Tech Support Forum banner
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
147 Posts
Discussion Starter · #1 ·
I have notice on my desktop i now have %appdata% folder, and it wont go away, dont know if thats the problem, but the laptop is much slower since then.. I have done cleanup, and all the preliminary stuff as requested, here are the logs...Thank you so much!!

DDS file:


DDS (Ver_09-11-29.01) - NTFSx86
Run by A2KM at 17:07:47.96 on Sun 11/29/2009
Internet Explorer: 8.0.6001.18372
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.906 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\CmgShieldSvc.exe
C:\WINDOWS\system32\EMSService.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\MsChkSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\MsWnetChk.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\AClient\Bin\XCDiffCache.exe
C:\windows\system32\mschkprompt.exe
C:\Program Files\AClient\Bin\XcListener.exe
C:\WINDOWS\System32\CMGShieldUI.exe
C:\WINDOWS\system32\EmsServiceHelper.exe
C:\Program Files\AClient\Bin\XCGSTask.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Xerox\PanelMgr\SSMMgr.exe
C:\Program Files\Xerox\Xerox Phaser 3300MFP\PSU\Scan2pc.exe
C:\Program Files\XEROX\NetworkScan\NSCSysUI_XEROX.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\A2KM\Local Settings\Temporary Internet Files\Content.IE5\AZKG6D4E\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = https://my.aflac.com/login2/login.aspx
uSearch Page =
uSearch Bar =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DW6]
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [VMware Tools] c:\program files\vmware\vmware tools\VMwareTray.exe
mRun: [VMware User Process] c:\program files\vmware\vmware tools\VMwareUser.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [WSPPurge] c:\program files\aflac\common\WSPPurge.exe
mRun: [Aflac_Do_Not_Remove] c:\aflac2000\WSPInfo.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ATSwpNav] "c:\program files\fingerprint sensor\ATSwpNav" -run
mRun: [Afaria Client File Differencing] c:\program files\aclient\bin\XCDiffCache.exe
mRun: [!SysInit] c:\windows\system32\mschkprompt.exe
mRun: [Afaria Client Listener] c:\program files\aclient\bin\XcListener.exe
mRun: [Afaria Client Generic Scheduler] c:\program files\aclient\bin\XCGSTask.exe /startup
mRun: [CmgShieldUI] c:\windows\system32\CMGShieldUI.exe
mRun: [EmsService] EmsServiceHelper.exe
mRun: [WService] WService.EXE
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Xerox PanelMgr] c:\windows\xerox\panelmgr\SSMMgr.exe /autorun
mRun: [ELBERT_XRX_S2P] c:\program files\xerox\xerox phaser 3300mfp\psu\Scan2pc.exe
mRun: [NSCSysTrayUI_XEROX] "c:\program files\xerox\networkscan\NSCSysUI_XEROX.exe" /HIDEUI
mRun: [VerifyAfariaDownload] c:\program files\aflac\sng\VerifyAfariadownload.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\a2km\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\afaria~1.lnk - c:\program files\aclient\bin\XCGSTask.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Bluetooth Manager.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: streamlogics.com\webcast
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209153041266
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R0 CmgShieldCEF;CmgShieldCEF;c:\windows\system32\drivers\CMGShCEF.sys [2008-4-29 195128]
R0 CMGShieldReg;CMGShieldReg;c:\windows\system32\drivers\CmgShREG.sys [2008-4-29 89656]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-24 64288]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-4-25 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-4-25 35456]
R1 SafDskNT;SafDskNT;c:\windows\system32\drivers\SafDskNT.sys [2008-10-10 77824]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 CMGShield;CMGShield;c:\windows\system32\CmgShieldSvc.exe [2008-4-29 1103152]
R2 EMS;EMS;c:\windows\system32\EmsService.exe [2008-4-29 644400]
R2 hgfs;hgfs;c:\windows\system32\drivers\hgfs.sys [2008-4-25 92592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912]
R2 LGTO_Sync;Sync Driver;c:\windows\system32\drivers\lgtosync.sys [2008-4-25 36400]
R2 MsChkSvc;MsChkSvc;c:\windows\system32\Mschksvc.exe [2008-10-10 32768]
R2 MsWnetChk;MsWnetChk;c:\windows\system32\mswnetchk.exe [2008-10-10 122880]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R2 vmdesched-driver;vmdesched Descheduled Time Accounting Service [Driver];c:\windows\system32\drivers\vmdesched.sys [2007-10-8 26672]
R2 VMMEMCTL;VMware server memory controller;c:\program files\vmware\vmware tools\drivers\memctl\vmmemctl.sys [2007-10-8 15408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-31 102448]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2008-4-25 4864]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-8-22 41216]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20091129.002\naveng.sys [2009-11-29 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20091129.002\navex15.sys [2009-11-29 1323568]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S2 VMTools;VMware Tools Service;c:\program files\vmware\vmware tools\VMwareService.exe [2008-7-16 264752]
S3 CmgShieldNP;CmgShieldNP;c:\windows\system32\CmgShieldNP.dll [2008-4-29 156976]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-1-22 29824]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-1-22 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-1-22 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-1-22 59776]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]
S3 TPAutoConnSvc;TP AutoConnect Service;c:\program files\vmware\vmware tools\TPAutoConnSvc.exe [2007-10-8 294912]
S3 vmdesched;VMware Descheduled Time Accounting Service;c:\program files\vmware\vmware tools\vmdesched.exe [2007-10-8 51760]
S3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [2008-4-25 11696]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2008-4-25 62768]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-4-29 176896]
S4 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2008-5-6 17968]

=============== Created Last 30 ================

2009-11-29 21:36:33 0 -c--a-w- C:\dsn1002.ca
2009-11-24 01:01:00 0 d-s---w- c:\windows\system32\%APPDATA%
2009-11-22 22:56:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Research In Motion
2009-11-19 17:52:31 0 d-----w- c:\program files\DivX
2009-11-19 17:52:31 0 d-----w- c:\program files\common files\DivX Shared
2009-11-19 17:48:02 0 d-----w- c:\program files\uTorrent
2009-11-19 17:47:19 0 d-----w- c:\docume~1\a2km\applic~1\uTorrent
2009-11-18 23:54:16 0 d-----w- c:\docume~1\a2km\applic~1\Blackberry Desktop
2009-11-18 23:40:44 0 d-----w- c:\docume~1\a2km\applic~1\Research In Motion
2009-11-18 23:38:00 0 d-----w- c:\windows\Downloaded Installations
2009-11-18 23:36:39 0 d-----w- c:\program files\V CAST Music with Rhapsody
2009-11-14 00:47:32 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-04 19:11:38 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-04 19:08:20 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

==================== Find3M ====================

2009-11-14 00:49:00 129784 ------w- c:\windows\system32\PxAFS.DLL
2009-11-04 19:11:25 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-27 01:55:19 60744 ----a-w- c:\documents and settings\a2km\g2mdlhlpx.exe
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2008-10-10 13:58:51 143360 --sha-r- c:\windows\IdleProc.exe
2008-10-10 13:58:51 200704 --sha-r- c:\windows\MsCae32.dll
2008-10-10 13:58:51 172032 --sha-r- c:\windows\system32\MsChkSys.dll
2008-10-10 13:58:51 22528 --sha-r- c:\windows\system32\Optic32.dll
2008-10-10 13:58:51 176128 --sha-r- c:\windows\system32\SafPwd32.dll
2008-10-10 13:58:51 77824 --sha-r- c:\windows\system32\SdwChang.exe
2008-10-10 13:58:51 90112 --sha-r- c:\windows\system32\SdwCreat.exe
2008-10-10 13:58:51 77824 --sha-r- c:\windows\system32\SdwExpan.exe
2008-10-10 13:58:51 282624 --sha-r- c:\windows\system32\SdwLib.dll
2008-10-10 13:58:51 110592 --sha-r- c:\windows\system32\SdwMap32.exe
2008-10-10 13:58:51 77824 --sha-w- c:\windows\system32\drivers\SafDskNT.sys

============= FINISH: 17:08:19.48 ===============
 

Attachments

1 - 2 of 2 Posts
Status
Not open for further replies.
Top