BIN\NPMYWAY.DLL

Deckard's System Scanner v20071014.68
Run by Scott Silverman on 2007-12-04 06:58:49
Computer is in Normal Mode."

Here's my Deckard/HIjackthis Log:

"-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
119: 2007-12-04 14:58:57 UTC - RP725 - Deckard's System Scanner Restore Point
118: 2007-12-04 04:25:51 UTC - RP724 - System Checkpoint
117: 2007-12-03 03:26:55 UTC - RP723 - System Restore
116: 2007-12-02 04:54:39 UTC - RP722 - Spybot-S&D Spyware removal
115: 2007-12-01 06:57:15 UTC - RP721 - Removed VERITAS Simple Backup


-- First Restore Point --
1: 2007-09-06 06:11:44 UTC - RP607 - Installed iTunes


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 15.27 GiB (less than 15%) free.


-- HijackThis (run as Scott Silverman.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:15 AM, on 12/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Executive Software\Diskeeper Home Edition\DKService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Scott Silverman\Desktop\dss.exe
C:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Scott Silverman.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo
.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.
com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = local
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} -
C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program
Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "E:\Program Files\BitTorrent\bittorrent.exe"
--force_start_minimized
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting]
"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
Doctor\swdoctor.exe" /Q (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol
toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: Download &all with DAP -
C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -
C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -
{85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common
Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BHPAFCY - Unknown owner -
C:\DOCUME~1\SCOTTS~1\LOCALS~1\Temp\BHPAFCY.exe (file missing)
O23 - Service: BYCEJCZYSNPJGV - Unknown owner - C:\DOCUME~1\SCOTTS~1\LOCALS~1\Temp\BYCEJCZYSNPJGV.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program
Files\Executive Software\Diskeeper Home Edition\DKService.exe
O23 - Service: EKKTDFGAVSLP - Unknown owner -
C:\DOCUME~1\SCOTTS~1\LOCALS~1\Temp\EKKTDFGAVSLP.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. -
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation
- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: ITSBEI - Unknown owner -
C:\DOCUME~1\SCOTTS~1\LOCALS~1\Temp\ITSBEI.exe (file missing)
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program
Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. -
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. -
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program
files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. -
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. -
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. -
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. -
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. -
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. -
C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software -
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: QM - Unknown owner - C:\DOCUME~1\SCOTTS~1\LOCALS~1\Temp\QM.exe
(file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - E:\Program
Files\SiSoftware\SiSoftware Sandra Professional 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - E:\Program
Files\SiSoftware\SiSoftware Sandra Professional 2005.SR2a\RpcSandraSrv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd -
C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
O24 - Desktop Component 1: Ocean Aquarium Deluxe v1.0 Active Desktop - (no file)

--
End of file - 9278 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon -
C:\WINDOWS\SYSTEM32\SHELL32.DLL,-153

.com - comfile - DefaultIcon -
C:\WINDOWS\SYSTEM32\SHELL32.DLL,2

.hlp - hlpfile - DefaultIcon -
C:\WINDOWS\SYSTEM32\SHELL32.DLL,23

.ini - inifile - DefaultIcon - shell32.dll,-151
.js - JSFile - DefaultIcon -
C:\WINDOWS\System32\migicons.exe,7

.reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1
.txt - txtfile - DefaultIcon - shell32.dll,-152
.vbs - VBSFile - DefaultIcon -
C:\WINDOWS\System32\migicons.exe,6



-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) -
c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) -
c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology;
StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) -
c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology;
StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) -
c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology;
StarForce Protection System>
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000
DDK provider; Windows (R) 2000 DDK driver>
R1 aslm75 - c:\windows\system32\drivers\aslm75.sys
R1 mbmiodrvr - c:\windows\system32\mbmiodrvr.sys <Not Verified;
[email protected]; Windows (R) 2000 DDK driver>
R1 pivot - c:\windows\system32\drivers\pivot.sys <Not Verified; Windows (R) 2000
DDK provider; Windows (R) 2000 DDK driver>
R2 LBeepKE - c:\windows\system32\drivers\lbeepke.sys <Not Verified; Logitech, Inc.; Logitech
SetPoint(TM)>
R2 Stltrk2k - c:\windows\system32\drivers\stltrk2k.sys <Not Verified; SCM
Microsystems Inc.; Support Driver for SCM Win2K Applications>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) -
c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO
SCSI Host Controller>
R3 USB-100 (USB 10/100 Ethernet Adapter) -
c:\windows\system32\drivers\usbkr100.sys <Not Verified; USB Corporation
Reserved.; USB 10/100 Ethernet Adapter>

S0 ElbyVCD - c:\windows\system32\drivers\elbyvcd.sys (file missing)
S2 vsdatant - c:\windows\system32\vsdatant.sys (file missing)
S3 3c1807pd (U.S. Robotics V.92 Fax Win Int) -
c:\windows\system32\drivers\3c1807pd.sys <Not Verified; U.S. Robotics
Corporation; U.S. Robotics Modem Driver>
S3 BS_DEF - c:\windows\system32\drivers\bs_def.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan;
PowerStrip>
S3 gsplittm - c:\docume~1\scotts~1\locals~1\temp\gsplittm.sys (file missing)
S3 Maplom - c:\windows\system32\drivers\maplom.sys <Not Verified; Jacal
Consulting Pty Ltd; GameJackal>
S3 Pcouffin (Low level access layer for CD devices) -
c:\windows\system32\drivers\pcouffin.sys (file missing)
S3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified;
Padus, Inc.; Padus(R) ASPI Shell>
S3 pivotmou (Pivot Mouse/Pointers Filter Driver) -
c:\windows\system32\drivers\pivotmou.sys <Not Verified; Windows (R) 2000 DDK
provider; Pivot (R) Software (R)>
S3 Ser2pl (ATEN USB to Serial port driver) -
c:\windows\system32\drivers\ser2pl.sys <Not Verified; Prolific Technology Inc.;
Prolific USB-to-Serial Bridge Cable>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device
support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple
Mobile Device Service>
R2 Diskeeper - c:\program files\executive software\diskeeper home edition\dkservice.exe <Not Verified; Executive Software
International, Inc.; Diskeeper (TM) Disk Defragmenter>

S3 BHPAFCY - c:\docume~1\scotts~1\locals~1\temp\bhpafcy.exe (file missing)
S3 BYCEJCZYSNPJGV - c:\docume~1\scotts~1\locals~1\temp\bycejczysnpjgv.exe (file
missing)
S3 EKKTDFGAVSLP - c:\docume~1\scotts~1\locals~1\temp\ekktdfgavslp.exe (file
missing)
S3 ITSBEI - c:\docume~1\scotts~1\locals~1\temp\itsbei.exe (file missing)
S3 QM - c:\docume~1\scotts~1\locals~1\temp\qm.exe (file missing)
S4 AFLBTPVO - c:\docume~1\scotts~1\locals~1\temp\aflbtpvo.exe (file missing)
S4 AHFGLIKWQ - c:\docume~1\scotts~1\locals~1\temp\ahfglikwq.exe (file missing)
S4 ANKGKAAF - c:\docume~1\scotts~1\locals~1\temp\ankgkaaf.exe (file missing)
S4 BSOOPJR - c:\docume~1\scotts~1\locals~1\temp\bsoopjr.exe (file missing)
S4 BXXJXI - c:\docume~1\scotts~1\locals~1\temp\bxxjxi.exe (file missing)
S4 CNPWJZP - c:\docume~1\scotts~1\locals~1\temp\cnpwjzp.exe (file missing)
S4 EAATDTCHOPVWO - c:\docume~1\scotts~1\locals~1\temp\eaatdtchopvwo.exe (file missing)
S4 GQDX - c:\docume~1\scotts~1\locals~1\temp\gqdx.exe (file missing)
S4 HVTE - c:\docume~1\scotts~1\locals~1\temp\hvte.exe (file missing)
S4 ILIHTZNZOSMAQ - c:\docume~1\scotts~1\locals~1\temp\ilihtznzosmaq.exe (file
missing)
S4 JPM - c:\docume~1\scotts~1\locals~1\temp\jpm.exe (file missing)
S4 JQXKI - c:\docume~1\scotts~1\locals~1\temp\jqxki.exe (file missing)
S4 LJZBLPFG - c:\docume~1\scotts~1\locals~1\temp\ljzblpfg.exe (file missing)
S4 LSaS_Server (Local Security Authority Server) - "c:\windows\debug\lsasrv.exe"
(file missing)
S4 UOFSU - c:\docume~1\scotts~1\locals~1\temp\uofsu.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_1019&SUBSYS_80F71043&REV_00\4&3B3CB9B1&0&0818
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_8086&DEV_1019&SUBSYS_80F71043&REV_00\4&3B3CB9B1&0&0818
Service:

Class GUID:
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_80F31043&REV_02\3&267A616A&0&FD
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_80F31043&REV_02\3&267A616A&0&FD
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-12-04 07:00:12 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-12-04 01:53:02 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-12-01 01:00:14 372 --a------ C:\WINDOWS\Tasks\McQcTask.job
2007-11-28 13:26:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-10-15 01:49:28 370 --a------ C:\WINDOWS\Tasks\McDefragTask.job


-- Files created between 2007-11-04 and 2007-12-04 -----------------------------

2007-12-04 07:00:59 0 d-------- C:\Program Files\Trend Micro
2007-12-04 00:04:20 0 d--hs---- C:\FOUND.000
2007-12-03 19:21:43 0 d-------- C:\Program Files\Common Files\Panda Software
2007-12-02 19:46:44 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-02 14:36:25 0 d-------- C:\WINDOWS\BDOSCAN8
2007-12-02 11:31:28 0 d-------- C:\Documents and Settings\Scott
Silverman\.housecall6.6
2007-12-02 01:30:38 0 d--hs---- C:\Documents and Settings\Scott
Silverman\Policies
2007-12-02 01:30:36 0 d--hs---- C:\Documents and Settings\Scott
Silverman\temp
2007-12-02 01:00:13 21312 --a------ C:\WINDOWS\choice.exe
2007-12-02 00:51:45 0 d-------- C:\WINDOWS\Motorola
2007-11-30 00:48:35 0 d-------- C:\Documents and
Settings\Ashley\Application Data\Lavasoft
2007-11-29 00:17:06 184 --a------ C:\prpl_rmdll.bat
2007-11-28 01:26:59 0 d-------- C:\WINDOWS\nview
2007-11-28 01:25:57 0 d-------- C:\NVIDIA
2007-11-23 17:00:22 0 d-------- C:\Documents and
Settings\Michael\Application Data\Logitech
2007-11-22 17:07:47 0 d-------- C:\Documents and
Settings\Jonathan\Application Data\Logitech
2007-11-22 15:27:42 0 d-------- C:\Documents and
Settings\Diane\Application Data\Logitech
2007-11-22 14:43:34 0 d-------- C:\Documents and Settings\Scott
Silverman\Application Data\Logitech
2007-11-17 16:53:21 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-11-15 20:43:43 0 d-------- C:\Documents and
Settings\Jonathan\Application Data\DivX
2007-11-15 20:43:41 0 d-------- C:\Documents and
Settings\Jonathan\Application Data\Media Player Classic
2007-11-15 20:41:06 0 d-------- C:\Documents and
Settings\Jonathan\Application Data\InterVideo


-- Find3M Report ---------------------------------------------------------------

2007-12-03 23:58:34 456 --a------ C:\WINDOWS\system32\miniPortInfo.dat
2007-12-02 00:20:36 288 --a------
C:\WINDOWS\system32\DVCStateBkp-{00000003-00000000-0000000C-00001102-00000004-10
021102}.dat
2007-12-02 00:20:36 288 --a------
C:\WINDOWS\system32\DVCState-{00000003-00000000-0000000C-00001102-00000004-10021102}.dat
2007-10-25 10:26:48 53248 --a------ C:\WINDOWS\bdoscandel.exe
2007-10-18 00:25:42 0 d-------- C:\Documents and Settings\Scott
Silverman\Application Data\Acoustica
2007-10-18 00:25:38 0 d-------- C:\Program Files\Acoustica CD Label
Maker
2007-10-04 17:14:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-10-04 17:14:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-10-04 17:14:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-04 17:14:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-10-04 17:14:00 1478656 --a------ C:\WINDOWS\system32\nview.dll
2007-10-04 17:14:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-10-04 17:14:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-10-04 17:14:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/04/2007 05:14 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [12/17/2006
01:50 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"BitTorrent"="E:\Program Files\BitTorrent\bittorrent.exe" [09/29/2006 06:00 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-
EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start
Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS
Probe]
e:\Program Files\ASUS\Probe\AsusProb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunk
eys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoint
s2\R]
AutoRun\command- R:\RunGame.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoint
s2\{72eb4e7c-2a40-11d9-bfb8-cdaf106b28ff}]
AutoRun\command- I:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoint
s2\{e093c755-4d88-11d9-803c-aaf29c2e6e45}]
AutoRun\command- H:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoint
s2\{ecf3f464-4424-11d9-801c-9653c6666e28}]
AutoRun\command- H:\AUTORUN.EXE




-- Hosts -----------------------------------------------------------------------

127.0.0.1 desktop.kazaa.com
127.0.0.1 www.altnetp2p.com
127.0.0.1 alpha.kazaa.com
127.0.0.1 shop.kazaa.com
127.0.0.1 www.bonzi.com
127.0.0.1 www.brilliantdigital.com
127.0.0.1 www.b3d.com
127.0.0.1 media.altnet.com
127.0.0.1 www.altnet.com
127.0.0.1 dev.bde.com.au

117 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-12-04 07:02:12 -----"-------

I'm also attaching the 'extra' file.
Thanks again,
Scott
 

Attachments

·
Registered
Joined
·
17 Posts
Discussion Starter #2
BUMP

It's been 72 hours and I haven't received any replies to my problem, so I'm bumping.
PLEASE, SOMEBODY HELP ME!
Thanks
 

·
Registered
Joined
·
17 Posts
Discussion Starter #4
BUMP
Hi,
It's been a week, and no one has replied to help me, and this is the third time I've bumped my log. Now my computer is locking up at least 4 times a day, and the only way out of it is to reboot, then I have to wait 10 minutes for it to go through disk scan, and the computer is running extremely slow and sluggish, I have to wait and wait for things to run. Something is definitely running behind the scenes. Can someone PLEASE look at my logs and let me know what to do? I'd really appreciate it, I'm ready to trash my hard drive. Thanks.
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top