Slow computer after service pack 2 install [CLOSED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Slow computer after service pack 2 install [CLOSED], here are my logs

Options

premo View Member Profile	Jun 21 2007, 05:33 PM Post #1
Member Posts: 16 OS: XP	Incident Status Location Adware:adware/ideskbar Not disinfected c:\windows\system32\drivers\zpmodemnt.sys Adware:adware/miamore Not disinfected c:\windows\system32\st3.dll Adware:adware/sbsoft Not disinfected c:\windows\rdt.ini Potentially unwanted tool:application/altnet Not disinfected c:\windows\smdat32a.sys Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32m.sys Potentially unwanted tool:application/need2find Not disinfected hkey_current_user\software\Need2Find Adware:adware/alexa-toolbar Not disinfected Windows Registry Potentially unwanted tool:application/kill&clean Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{BF69DF00-2734-477F-8257-27CD04F88779} Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\archive.jar-14e4bd35-63af1520.zip[BlackBox.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\archive.jar-14e4bd35-63af1520.zip[VerifierBug.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\archive.jar-14e4bd35-63af1520.zip[Dummy.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\archive.jar-14e4bd35-63af1520.zip[Beyond.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\archive.jar-14e4bd36-49578208.zip[BlackBox.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\archive.jar-14e4bd36-49578208.zip[VerifierBug.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\archive.jar-14e4bd36-49578208.zip[Dummy.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\archive.jar-14e4bd36-49578208.zip[Beyond.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\archive.jar-27b6d966-2c2c3f41.zip[BlackBox.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\archive.jar-27b6d966-2c2c3f41.zip[VerifierBug.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\archive.jar-27b6d966-2c2c3f41.zip[Dummy.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\archive.jar-27b6d966-2c2c3f41.zip[Beyond.class] Virus:Trj/Classloader.X Disinfected C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\counter.jar-6e32ec1-14a45717.zip[BB.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\counter.jar-6e32ec1-14a45717.zip[Dummy.class] Virus:Trojan Horse Disinfected C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\counter.jar-6e32ec1-14a45717.zip[VerifierBug.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\counter.jar-7271642a-11d42f43.zip[counter.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\counter.jar-7271642a-11d42f43.zip[Dummy.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\counter.jar-7271642a-11d42f43.zip[VerifierBug.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\counter.jar-7271642a-11d42f43.zip[Beyond.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\th.jar-1848e668-6a45a88e.zip[BlackBox.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\th.jar-1848e668-6a45a88e.zip[VerifierBug.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\th.jar-1848e668-6a45a88e.zip[Dummy.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\th.jar-1848e668-6a45a88e.zip[Beyond.class] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\al's computer\Cookies\al's computer@com[1].txt Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\archive.jar-14e4bd35-63af1520.zip[BlackBox.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\archive.jar-14e4bd35-63af1520.zip[VerifierBug.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\archive.jar-14e4bd35-63af1520.zip[Dummy.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\archive.jar-14e4bd35-63af1520.zip[Beyond.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\archive.jar-14e4bd36-49578208.zip[BlackBox.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\archive.jar-14e4bd36-49578208.zip[VerifierBug.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\archive.jar-14e4bd36-49578208.zip[Dummy.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\archive.jar-14e4bd36-49578208.zip[Beyond.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\archive.jar-27b6d966-2c2c3f41.zip[BlackBox.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\archive.jar-27b6d966-2c2c3f41.zip[VerifierBug.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\archive.jar-27b6d966-2c2c3f41.zip[Dummy.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\archive.jar-27b6d966-2c2c3f41.zip[Beyond.class] Virus:Trj/Classloader.X Disinfected C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\counter.jar-6e32ec1-14a45717.zip[BB.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\counter.jar-6e32ec1-14a45717.zip[Dummy.class] Virus:Trojan Horse Disinfected C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\counter.jar-6e32ec1-14a45717.zip[VerifierBug.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\counter.jar-7271642a-11d42f43.zip[counter.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\counter.jar-7271642a-11d42f43.zip[Dummy.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\counter.jar-7271642a-11d42f43.zip[VerifierBug.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\counter.jar-7271642a-11d42f43.zip[Beyond.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\th.jar-1848e668-6a45a88e.zip[BlackBox.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\th.jar-1848e668-6a45a88e.zip[VerifierBug.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\th.jar-1848e668-6a45a88e.zip[Dummy.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\th.jar-1848e668-6a45a88e.zip[Beyond.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-228d5c98-1141f986.zip[a.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-228d5c98-1141f986.zip[Dummy.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-228d5c98-1141f986.zip[VerifierBug.class] Virus:W32/Smitfraud.E Disinfected C:\WINDOWS\$NtUninstallKB834707-IE6-20040929.115007$\wininet.dll Logfile of HijackThis v1.99.1 Scan saved at 6:32:37 PM, on 6/21/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\ASF Agent\ASFAgent.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Dynex Wireless G Adapter\WLService.exe C:\Program Files\Dynex Wireless G Adapter\WLanCfgG.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R3 - URLSearchHook: (no name) - {16211ABD-E093-D269-202C-CAC6A315875D} - 321102.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [prgsys0984] AppMasterCenter.exe O4 - HKLM\..\Run: [ParisM] backorif.exe O4 - HKLM\..\Run: [34763] atl_helper.exe O4 - HKLM\..\Run: [Serviceprocess] corrida.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKCU\..\Run: [DCC_send] keybdll.exe O4 - HKCU\..\Run: [MONITER] zantu.exe O4 - HKCU\..\Run: [_ctcp] abrek.exe O4 - HKCU\..\Run: [cnftips] WTFCTF.exe O4 - HKCU\..\Run: [typeconf] newbreed.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?666f7a2222d64924916e5bf413b723d3 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?666f7a2222d64924916e5bf413b723d3 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://activation.rr.com/install/download/tgctlcm.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe O16 - DPF: {56C9629A-C33F-11D3-BBFB-00105A1FAD68} - http://www.eyetide.com/download//223/Eyetide%20Installer.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182215026592 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182215014264 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} - http://www.livemetallica.com/nugster/dlControl.CAB O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Dynex DX-WGDTC Service (Dynex DX-WGDTC WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Adapter\WLService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

sage5 View Member Profile	Jun 21 2007, 06:18 PM Post #2
RIP 10/2009 Posts: 2,646 From: NE Victoria, Australia OS: WinXp SP3	Hi premo, Welcome to Geeks to Go! My name is sage5, and I will be helping you with this problem. I need to do some research on the information you have provided, and will get back to you as soon as I can. Cheers, sage5 This post has been edited by sage5: Jun 22 2007, 12:33 AM

sage5 View Member Profile	Jun 22 2007, 12:33 AM Post #3
RIP 10/2009 Posts: 2,646 From: NE Victoria, Australia OS: WinXp SP3	Hi premo, Let's make a start on this clean up operation. 1. Please download the OTMoveIt by OldTimer and save it to your Desktop. Do Not run the program yet. Do Not run the program yet. 2. Please download Deckard's System Scanner and save it to your Desktop. 3. Please download FixWareout from one of these sites: Here or Here and save it to your desktop. Run Fixwareout.exe: Double click on Fixwareout.exe to run it. Click Next, then Install, make sure Run fixit is checked and click Finish. The fix will then begin & you need to follow the prompts. You will be asked to reboot your computer; please do so. Note: Your system may take longer than usual to load; this is normal. Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved. Finally, please post the contents of the text file (it will be at C:\fixwareout\report.txt), in your next post. Delete files & folders: Please double-click OTMoveIt.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy): c:\windows\system32\st3.dll c:\windows\rdt.ini c:\windows\smdat32a.sys c:\windows\smdat32m.sys c:\windows\system32\drivers\zpmodemnt.sys C:\WINDOWS\$NtUninstallKB834707-IE6-20040929.115007$\wininet.dll C:\WINDOWS\system32\st3.dll Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste. Click the red Moveit! button. Open Notepad Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy). Paste the text into the Notepad file, click in the window and press Ctrl + V. Click "Exit" to close OTMoveIt. Save the text file as C:\otmove.txt (If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.) Run HijackThis. Click the Do a system scan only button. Check the boxes for the all the entries listed below: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R3 - URLSearchHook: (no name) - {16211ABD-E093-D269-202C-CAC6A315875D} - 321102.dll (file missing) O4 - HKLM\..\Run: [prgsys0984] AppMasterCenter.exe O4 - HKLM\..\Run: [ParisM] backorif.exe O4 - HKLM\..\Run: [34763] atl_helper.exe O4 - HKLM\..\Run: [Serviceprocess] corrida.exe O4 - HKCU\..\Run: [DCC_send] keybdll.exe O4 - HKCU\..\Run: [MONITER] zantu.exe O4 - HKCU\..\Run: [_ctcp] abrek.exe O4 - HKCU\..\Run: [cnftips] WTFCTF.exe O4 - HKCU\..\Run: [typeconf] newbreed.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll Now close all windows other than HijackThis and click Fix Checked. Close HijackThis. Your log shows you are not running Anti-virus or Firewall software. These are essential items and need to be loaded before we can continue fixing your PC. I have listed a couple of free versions of both. Please download and install 1 Anti-virus and 1 Firewall. Firewalls: Please install one only. Comodo Firewall Pro or Kerio Anti-virus: Please install one only: AVG Free Edition or AntiVir PersonalEdition Classic The Anti-Virus you choose will ask you to perform a system scan during installation, follow the prompts, and allow the scan. I will ask you to send me a copy of the scan report in my next post. The Deckard's logs below will confirm correct installation of the Anti-virus and Firewall programs. Run Deckard's System Scanner: Close all other windows before proceeding. Double click on the dss.exe file on your Desktop and follow the prompts. Scans will run, and 2 text files will open in Notepad. Close both of the text files. These files are C:\Deckard\System Scanner\main.txt & extra.txt. I will need you to copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt into your next reply. Also include the text from C:\otmove.txt and C:\fixwareout\report.txt Please include a note to tell me how your PC is running now. Cheers, sage5

premo View Member Profile	Jun 22 2007, 02:48 PM Post #4
Member Posts: 16 OS: XP	Computer is running good. I installed firewall and antivirus. havent run the last scan yet. here are the reports i have so far. LoadLibrary failed for c:\windows\system32\st3.dll c:\windows\system32\st3.dll NOT unregistered. c:\windows\system32\st3.dll moved successfully. File/Folder c:\windows\rdt.ini not found. c:\windows\smdat32a.sys moved successfully. c:\windows\smdat32m.sys moved successfully. File/Folder c:\windows\system32\drivers\zpmodemnt.sys not found. DllUnregisterServer procedure not found in C:\WINDOWS\$NtUninstallKB834707-IE6-20040929.115007$\wininet.dll C:\WINDOWS\$NtUninstallKB834707-IE6-20040929.115007$\wininet.dll NOT unregistered. C:\WINDOWS\$NtUninstallKB834707-IE6-20040929.115007$\wininet.dll moved successfully. File/Folder C:\WINDOWS\system32\st3.dll not found. Created on 06/22/2007 12:45:46 Fixwareout Last edited 6/20/2007 Post this report in the forums please ... ��Prerun check Successfully flushed the DNS Resolver Cache. System was rebooted successfully. �� Postrun check .... HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "xedocne" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "gib_ogol" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "repiwoh" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "llun" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "23plhps" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "mgcppp" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "tesvaf" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "golmedi" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "32refaselif" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "putesprpgd" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "nlcalik" Deleted .... �� Misc files. C:\Documents and Settings\al's computer\Application Data\Install.dat Deleted C:\Documents and Settings\al's computer\Application Data\kc.tmp Deleted C:\Documents and Settings\al's computer\3.dat Deleted C:\WINDOWS\RDT.INI Deleted C:\WINDOWS\System32\close.bmp Deleted C:\WINDOWS\System32\dating.bmp Deleted C:\WINDOWS\System32\drivers\zpmodemnt.sys Deleted C:\WINDOWS\System32\gambling.bmp Deleted C:\WINDOWS\System32\idesk.conf Deleted C:\WINDOWS\System32\insurance.bmp Deleted C:\WINDOWS\System32\pharmacy.bmp Deleted C:\WINDOWS\System32\spyware.bmp Deleted C:\WINDOWS\System32\winctrl16.exe Deleted C:\WINDOWS\System32\xxx.bmp Deleted .... �� Checking for older varients. .... Search five digit cs, dm, kd, jb, other, files. The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection. Click browse, find the file then click submit. http://www.virustotal.com/flash/index_en.html Or http://virusscan.jotti.org/ �� Other �� Current runs [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe" "AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\"" "Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe" "HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe" "prgsys0984"="AppMasterCenter.exe" "ParisM"="backorif.exe" "34763"="atl_helper.exe" "Serviceprocess"="corrida.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DCC_send"="keybdll.exe" "MONITER"="zantu.exe" "_ctcp"="abrek.exe" "cnftips"="WTFCTF.exe" "typeconf"="newbreed.exe" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" .... Hosts file was reset, If you use a custom hosts file please replace it �� End report ��

sage5 View Member Profile	Jun 22 2007, 11:23 PM Post #5
RIP 10/2009 Posts: 2,646 From: NE Victoria, Australia OS: WinXp SP3	Hi premo, Good job so far. When you get that last scan done, please post it back to this thread as a new reply. When I have that information we will be ready to proceed, with the clean up. Cheers, sage5

premo View Member Profile	Jun 24 2007, 06:39 PM Post #6
Member Posts: 16 OS: XP	here is the deckard scans: Deckard's System Scanner v20070611.50 Run by al's computer on 2007-06-24 at 19:28:57 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 4 Restore Point(s) -- 4: 2007-06-25 00:29:35 UTC - RP415 - Deckard's System Scanner Restore Point 3: 2007-06-22 20:53:47 UTC - RP414 - Software Distribution Service 3.0 2: 2007-06-22 18:15:19 UTC - RP413 - Installed AVG 7.5 1: 2007-06-22 00:01:02 UTC - RP412 - Software Distribution Service 3.0 Backed up registry hives. Performed disk cleanup. -- HijackThis (run as al's computer.exe) --------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 7:31:28 PM, on 6/24/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\ASF Agent\ASFAgent.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\Dynex Wireless G Adapter\WLService.exe C:\Program Files\Dynex Wireless G Adapter\WLanCfgG.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Documents and Settings\al's computer\Desktop\Shortcuts for fixes\dss.exe C:\PROGRA~1\HIJACK~1\al's computer.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?666f7a2222d64924916e5bf413b723d3 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?666f7a2222d64924916e5bf413b723d3 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://activation.rr.com/install/download/tgctlcm.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe O16 - DPF: {56C9629A-C33F-11D3-BBFB-00105A1FAD68} - http://www.eyetide.com/download//223/Eyetide%20Installer.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182215026592 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182215014264 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} - http://www.livemetallica.com/nugster/dlControl.CAB O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Dynex DX-WGDTC Service (Dynex DX-WGDTC WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Adapter\WLService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe -- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) -------------------- backup-20070622-125508-169 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR backup-20070622-125508-198 O4 - HKLM\..\Run: [ParisM] backorif.exe backup-20070622-125508-354 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL backup-20070622-125508-397 O4 - HKLM\..\Run: [34763] atl_helper.exe backup-20070622-125508-433 O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll (file missing) backup-20070622-125508-441 O4 - HKCU\..\Run: [MONITER] zantu.exe backup-20070622-125508-488 O4 - HKCU\..\Run: [DCC_send] keybdll.exe backup-20070622-125508-601 O4 - HKCU\..\Run: [typeconf] newbreed.exe backup-20070622-125508-683 O4 - HKCU\..\Run: [_ctcp] abrek.exe backup-20070622-125508-774 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR backup-20070622-125508-813 O4 - HKLM\..\Run: [Serviceprocess] corrida.exe backup-20070622-125508-931 O4 - HKLM\..\Run: [prgsys0984] AppMasterCenter.exe backup-20070622-125508-937 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL backup-20070622-125508-958 O4 - HKCU\..\Run: [cnftips] WTFCTF.exe backup-20070622-125508-984 R3 - URLSearchHook: (no name) - {16211ABD-E093-D269-202C-CAC6A315875D} - 321102.dll (file missing) backup-20070622-125508-994 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver> R1 papycpu2 - c:\windows\system32\drivers\papycpu2.sys R1 papyjoy - c:\windows\system32\drivers\papyjoy.sys R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9> R2 NetAlrt - c:\windows\system32\drivers\netalrt.sys <Not Verified; Intel Corporation; Intel Alert on LAN� 2> R2 PlatAlrt - c:\windows\system32\drivers\platalrt.sys <Not Verified; Intel Corporation; Intel Alert on LAN� 2> R3 AR5211 (Dynex Wireless G Adapter Service) - c:\windows\system32\drivers\ar5211.sys <Not Verified; Atheros Communications, Inc.; Atheros AR5001 Wireless Network Adapter> R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S2 ZPMODEMSYSNTDRVNT - c:\windows\system32\drivers\zpmodemnt.sys (file missing) S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys S3 NMSCFG (NIC Management Service Configuration Driver) - c:\windows\system32\drivers\nmscfg.sys <Not Verified; Intel Corporation; Intel® NMSCFG Driver> S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware> S3 TLA13 - c:\docume~1\alex\locals~1\temp\user.bak (file missing) S3 W8100PCI (D-Link AirPlus G Wireless Driver) - c:\windows\system32\drivers\mrv8k51.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11 NIC> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 ASFAgent (ASF Agent) - c:\program files\intel\asf agent\asfagent.exe <Not Verified; Intel Corporation; Intel� PRO Alerting Suite ASF 1.0 Compatible> R2 Dynex DX-WGDTC WLService (Dynex DX-WGDTC Service) - c:\program files\dynex wireless g adapter\wlservice.exe S3 NMSSvc (Intel® NMS) - c:\windows\system32\nmssvc.exe <Not Verified; Intel Corporation; NMS> -- Scheduled Tasks ------------------------------------------------------------- 2007-06-24 19:18:05 270 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job 2007-06-20 14:56:11 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2007-05-24 and 2007-06-24 ----------------------------- 2007-06-22 15:38:00 0 dr-h----- C:\$VAULT$.AVG 2007-06-22 13:17:09 0 d-------- C:\Documents and Settings\al's computer\Application Data\AVG7 2007-06-22 13:16:29 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-06-22 13:15:20 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7 2007-06-22 13:03:55 0 d-------- C:\Documents and Settings\al's computer\Application Data\Comodo 2007-06-22 13:03:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo 2007-06-22 12:59:36 0 d-------- C:\Program Files\Comodo 2007-06-22 12:30:13 8313 --a------ C:\dnsbak.reg 2007-06-21 18:04:36 0 dr-h----- C:\Documents and Settings\al's computer\Recent 2007-06-21 18:03:04 0 d-------- C:\Program Files\CCleaner 2007-06-21 14:00:42 0 d-------- C:\c532c1cf0a3e3fd7fffef35f1634 2007-06-21 13:59:31 0 d-------- C:\WINDOWS\system32\PreInstall 2007-06-21 13:59:25 0 d--h----- C:\WINDOWS\$hf_mig$ 2007-06-21 13:45:54 0 d-------- C:\Documents and Settings\LocalService\Start Menu 2007-06-21 13:40:56 0 d-------- C:\WINDOWS\Prefetch 2007-06-21 13:27:00 0 d-------- C:\WINDOWS\peernet 2007-06-21 13:26:54 0 d-------- C:\WINDOWS\provisioning 2007-06-21 13:17:14 0 d-------- C:\WINDOWS\ServicePackFiles 2007-06-20 18:40:17 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-06-20 17:31:16 0 --a------ C:\WINDOWS\ORUN32.EXE 2007-06-20 17:31:10 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE 2007-06-20 17:12:28 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-06-20 17:11:17 0 d-------- C:\Program Files\SUPERAntiSpyware 2007-06-20 17:11:16 0 d-------- C:\Documents and Settings\al's computer\Application Data\SUPERAntiSpyware.com 2007-06-20 17:06:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-06-20 15:20:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft 2007-06-20 15:15:00 0 d-------- C:\Documents and Settings\al's computer\Application Data\Grisoft 2007-06-20 15:13:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-06-20 13:16:27 0 d-------- C:\Program Files\iTunes 2007-06-20 13:11:24 0 d-------- C:\Program Files\Apple Software Update 2007-06-19 16:05:39 0 d-------- C:\Documents and Settings\al's computer\Contacts 2007-06-19 16:03:07 0 d-------- C:\Program Files\Windows Live Favorites 2007-06-19 16:02:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2007-06-19 16:01:40 0 d-------- C:\Program Files\Windows Live Toolbar 2007-06-19 15:59:27 0 d------c- C:\WINDOWS\system32\DRVSTORE 2007-06-18 19:33:12 15781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9> 2007-06-18 19:30:49 40960 --a------ C:\WINDOWS\system32\WGDTC.dll 2007-06-18 19:30:48 395616 --a------ C:\WINDOWS\system32\drivers\ar5211.sys <Not Verified; Atheros Communications, Inc.; Atheros AR5001 Wireless Network Adapter> 2007-06-18 19:30:37 0 d-------- C:\Program Files\Dynex Wireless G Adapter 2007-06-18 14:45:16 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll 2007-06-18 14:45:15 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> -- Find3M Report --------------------------------------------------------------- 2007-06-21 19:07:16 0 d-------- C:\Program Files\Messenger 2007-06-21 14:35:42 0 d-------- C:\Program Files\Java 2007-06-21 14:33:36 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-06-21 13:27:05 0 d-------- C:\Program Files\Movie Maker 2007-06-21 13:15:34 0 d-------- C:\Program Files\Windows NT 2007-06-20 23:42:36 0 d-------- C:\Program Files\Common Files\Adobe 2007-06-20 18:49:25 0 d-------- C:\Program Files\QuickTime 2007-06-20 15:03:15 0 d-------- C:\Program Files\LimeWire 2007-06-20 13:17:15 0 d-------- C:\Program Files\iPod 2007-06-19 16:02:20 0 d-------- C:\Program Files\Real 2007-06-19 16:00:28 0 d-------- C:\Program Files\MSN Messenger 2007-04-30 03:54:34 0 d-------- C:\Documents and Settings\al's computer\Application Data\U3 -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\Windows Live Toolbar\msntb.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe" "AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\"" "Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe" "HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source REG_SZ http://content1.peachesfantasy.com/metsusy/02.jpg [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 -- End of Deckard's System Scanner: finished at 2007-06-24 at 19:33:25 --------- Deckard's System Scanner v20070611.50 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel® Pentium® 4 CPU 2.00GHz Percentage of Memory in Use: 73% Physical Memory (total/avail): 254 MiB / 66.17 MiB Pagefile Memory (total/avail): 624.89 MiB / 366.74 MiB Virtual Memory (total/avail): 2047.88 MiB / 1966.76 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 37.24 GiB total, 8.11 GiB free. D: is CDROM (No Media) -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FW: COMODO Firewall Pro v2.3.035 (COMODO) AV: AVG 7.5.472 v7.5.472 (GRISOFT) [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe::Enabled:BitTorrent" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\al's computer\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=DCWYCN11 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\al's computer LOGONSERVER=\\DCWYCN11 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0204 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\AL'SCO~1\LOCALS~1\Temp TMP=C:\DOCUME~1\AL'SCO~1\LOCALS~1\Temp USERDOMAIN=DCWYCN11 USERNAME=al's computer USERPROFILE=C:\Documents and Settings\al's computer windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Alex (admin)* al's computer (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5} AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe BitTorrent 5.0.6 --> "C:\Program Files\BitTorrent\uninstall.exe" CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" COMODO Firewall Pro --> C:\Program Files\Comodo\Firewall\fwconfig.exe -uninstalln DesignWorkshop Lite --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\DesignWorkshop Lite\Uninst.isu" Dynex Wireless G Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0FD97B19-0764-4BF8-B500-88AAF0F6DED4}\Setup.exe" -l0x9 Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0} ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{F5AF5CDA-76FC-4794-9F28-09B6D54E7431} GameSpot Download Manager 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchiSetup -ether"C:\Program Files\InstallShield Installation Information\{677CB91B-5756-41F1-9EBB-1E29025B96CF}" /ku /kp /kc Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe" HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall hp deskjet 920c series --> rundll32 hpzcon04.dll,VendorJettison hp deskjet 920c series hp deskjet 920c series (Remove only) --> C:\Program Files\hp deskjet 920c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=920c -huninstall Intel® PRO Ethernet Adapter and Software --> Prounstl.exe Intel® PROSet II --> MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4} Intel� Pro Alerting Agent, Version 3.0.0 --> MsiExec.exe /I{6797B492-3814-4129-AD07-C727D23FB5BF} Intel� PRO Network Adapters WMI Provider (2.0) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C701994-43D2-4B7B-A548-C6E6C224D9A9}\setup.exe" iPod for Windows 2005-10-12 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033 iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033 iPod Update 2004-04-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E6696A8C-C55A-405C-AFEB-F3880A8BAA45} /l1033 iTunes --> MsiExec.exe /I{553E56C3-7AA1-45FE-A2FC-2C43DC27F765} J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030} J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040} J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Kazaa Media Desktop 2.1.1 --> RunDll32 C:\WINDOWS\System32\cd_clint.dll,ServiceRunDll u_291 "{FA89A7AC-EABF-4D73-B19F-0C3D858D24EF}" Map Button (Windows Live Toolbar) --> MsiExec.exe /X{ECDA9BD9-A54E-462A-8191-A2B569D9AB34} Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9} Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9} Microsoft Picture It! Photo 2002 --> MsiExec.exe /I{C769A271-7E1C-48F9-B331-474600DD4C06} Microsoft Works 2002 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe D:\ Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" ControlPanel Mozilla Firefox (1.5.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.12 (en-US)" OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7} Panda ActiveScan --> C:\WINDOWS\System32\ASUninst.exe Panda ActiveScan Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{117CD9C0-0F15-4633-93D7-F957B50535A5} QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328} Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9} Road Runner Medic 5.3 --> C:\WINDOWS\unins000.exe Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{95FC661A-A0C5-4B18-92CE-90347DA79CC9} SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Tabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{1707BF02-0F5C-4A6C-8F17-053BB73E443F} Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe" Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B} Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{A40D6757-B145-4FE7-B694-89180A9F3F64} Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7} Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {DA0FFF7B-DA9D-46A2-A329-87804ECA58EA} Windows Live Toolbar --> MsiExec.exe /X{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA} Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{3727B920-F5A3-46A4-AC02-94F421A039C7} Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{38024121-D084-4E7D-B1A2-1A04CB5C4CF3} -- End of Deckard's System Scanner: finished at 2007-06-24 at 19:33:25 ---------

sage5 View Member Profile	Jun 25 2007, 12:27 AM Post #7
RIP 10/2009 Posts: 2,646 From: NE Victoria, Australia OS: WinXp SP3	Hi premo, We are nearly done here. Delete bad services: Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it to your desktop, make sure the file type is All File and name it FixServices.bat CODE @echo off sc stop ZPMODEMSYSNTDRVNT sc stop TLA13 sc delete ZPMODEMSYSNTDRVNT sc delete TLA13 exit Double click FixServices.bat. A window will open and close. This is normal. Run & setup AVG Anti-Spyware: On the main screen select Update then select the Update now link. Next select the Start Update button, the update will start and a progress bar will show the updates being installed. Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab. Once in the Settings screen click on Recommended actions and then select Quarantine. Under Reports Select Automatically generate report after every scan Un-Select Only if threats were found Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly. Reboot your computer into SafeMode. Restart your computer and tap the F8 key, repeatedly until a menu appears. Use your up arrow key to highlight SafeMode then hit enter. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess: Lauch AVG Anti-Spyware by double-clicking the icon on your desktop. Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time. Once the scan is complete do the following: If you have any infections you will prompted, then select Apply all actions Next select the Reports icon at the top. Select the Save report as button in the lower left hand of the screen and save it to a text file on your system. (It is important to remember where you save this file, I suggest C:\avg_as.txt) Close AVG Anti-Spyware Optional Removals: I see you have BitTorrent & Kazaa Media Desktop installed on your system. While these programs are legal, most of the files downloaded with them, are not. These programs can also be one of the major infection routes for an otherwise secure PC, because you might be unknowingly downloading infected files. I highly recommend uninstalling insert name here as outlined below. Remove Optionals: Please go to Start > Control Panel > Add/Remove Programs and remove the following, (if present): BitTorrent 5.0.6 Kazaa Media Desktop 2.1.1 Please take note of any other programs that you don't recognise in that list, and include them in your next response Using Windows Explorer, (to get there right-click your Start button and go to "Explore"), delete these folders, (if present): C:\Program Files\BitTorrent (any folder containg "BitTorrent") C:\Program Files\Kazaa (any folder containing "Kazaa") Shut down & Reboot normally: AVG Antis-Virus: Please open AVG Anti-Virus and go to the Test Centre Page. In the left column, click the Test Results button Open the Test Result that corresponds to the Full Scan done when you loaded the program. Save the text as C:\avg_av.txt Updating Java and Clearing Cache: Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel. It will say "Java Plug-in" under the icon. Please find the update button or tab in the Java Control Panel. Update your Java then reboot. If you are unable to update you can manually update by going here: http://www.java.com/en/download/manual.jsp After the reboot, go back into the Control Panel and double-click the Java Icon. Under Temporary Internet Files, click the Delete Files button. There are three options in the window to clear the cache - Leave ALL 3 Checked Downloaded Applets Downloaded Applications Other Files Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel. Shut down & Reboot normally: Run HijackThis again: Select the Run a system scan and save a logfile button. The logfile will open in Notepad. Start your Web Browser and navigate back to this thread. Click the Add Reply button Copy and Paste the text into the Reply window. Also please include the text from the following: C:\avg_as.txt C:\avg_av.txt Please include a note to tell me how your PC is running now. Cheers, sage5

premo View Member Profile	Jun 25 2007, 05:08 PM Post #8
Member Posts: 16 OS: XP	alright, here are the things you wanted posted. my computer is still taking a long time to turn on and when the desktop finally appears, it takes a long time to load and opens things slowly unless i let it be for five to ten minutes. otherwise it is running ok. i noticed that i only have 8 gb left on my c-drive out of 37. i don't download a lot of stuff or programs on my computer so this i find strange. could this be part of the problem? --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 3:16:53 PM 6/25/2007 + Scan result: HKLM\SOFTWARE\PSGuard.com -> Adware.PSGuard : Error during cleaning. HKLM\SOFTWARE\PSGuard.com\PSGuard -> Adware.PSGuard : Error during cleaning. HKLM\SOFTWARE\PSGuard.com\PSGuard\P.S.Guard -> Adware.PSGuard : Error during cleaning. HKLM\SOFTWARE\PSGuard.com\PSGuard\P.S.Guard\License -> Adware.PSGuard : Cleaned with backup (quarantined). C:\Documents and Settings\al's computer\Cookies\al's_computer@4.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\al's computer\Cookies\al's_computer@4.adbrite[3].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\al's computer\Cookies\al's_computer@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\al's computer\Cookies\al's_computer@adbrite[4].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\al's computer\Cookies\al's_computer@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\al's computer\Cookies\al's_computer@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\al's computer\Cookies\al's_computer@search.msn[2].txt -> TrackingCookie.Msn : Cleaned. C:\Documents and Settings\al's computer\Cookies\al's_computer@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned. C:\Documents and Settings\al's computer\Cookies\al's_computer@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned. C:\Documents and Settings\al's computer\Cookies\al's_computer@revsci[1].txt -> TrackingCookie.Revsci : Cleaned. C:\Documents and Settings\al's computer\Cookies\al's_computer@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned. C:\Documents and Settings\al's computer\Cookies\al's_computer@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\al's computer\Cookies\al's_computer@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned. ::Report end "General properties","" "Report name","Complete Test" "Start time","6/22/2007 1:18:38 PM" "End time","6/22/2007 3:37:54 PM (total: 2:19:14.6 hrs)" "Launch method","Scanning launched manually" "Scanning result","Threats found" "Report status","Scanning completed successfully" " ","" "Object summary","" "Scanned","131276" "Threats Found","28" "Cleaned","0" "Moved to vault","11" "Deleted","0" "Errors","0" "C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\archive.jar-14e4bd35-63af1520.zip:\BlackBox.class","Virus identified Java/ByteVerify","Infected, Embedded object, Deleted" "C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\archive.jar-14e4bd35-63af1520.zip:\VerifierBug.class","Virus identified Java/ByteVerify","Infected, Embedded object, Deleted" "C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\archive.jar-14e4bd35-63af1520.zip:\Beyond.class","Virus identified Java/ByteVerify","Infected, Embedded object, Deleted" "C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\archive.jar-14e4bd36-49578208.zip:\BlackBox.class","Virus identified Java/ByteVerify","Infected, Embedded object, Deleted" "C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\archive.jar-14e4bd36-49578208.zip:\VerifierBug.class","Virus identified Java/ByteVerify","Infected, Embedded object, Deleted" "C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\archive.jar-14e4bd36-49578208.zip:\Beyond.class","Virus identified Java/ByteVerify","Infected, Embedded object, Deleted" "C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\archive.jar-27b6d966-2c2c3f41.zip:\BlackBox.class","Virus identified Java/ByteVerify","Infected, Embedded object, Deleted" "C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\archive.jar-27b6d966-2c2c3f41.zip:\VerifierBug.class","Virus identified Java/ByteVerify","Infected, Embedded object, Deleted" "C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\archive.jar-27b6d966-2c2c3f41.zip:\Beyond.class","Virus identified Java/ByteVerify","Infected, Embedded object, Deleted" "C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\counter.jar-7271642a-11d42f43.zip:\counter.class","Virus identified Java/ByteVerify","Infected, Embedded object, Deleted" "C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\counter.jar-7271642a-11d42f43.zip:\VerifierBug.class","Virus identified Java/ByteVerify","Infected, Embedded object, Deleted" "C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\th.jar-1848e668-6a45a88e.zip:\BlackBox.class","Virus identified Java/ByteVerify","Infected, Embedded object, Deleted" "C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\th.jar-1848e668-6a45a88e.zip:\VerifierBug.class","Virus identified Java/ByteVerify","Infected, Embedded object, Deleted" "C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\archive.jar-14e4bd35-63af1520.zip:\BlackBox.class","Virus identified Java/ByteVerify","Infected, Embedded object, Deleted" "C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\archive.jar-14e4bd35-63af1520.zip:\VerifierBug.class","Virus identified Java/ByteVerify","Infected, Embedded object, Deleted" "C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\archive.jar-14e4bd35-63af1520.zip:\Beyond.class","Virus identified Java/ByteVerify","Infected, Embedded object, Deleted" "C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\archive.jar-14e4bd36-49578208.zip:\BlackBox.class","Virus identified Java/ByteVerify","Infected, Embedded object, Deleted" "C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\archive.jar-14e4bd36-49578208.zip:\VerifierBug.class","Virus identified Java/ByteVerify","Infected, Embedded object, Deleted" "C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\archive.jar-14e4bd36-49578208.zip:\Beyond.class","Virus identified Java/ByteVerify","Infected, Embedded object, Deleted" "C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\archive.jar-27b6d966-2c2c3f41.zip:\BlackBox.class","Virus identified Java/ByteVerify","Infected, Embedded object, Deleted" "C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\archive.jar-27b6d966-2c2c3f41.zip:\VerifierBug.class","Virus identified Java/ByteVerify","Infected, Embedded object, Deleted" "C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\archive.jar-27b6d966-2c2c3f41.zip:\Beyond.class","Virus identified Java/ByteVerify","Infected, Embedded object, Deleted" "C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\counter.jar-7271642a-11d42f43.zip:\counter.class","Virus identified Java/ByteVerify","Infected, Embedded object, Deleted" "C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\counter.jar-7271642a-11d42f43.zip:\VerifierBug.class","Virus identified Java/ByteVerify","Infected, Embedded object, Deleted" "C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\th.jar-1848e668-6a45a88e.zip:\BlackBox.class","Virus identified Java/ByteVerify","Infected, Embedded object, Deleted" "C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\th.jar-1848e668-6a45a88e.zip:\VerifierBug.class","Virus identified Java/ByteVerify","Infected, Embedded object, Deleted" "C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-228d5c98-1141f986.zip:\a.class","Virus identified Java/ByteVerify","Infected, Embedded object, Deleted" "C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-228d5c98-1141f986.zip:\VerifierBug.class","Virus identified Java/ByteVerify","Infected, Embedded object, Deleted" "C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\archive.jar-14e4bd35-63af1520.zip","","Moved to Vault, Archive" "C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\archive.jar-14e4bd36-49578208.zip","","Moved to Vault, Archive" "C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\archive.jar-27b6d966-2c2c3f41.zip","","Moved to Vault, Archive" "C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\counter.jar-7271642a-11d42f43.zip","","Moved to Vault, Archive" "C:\Documents and Settings\al's computer\.jpi_cache\jar\1.0\th.jar-1848e668-6a45a88e.zip","","Moved to Vault, Archive" "C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\archive.jar-14e4bd35-63af1520.zip","","Moved to Vault, Archive" "C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\archive.jar-14e4bd36-49578208.zip","","Moved to Vault, Archive" "C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\archive.jar-27b6d966-2c2c3f41.zip","","Moved to Vault, Archive" "C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\counter.jar-7271642a-11d42f43.zip","","Moved to Vault, Archive" "C:\Documents and Settings\Alex\.jpi_cache\jar\1.0\th.jar-1848e668-6a45a88e.zip","","Moved to Vault, Archive" "C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-228d5c98-1141f986.zip","","Moved to Vault, Archive" Logfile of HijackThis v1.99.1 Scan saved at 6:02:27 PM, on 6/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Intel\ASF Agent\ASFAgent.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\Dynex Wireless G Adapter\WLService.exe C:\Program Files\Dynex Wireless G Adapter\WLanCfgG.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?666f7a2222d64924916e5bf413b723d3 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?666f7a2222d64924916e5bf413b723d3 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://activation.rr.com/install/download/tgctlcm.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe O16 - DPF: {56C9629A-C33F-11D3-BBFB-00105A1FAD68} - http://www.eyetide.com/download//223/Eyetide%20Installer.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182215026592 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182215014264 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} - http://www.livemetallica.com/nugster/dlControl.CAB O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Dynex DX-WGDTC Service (Dynex DX-WGDTC WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Adapter\WLService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

sage5 View Member Profile	Jun 26 2007, 07:20 PM Post #9
RIP 10/2009 Posts: 2,646 From: NE Victoria, Australia OS: WinXp SP3	Hi premo, As well as deleting the files below, can you go to Start > Control Panel > Add/Remove Programs and remove any software which you either do not recognise, or are not using. Do you use any Sierra car/bike racing software? I have 2 listings for drivers loading, which are linked to Sierra software. If you do not use this, we can get rid of those drivers as well. Delete files & folders: Please double-click OTMoveIt.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy): C:\dnsbak.reg C:\WINDOWS\ORUN32.EXE C:\WINDOWS\system32\CMMGR32.EXE C:\Windows\System32\backorif.exe C:\Windows\System32\atl_helper.exe C:\Windows\System32\zantu.exe C:\Windows\System32\corrida.exe C:\WINDOWS\system32\CMMGR32.EXE C:\Windows\System32\WTFCTF.exe C:\Windows\System32\AppMasterCenter.exe C:\Windows\System32\abrek.exe C:\Windows\System32\newbreed.exe C:\Windows\System32\keybdll.exe C:\WINDOWS\system32\WGDTC.dll C:\WINDOWS\system32\321102.dll Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste. Click the red Moveit! button. Open Notepad Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy). Paste the text into the Notepad file, click in the window and press Ctrl + V. Click "Exit" to close OTMoveIt. Save the text file as C:\otmove2.txt (If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.) Create a Startup List: Open HiJackThis Click on the Open Misc Tools Section button. Check the 2 boxes next to the Generate StartupList log button. Now click on the Generate StartupList log button. NotePad will open a new window. Copy and paste the text from the log into your next post. Also, please include the text from C:\otmove2.txt Cheers, sage5

premo View Member Profile	Jun 26 2007, 09:30 PM Post #10
Member Posts: 16 OS: XP	I don't use a program called sierra so deleting it is fine. here are the two logs you wanted. C:\dnsbak.reg moved successfully. C:\WINDOWS\ORUN32.EXE moved successfully. C:\WINDOWS\system32\CMMGR32.EXE moved successfully. File/Folder C:\Windows\System32\backorif.exe not found. File/Folder C:\Windows\System32\atl_helper.exe not found. File/Folder C:\Windows\System32\zantu.exe not found. File/Folder C:\Windows\System32\corrida.exe not found. File/Folder C:\WINDOWS\system32\CMMGR32.EXE not found. File/Folder C:\Windows\System32\WTFCTF.exe not found. File/Folder C:\Windows\System32\AppMasterCenter.exe not found. File/Folder C:\Windows\System32\abrek.exe not found. File/Folder C:\Windows\System32\newbreed.exe not found. File/Folder C:\Windows\System32\keybdll.exe not found. DllUnregisterServer procedure not found in C:\WINDOWS\system32\WGDTC.dll C:\WINDOWS\system32\WGDTC.dll NOT unregistered. C:\WINDOWS\system32\WGDTC.dll moved successfully. File/Folder C:\WINDOWS\system32\321102.dll not found. Created on 06/26/2007 22:24:49 StartupList report, 6/26/2007, 10:26:44 PM StartupList version: 1.52.2 Started from : C:\Program Files\Hijackthis\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v7.00 (7.00.6000.16473) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\ASF Agent\ASFAgent.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Dynex Wireless G Adapter\WLService.exe C:\Program Files\Dynex Wireless G Adapter\WLanCfgG.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijackthis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\al's computer\Start Menu\Programs\Startup] No files Shell folders AltStartup: Folder not found User shell folders Startup: Folder not found User shell folders AltStartup: Folder not found Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE Microsoft Works Calendar Reminders.lnk = ? Shell folders Common AltStartup: Folder not found User shell folders Common Startup: Folder not found User shell folders Alternate Common Startup: Folder not found -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] Registry key not found [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] Registry value not found [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] Registry key not found -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe AdaptecDirectCD = "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" Microsoft Works Update Detection = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" COMODO Firewall Pro = "C:\Program Files\Comodo\Firewall\CPF.exe" /background AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce No values found -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx No values found -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices Registry key not found -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Registry key not found -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce No values found -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx Registry key not found -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices Registry key not found -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Registry key not found -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run Registry key not found -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run Registry key not found -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] No values found -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce No subkeys found -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx No subkeys found -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices Registry key not found -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Registry key not found -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run No subkeys found -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce No subkeys found -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx Registry key not found -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices Registry key not found -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Registry key not found -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run Registry key not found -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run Registry key not found -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\system32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] * StubPath = C:\WINDOWS\system32\ieudinit.exe [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\INF\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps Registry key not found -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=INI section not found run=INI section not found Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=Registry value not found HKLM\..\Windows NT\CurrentVersion\WinLogon: run=Registry value not found HKLM\..\Windows\CurrentVersion\WinLogon: load=Registry key not found HKLM\..\Windows\CurrentVersion\WinLogon: run=Registry key not found HKCU\..\Windows NT\CurrentVersion\WinLogon: load=Registry value not found HKCU\..\Windows NT\CurrentVersion\WinLogon: run=Registry value not found HKCU\..\Windows\CurrentVersion\WinLogon: load=Registry key not found HKCU\..\Windows\CurrentVersion\WinLogon: run=Registry key not found HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=Registry value not found HKLM\..\Windows NT\CurrentVersion\Windows: load=Registry value not found HKLM\..\Windows NT\CurrentVersion\Windows: run=Registry value not found HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=INI section not found SCRNSAVE.EXE=INI section not found drivers=INI section not found Shell & screensaver key from Registry: Shell=explorer.exe SCRNSAVE.EXE=C:\WINDOWS\NikeGolf.scr drivers=Registry value not found Policies Shell key: HKCU\..\Policies: Shell=Registry value not found HKLM\..\Policies: Shell=Registry value not found -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Company name OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE' - File description: 'Registry Editor' Registry check passed -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045} (no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} (no name) - C:\Program Files\Windows Live Toolbar\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -------------------------------------------------- Enumerating Task Scheduler jobs: AppleSoftwareUpdate.job Check Updates for Windows Live Toolbar.job -------------------------------------------------- Enumerating Download Program Files: [Microsoft XML Parser for Java] CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd [{00000075-0000-0010-8000-00AA00389B71}] CODEBASE = http://codecs.microsoft.com/codecs/i386/voxmsdec.CAB [{00000075-9980-0010-8000-00AA00389B71}] CODEBASE = http://codecs.microsoft.com/codecs/i386/voxacm.CAB [{00000161-0000-0010-8000-00AA00389B71}] CODEBASE = http://codecs.microsoft.com/codecs/i386/msaudio.cab [{01113300-3E00-11D2-8470-0060089874ED}] CODEBASE = http://activation.rr.com/install/download/tgctlcm.cab [{33564D57-9980-0010-8000-00AA00389B71}] CODEBASE = http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab [{41F17733-B041-4099-A042-B518BB6A408C}] CODEBASE = http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe [{56C9629A-C33F-11D3-BBFB-00105A1FAD68}] CODEBASE = http://www.eyetide.com/download//223/Eyetide%20Installer.cab [WUWebControl Class] InProcServer32 = C:\WINDOWS\System32\wuweb.dll CODEBASE = http://www.update.microsoft.com/microsoftu...b?1182215026592 [MUWebControl Class] InProcServer32 = C:\WINDOWS\System32\muweb.dll CODEBASE = http://www.update.microsoft.com/microsoftu...b?1182215014264 [Java Plug-in 1.6.0_01] InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [ActiveScan Installer Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\asinst.dll CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab [Java Plug-in 1.5.0_04] InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [Java Plug-in 1.5.0_06] InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll CODEBASE = http://java.sun.com/products/plugin/autodl...indows-i586.cab [Java Plug-in 1.6.0_01] InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_01] InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [{CE74A05D-ED12-473A-97F8-85FB0E2F479F}] CODEBASE = http://www.livemetallica.com/nugster/dlControl.CAB [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx CODEBASE = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\mswsock.dll Protocol #17: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services abp480n5: \SystemRoot\System32\DRIVERS\ABP480N5.SYS (disabled) Intel® 82801 Audio Driver Install Service (WDM): system32\drivers\ac97intc.sys (manual start) Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system) adpu160m: \SystemRoot\System32\DRIVERS\adpu160m.sys (disabled) Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start) AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system) Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system) Compaq AGP Bus Filter: \SystemRoot\System32\DRIVERS\agpCPQ.sys (disabled) Aha154x: \SystemRoot\System32\DRIVERS\aha154x.sys (disabled) aic78u2: \SystemRoot\System32\DRIVERS\aic78u2.sys (disabled) aic78xx: \SystemRoot\System32\DRIVERS\aic78xx.sys (disabled) Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start) AliIde: \SystemRoot\System32\DRIVERS\aliide.sys (disabled) ALI AGP Bus Filter: \SystemRoot\System32\DRIVERS\alim1541.sys (disabled) AMD AGP Bus Filter Driver: \SystemRoot\System32\DRIVERS\amdagp.sys (disabled) amsint: \SystemRoot\System32\DRIVERS\amsint.sys (disabled) Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Dynex Wireless G Adapter Service: System32\DRIVERS\ar5211.sys (manual start) asc: \SystemRoot\System32\DRIVERS\asc.sys (disabled) asc3350p: \SystemRoot\System32\DRIVERS\asc3350p.sys (disabled) asc3550: \SystemRoot\System32\DRIVERS\asc3550.sys (disabled) ASF Agent: C:\Program Files\Intel\ASF Agent\ASFAgent.exe (autostart) RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start) Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system) ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start) Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start) AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system) AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart) AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (autostart) AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system) AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system) AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system) AVG7 Update Service: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (autostart) AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system) AVG7 Clean Driver: \SystemRoot\System32\Drivers\avgclean.sys (system) AVG E-mail Scanner: C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (autostart) AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart) basic2: System32\DRIVERS\basic2.sys (manual start) Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) cbidf: \SystemRoot\System32\DRIVERS\cbidf2k.sys (disabled) cd20xrnt: \SystemRoot\System32\DRIVERS\cd20xrnt.sys (disabled) CD-ROM Driver: System32\DRIVERS\cdrom.sys (system) Indexing Service: C:\WINDOWS\System32\cisvc.exe (manual start) ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled) Comodo Application Agent: C:\Program Files\Comodo\Firewall\cmdagent.exe (autostart) CmdIde: \SystemRoot\System32\DRIVERS\cmdide.sys (disabled) Comodo Application Engine: System32\DRIVERS\cmdmon.sys (system) COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Cpqarray: \SystemRoot\System32\DRIVERS\cpqarray.sys (disabled) Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) dac2w2k: \SystemRoot\System32\DRIVERS\dac2w2k.sys (disabled) dac960nt: \SystemRoot\System32\DRIVERS\dac960nt.sys (disabled) DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Disk Driver: System32\DRIVERS\disk.sys (system) Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) Logical Disk Manager Driver: System32\drivers\dmio.sys (system) dmload: System32\drivers\dmload.sys (system) Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start) DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart) dpti2o: \SystemRoot\System32\DRIVERS\dpti2o.sys (disabled) Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start) Dynex DX-WGDTC Service: C:\Program Files\Dynex Wireless G Adapter\WLService.exe (autostart) Intel® PRO/1000 Adapter Driver: System32\DRIVERS\e1000nt5.sys (manual start) 3Com EtherLink XL 90XB/C Adapter Driver: System32\DRIVERS\el90xbc5.sys (manual start) Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Event Log: %SystemRoot%\system32\services.exe (autostart) COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start) Fallback: System32\DRIVERS\fallback.sys (autostart) Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start) Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\drivers\fltmgr.sys (system) Fsks: System32\DRIVERS\fsksnt.sys (autostart) Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system) GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start) Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start) GTNDIS5 NDIS Protocol Driver: \??\C:\WINDOWS\system32\GTNDIS5.SYS (manual start) Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) hpn: \SystemRoot\System32\DRIVERS\hpn.sys (disabled) hpt3xx: \SystemRoot\System32\DRIVERS\hpt3xx.sys (disabled) hsf_msft: System32\DRIVERS\HSF_MSFT.sys (manual start) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) i2omp: \SystemRoot\System32\DRIVERS\i2omp.sys (disabled) i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system) ialm: System32\DRIVERS\ialmnt5.sys (manual start) InstallDriver Table Manager: C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (manual start) IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start) ini910u: \SystemRoot\System32\DRIVERS\ini910u.sys (disabled) Comodo Network Engine: System32\DRIVERS\inspect.sys (system) IntelIde: \SystemRoot\System32\DRIVERS\intelide.sys (disabled) Intel Processor Driver: System32\DRIVERS\intelppm.sys (system) IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start) IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start) IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start) IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start) iPod Service: C:\Program Files\iPod\bin\iPodService.exe (manual start) IPSEC driver: System32\DRIVERS\ipsec.sys (system) IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start) PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system) K56: System32\DRIVERS\k56nt.sys (autostart) Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system) Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start) Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) AEGIS Protocol (IEEE 802.1x) v2.3.1.9: System32\DRIVERS\mdc8021x.sys (autostart) Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start) Mouse Class Driver: System32\DRIVERS\mouclass.sys (system) mraid35x: \SystemRoot\System32\DRIVERS\mraid35x.sys (disabled) WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start) Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start) Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start) Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start) Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start) Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start) Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start) NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start) Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start) NetAlrt: \??\C:\WINDOWS\System32\drivers\NetAlrt.sys (autostart) NetBIOS Interface: System32\DRIVERS\netbios.sys (system) NetBios over Tcpip: System32\DRIVERS\netbt.sys (system) Network DDE: %SystemRoot%\system32\netdde.exe (disabled) Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled) Net Logon: %SystemRoot%\System32\lsass.exe (manual start) Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) NIC Management Service Configuration Driver: \??\C:\WINDOWS\System32\drivers\NMSCFG.SYS (manual start) Intel® NMS: C:\WINDOWS\System32\NMSSvc.exe (manual start) NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start) Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) nv: System32\DRIVERS\nv4_mini.sys (manual start) nv4: System32\DRIVERS\nv4.sys (manual start) IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start) IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start) OMCI WDM Device Driver: System32\DRIVERS\omci.sys (system) Intel PentiumIII Processor Driver: System32\DRIVERS\p3.sys (system) papycpu2: \SystemRoot\System32\DRIVERS\papycpu2.sys (system) papyjoy: \SystemRoot\System32\DRIVERS\papyjoy.sys (system) Parallel port driver: System32\DRIVERS\parport.sys (manual start) PCI Bus Driver: System32\DRIVERS\pci.sys (system) PCIIde: System32\DRIVERS\pciide.sys (system) perc2: \SystemRoot\System32\DRIVERS\perc2.sys (disabled) perc2hib: \SystemRoot\System32\DRIVERS\perc2hib.sys (disabled) PlatAlrt: \??\C:\WINDOWS\System32\drivers\PlatAlrt.sys (autostart) Plug and Play: %SystemRoot%\system32\services.exe (autostart) IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart) WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start) Processor Driver: System32\DRIVERS\processr.sys (system) Protected Storage: %SystemRoot%\system32\lsass.exe (autostart) QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start) Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start) PxHelp20: System32\DRIVERS\PxHelp20.sys (system) ql1080: \SystemRoot\System32\DRIVERS\ql1080.sys (disabled) Ql10wnt: \SystemRoot\System32\DRIVERS\ql10wnt.sys (disabled) ql12160: \SystemRoot\System32\DRIVERS\ql12160.sys (disabled) ql1240: \SystemRoot\System32\DRIVERS\ql1240.sys (disabled) ql1280: \SystemRoot\System32\DRIVERS\ql1280.sys (disabled) Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system) Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start) Direct Parallel: System32\DRIVERS\raspti.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start) Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start) Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system) Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Rksample: System32\DRIVERS\rksample.sys (manual start) Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start) Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start) Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart) SASDIFSV: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (system) SASENUM: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (manual start) SASKUTIL: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (system) Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start) Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: System32\DRIVERS\secdrv.sys (autostart) Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start) Serial port driver: System32\DRIVERS\serial.sys (system) Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) SIS AGP Bus Filter: \SystemRoot\System32\DRIVERS\sisagp.sys (disabled) smwdm: system32\drivers\smwdm.sys (manual start) SoftFax: System32\DRIVERS\faxnt.sys (autostart) Sparrow: \SystemRoot\System32\DRIVERS\sparrow.sys (disabled) Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start) Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart) System Restore Filter Driver: System32\DRIVERS\sr.sys (system) System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Srv: System32\DRIVERS\srv.sys (manual start) SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart) Software Bus Driver: System32\DRIVERS\swenum.sys (manual start) Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{2B453628-A925-43CB-956A-52FA28789C18} (manual start) symc810: \SystemRoot\System32\DRIVERS\symc810.sys (disabled) symc8xx: \SystemRoot\System32\DRIVERS\symc8xx.sys (disabled) sym_hi: \SystemRoot\System32\DRIVERS\sym_hi.sys (disabled) sym_u3: \SystemRoot\System32\DRIVERS\sym_u3.sys (disabled) Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start) Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start) Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system) Terminal Device Driver: System32\DRIVERS\termdd.sys (system) Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start) Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Telnet: C:\WINDOWS\System32\tlntsvr.exe (manual start) Tones: System32\DRIVERS\tonesnt.sys (autostart) TosIde: \SystemRoot\System32\DRIVERS\toside.sys (disabled) Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) ultra: \SystemRoot\System32\DRIVERS\ultra.sys (disabled) Windows User Mode Driver Framework: C:\WINDOWS\System32\wdfmgr.exe (autostart) Microcode Update Driver: System32\DRIVERS\update.sys (manual start) Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start) USB Root Hub (usbport): System32\DRIVERS\usbhub.sys (manual start) Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start) USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start) USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start) Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start) Messenger Sharing Folders USN Journal Reader service: "C:\Program Files\MSN Messenger\usnsvc.exe" (manual start) V124: System32\DRIVERS\v124nt.sys (autostart) VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system) VIA AGP Bus Filter: \SystemRoot\System32\DRIVERS\viaagp.sys (disabled) ViaIde: \SystemRoot\System32\DRIVERS\viaide.sys (disabled) Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start) Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) D-Link AirPlus G Wireless Driver: System32\DRIVERS\mrv8k51.sys (manual start) Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start) Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) winachsf: System32\DRIVERS\HSF_CNXT.sys (manual start) Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start) Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Intel® Graphics Platform (SoftBIOS) Driver: system32\drivers\ialmsbw.sys (system) Intel® Graphics Chipset (KCH) Driver: system32\drivers\ialmkchw.sys (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: No scripts set to run Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: Registry value not found -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run Registry key not found -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run Registry key not found -------------------------------------------------- End of report, 39,061 bytes Report generated in 1.438 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only

sage5 View Member Profile	Jun 27 2007, 03:52 PM Post #11
RIP 10/2009 Posts: 2,646 From: NE Victoria, Australia OS: WinXp SP3	Hi premo, Please print these instructions, and have the hard copy handy, to complete the steps below. Let's remove the last of those drivers. Delete bad services: Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it to your desktop, make sure the file type is All File and name it FixServices2.bat CODE @echo off sc stop papycpu2 sc stop papyjoy sc delete papycpu2 sc delete papyjoy exit Double click FixServices2.bat. A window will open and close. This is normal. Restart in Safe Mode: Please take note if Windows restarts much quicker in Safe Mode. Using Windows Explorer, (to get there right-click your Start button and go to "Explore"), delete these files, (if present): C:\System32\DRIVERS\papycpu2.sys C:\SystemRoot\System32\DRIVERS\papyjoy.sys System File Checker: Go to Start > Run and type sfc /scanonce (Note the space between the c & the /) /scanonce starts the System File Checker at the next boot. You will probably need your Windows XP CD to be handy as it may be required. Allow the scan to run and when complete reboot the system. Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. Run Deckard's System Scanner: Close all other windows before proceeding. Double click on the dss.exe file on your Desktop and follow the prompts. Scans will run, and a text file will open in Notepad. I will need you to copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of this text file in your next reply. Cheers, sage5

sage5 View Member Profile	Sep 2 2007, 07:41 AM Post #12
RIP 10/2009 Posts: 2,646 From: NE Victoria, Australia OS: WinXp SP3	Due to lack of feedback, this topic has been closed. If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Windows XP�, 2000, 2003, NT Computer running slow after service pack 2 installation	3 / 448	21st June 2007 - 05:29 PM premo started - last by premo
Windows Vista� and Windows 7� Vista login after service pack download and install	2 / 584	30th April 2008 - 12:07 PM JeffH started - last by djtrype
Virus, Spyware and Trojan Removal Slow computer after virus cleaning [CLOSED]	4 / 391	2nd July 2008 - 08:01 PM London Beat started - last by Chopin
Virus, Spyware and Trojan Removal Slow Computer after child game uninstall [CLOSED]	3 / 199	3rd August 2008 - 07:44 AM sosaman20 started - last by Rorschach112