Please check log. thanks [RESOLVED]

Hi qwerty123,

Welcome to Geeks to Go!

My name is Stamper19 and I will be helping you with your Malware problem. During the course of our interactions please be sure to follow all instructions carefully, and ask questions if you are unsure of how to proceed at any point.

----------------------------------------------------------------

Please download Deckard's System Scanner (DSS) to your Desktop.

• Close all applications and windows.
• Double-click on DSS.exe to run it, and follow the prompts.
• The scan may take a minute. When the scan is complete, two text files will open - Main.txt and Extra.txt

Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the main.txt and extra.txt from the C:\Deckard\System Scanner folder into your next reply.

----------------------------------------------------------------

Information to include in your next post:

• main.txt and extra.txt from DSS

thanks for the reply. thanks for helping

Deckard's System Scanner v20071014.68
Run by Harry on 2008-04-01 15:19:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
23: 2008-04-01 19:20:14 UTC - RP67 - Deckard's System Scanner Restore Point
22: 2008-03-30 23:14:11 UTC - RP66 - Installed Java™ 6 Update 5
21: 2008-03-30 22:17:44 UTC - RP65 - System Checkpoint
20: 2008-03-29 21:47:15 UTC - RP64 - System Checkpoint
19: 2008-03-28 21:13:42 UTC - RP63 - System Checkpoint


-- First Restore Point --
1: 2008-03-02 00:01:14 UTC - RP45 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Harry.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:46 PM, on 4/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\COMODO\Firewall\cfp.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\AIM6\aim6.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\COMODO\Firewall\cmdagent.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\Program Files\Symantec AntiVirus\SavRoam.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\Program Files\Viewpoint\Common\ViewpointService.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\AIM6\aolsoftware.exe
D:\Documents and Settings\Harry\Desktop\dss.exe
D:\PROGRA~1\TRENDM~1\HIJACK~1\Harry.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Aim6] "D:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - AppInit_DLLs: D:\WINDOWS\system32\guard32.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - D:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7428 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - d:\windows\system32\drivers\adihdaud.sys (file missing)
S3 AEAudioService (AEAudio Service) - d:\windows\system32\drivers\aeaudio.sys (file missing)
S3 SenFiltService (SenFilt Service) - d:\windows\system32\drivers\senfilt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "d:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "d:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Viewpoint Manager Service - "d:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&CF81C54&0&08F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&CF81C54&0&08F0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-02-16 22:12:06 284 --a------ D:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-01 and 2008-04-01 -----------------------------

2008-03-31 22:59:40 0 dr-h----- D:\Documents and Settings\Harry\Recent
2008-03-30 19:56:18 0 d-------- D:\Program Files\LimeWire
2008-03-30 19:16:24 0 d-------- D:\WINDOWS\Sun
2008-03-30 19:16:24 0 d-------- D:\Documents and Settings\Harry\Application Data\Sun
2008-03-27 17:59:07 0 d-------- D:\Program Files\World of Warcraft <WORLDO~1>
2008-03-26 22:45:12 0 d-------- D:\Documents and Settings\Harry\Application Data\LimeWire
2008-03-26 22:43:35 0 d-------- D:\Program Files\Java
2008-03-26 22:42:19 0 d-------- D:\Program Files\Common Files\Java
2008-03-24 03:45:17 2621440 --a------ D:\Documents and Settings\Harry\ntuser.dat
2008-03-20 22:45:51 0 d-------- D:\Documents and Settings\Harry\Application Data\Megaupload
2008-03-20 22:40:30 0 d-------- D:\Program Files\Megaupload
2008-03-20 22:31:51 0 d-------- D:\Program Files\MegauploadToolbar
2008-03-20 22:31:42 0 d-------- D:\Documents and Settings\Harry\Application Data\MegauploadToolbar
2008-03-16 18:28:35 0 d-------- D:\Documents and Settings\Harry\Application Data\ImgBurn
2008-03-16 18:27:41 0 d-------- D:\Program Files\ImgBurn
2008-03-02 01:42:44 0 d-------- D:\Documents and Settings\Harry\Application Data\Comodo
2008-03-02 01:42:42 0 d-------- D:\Documents and Settings\All Users\Application Data\comodo
2008-03-02 01:42:40 0 d-------- D:\Program Files\COMODO


-- Find3M Report ---------------------------------------------------------------

2008-04-01 15:10:32 0 d-------- D:\Program Files\Symantec AntiVirus
2008-03-28 15:09:25 0 d-------- D:\Program Files\Common Files\Blizzard Entertainment
2008-03-26 22:42:19 0 d-------- D:\Program Files\Common Files
2008-03-20 22:40:03 0 d--h----- D:\Program Files\InstallShield Installation Information
2008-02-28 23:20:39 0 d-------- D:\Documents and Settings\Harry\Application Data\SmartFTP
2008-02-28 23:20:13 0 d-------- D:\Program Files\SmartFTP Client
2008-02-28 23:19:33 0 d-------- D:\Program Files\SmartFTP Client 2.5 Setup Files
2008-02-28 16:38:27 4212 ---h----- D:\WINDOWS\system32\zllictbl.dat
2008-02-23 02:12:02 0 d-------- D:\Program Files\Trend Micro
2008-02-19 22:20:12 0 d-------- D:\Documents and Settings\Harry\Application Data\WinRAR
2008-02-18 23:49:38 0 d-------- D:\Documents and Settings\Harry\Application Data\QQ Games
2008-02-18 23:49:02 0 d-------- D:\Documents and Settings\Harry\Application Data\QQ Games Plugin
2008-02-18 23:48:57 0 d-------- D:\Documents and Settings\Harry\Application Data\acccore
2008-02-18 23:48:30 0 d-------- D:\Program Files\AIM6
2008-02-18 23:47:21 0 d-------- D:\Program Files\Tencent
2008-02-18 23:45:20 0 d-------- D:\Program Files\Viewpoint
2008-02-18 23:41:43 0 d-------- D:\Program Files\Common Files\AOL
2008-02-18 03:09:26 0 d-------- D:\Program Files\Common Files\ATI Technologies
2008-02-18 03:09:24 0 d-------- D:\Program Files\ATI Technologies
2008-02-17 00:41:15 0 d-------- D:\Documents and Settings\Harry\Application Data\Macromedia
2008-02-17 00:41:15 0 d-------- D:\Documents and Settings\Harry\Application Data\Adobe
2008-02-17 00:20:55 0 d-------- D:\Program Files\Common Files\Adobe
2008-02-16 22:14:11 0 d-------- D:\Documents and Settings\Harry\Application Data\Apple Computer
2008-02-16 22:13:46 0 d-------- D:\Program Files\iTunes
2008-02-16 22:13:37 0 d-------- D:\Program Files\iPod
2008-02-16 22:13:04 0 d-------- D:\Program Files\Bonjour
2008-02-16 22:12:52 0 d-------- D:\Program Files\QuickTime
2008-02-16 22:11:29 0 d-------- D:\Program Files\Apple Software Update
2008-02-16 22:10:28 0 d-------- D:\Program Files\Common Files\Apple
2008-02-16 21:53:22 0 d-------- D:\Documents and Settings\Harry\Application Data\Aim
2008-02-16 21:53:18 0 d-------- D:\Program Files\AIM
2008-02-16 21:49:48 0 d-------- D:\Program Files\AOD
2008-02-16 18:40:47 0 d-------- D:\Program Files\SpywareBlaster
2008-02-16 18:37:55 0 d-------- D:\Program Files\CCleaner
2008-02-16 18:24:03 0 d-------- D:\Program Files\Messenger
2008-02-16 18:11:07 0 d-------- D:\Documents and Settings\Harry\Application Data\Avant Profiles
2008-02-16 18:11:04 0 d-------- D:\Program Files\Avant Browser
2008-02-16 18:06:47 0 d-------- D:\Program Files\Combined Community Codec Pack
2008-02-16 17:56:13 0 d-------- D:\Documents and Settings\Harry\Application Data\ATI
2008-02-16 17:48:07 0 d-------- D:\Program Files\Common Files\InstallShield
2008-02-16 17:37:55 0 d-------- D:\Program Files\Common Files\Symantec Shared
2008-02-16 17:37:30 0 d-------- D:\Program Files\Symantec
2008-02-16 17:36:56 0 d-------- D:\Documents and Settings\Harry\Application Data\InstallShield
2008-02-16 17:34:05 0 d-------- D:\Program Files\Attansic
2008-02-16 17:32:18 0 d-------- D:\Program Files\Intel
2008-02-16 17:25:12 0 d-------- D:\Documents and Settings\Harry\Application Data\Identities
2008-02-16 17:21:27 0 d-------- D:\Program Files\microsoft frontpage
2008-02-16 17:20:12 0 d--h----- D:\Program Files\WindowsUpdate
2008-02-16 17:19:23 0 d-------- D:\Program Files\Common Files\MSSoap
2008-02-16 17:19:15 0 d-------- D:\Program Files\Movie Maker
2008-02-16 17:18:50 21640 --a------ D:\WINDOWS\system32\emptyregdb.dat
2008-02-16 17:18:11 0 d-------- D:\Program Files\Online Services
2008-02-16 17:18:03 0 d-------- D:\Program Files\MSN Gaming Zone
2008-02-16 17:17:55 0 d-------- D:\Program Files\Windows NT
2008-02-16 12:10:56 0 d-------- D:\Program Files\Common Files\ODBC
2008-02-16 12:10:54 0 d-------- D:\Program Files\Common Files\SpeechEngines
2008-02-16 12:10:28 62 --ahs---- D:\Documents and Settings\Harry\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [10/27/2004 04:21 PM D:\WINDOWS\system32\HdAShCut.exe]
"ccApp"="D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/21/2006 06:38 PM]
"vptray"="D:\PROGRA~1\SYMANT~1\VPTray.exe" [03/14/2007 08:49 PM]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [02/01/2008 12:13 AM]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [02/04/2008 03:18 PM]
"IMJPMIG8.1"="D:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [02/28/2006 08:00 AM]
"MSPY2002"="D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [02/28/2006 08:00 AM]
"PHIME2002ASync"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [02/28/2006 08:00 AM]
"PHIME2002A"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [02/28/2006 08:00 AM]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"COMODO Firewall Pro"="D:\Program Files\COMODO\Firewall\cfp.exe" [03/14/2008 09:04 PM]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [02/28/2006 08:00 AM]
"@"="" []
"StartCCC"="D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 01:35 PM]
"Aim6"="D:\Program Files\AIM6\aim6.exe" [01/03/2008 12:15 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= D:\WINDOWS\system32\guard32.dll




-- End of Deckard's System Scanner: finished at 2008-04-01 15:22:36 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 1023.11 MiB / 562.8 MiB
Pagefile Memory (total/avail): 2461.9 MiB / 2031.18 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1939.17 MiB

C: is Fixed (NTFS) - 38 GiB total, 15.97 GiB free.
D: is Fixed (NTFS) - 108.59 GiB total, 84.46 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG HD160JJ/P - 149.01 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 - Extended w/Extended Int 13 - 108.59 GiB - D:
\PARTITION2 (bootable) - Installable File System - 38 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: COMODO Firewall Pro v3.0 (COMODO)
AV: Symantec AntiVirus Corporate Edition v10.1.6.6000 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Program Files\\Bonjour\\mDNSResponder.exe"="D:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="D:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"D:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="D:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"D:\\Program Files\\Avant Browser\\avant.exe"="D:\\Program Files\\Avant Browser\\avant.exe:*:Enabled:Avant Browser"
"D:\\Program Files\\Tencent\\QQ Games\\QQGames.exe"="D:\\Program Files\\Tencent\\QQ Games\\QQGames.exe:*:Enabled:QQ Games"
"D:\\Program Files\\AIM6\\aim6.exe"="D:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"D:\\Program Files\\World of Warcraft\\Repair.exe"="D:\\Program Files\\World of Warcraft\\Repair.exe:*:Enabled:Blizzard Repair Utility"
"D:\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=D:\Documents and Settings\All Users
APPDATA=D:\Documents and Settings\Harry\Application Data
CLASSPATH=.;D:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=D:\Program Files\Common Files
COMPUTERNAME=HARRY-707372E6E
ComSpec=D:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=D:
HOMEPATH=\Documents and Settings\Harry
LOGONSERVER=\\HARRY-707372E6E
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=D:\WINDOWS\system32;D:\WINDOWS;D:\WINDOWS\System32\Wbem;D:\Program Files\ATI Technologies\ATI.ACE\Core-Static;D:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=040a
ProgramFiles=D:\Program Files
PROMPT=$P$G
QTJAVA=D:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=D:
SystemRoot=D:\WINDOWS
TEMP=D:\DOCUME~1\Harry\LOCALS~1\Temp
TMP=D:\DOCUME~1\Harry\LOCALS~1\Temp
USERDOMAIN=HARRY-707372E6E
USERNAME=Harry
USERPROFILE=D:\Documents and Settings\Harry
windir=D:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Harry (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AIM 6 --> D:\Program Files\AIM6\uninst.exe
Aim Plugin for QQ Games --> D:\Program Files\Tencent\QQ Games\Plugin\Uninstall.EXE
AOL Instant Messenger --> D:\Program Files\AIM\uninstll.exe -LOG= D:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> D:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver --> rundll32 D:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Parental Control & Encoder --> MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
Attansic Giga Ethernet Utility --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9
Attansic L1 Gigabit Ethernet Driver --> rundll32.exe D:\WINDOWS\system32\Attansic\L1\atcInst.dll,AtcUninst D:\WINDOWS\system32\Attansic\L1 x86 1969 1048 L1
Avant Browser (remove only) --> "D:\Program Files\Avant Browser\uninst.exe"
AVIVO Codecs --> MsiExec.exe /X{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only) --> "D:\Program Files\CCleaner\uninst.exe"
Combined Community Codec Pack 2007-07-22 --> "D:\Program Files\Combined Community Codec Pack\unins000.exe"
COMODO Firewall Pro --> D:\Program Files\COMODO\Firewall\cfpconfg.exe -u
High Definition Audio Driver Package - KB888111 --> D:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ImgBurn --> "D:\Program Files\ImgBurn\uninstall.exe"
iTunes --> MsiExec.exe /I{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> D:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LimeWire PRO 4.16.2 --> "D:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.1 (Symantec Corporation) --> "D:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Mega Manager --> D:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly
Megaupload Toolbar --> D:\Program Files\MegauploadToolbar\uninstall.exe
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
QQ Bubble Arena --> D:\Program Files\Tencent\QQ Games\QQ Bubble Arena\Uninstall.EXE
QQ Games --> D:\Program Files\Tencent\QQ Games\Uninstall.EXE
QQ Match Master --> D:\Program Files\Tencent\QQ Games\QQ Match Master\Uninstall.EXE
QQ Pool --> D:\Program Files\Tencent\QQ Games\QQ Pool\Uninstall.EXE
QQ Robo --> D:\Program Files\Tencent\QQ Games\QQ Robo\Uninstall.EXE
QQ Treasure Hunter --> D:\Program Files\Tencent\QQ Games\QQ Treasure Hunter\Uninstall.EXE
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP Client 2.5 Setup Files (remove only) --> D:\Program Files\SmartFTP Client 2.5 Setup Files\uninst-sftp.exe
SpywareBlaster v3.5.1 --> "D:\Program Files\SpywareBlaster\unins000.exe"
Symantec AntiVirus --> MsiExec.exe /I{50E125D1-88E5-48CE-80AE-98EC9698E639}
Viewpoint Media Player --> D:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WinRAR archiver --> D:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> D:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1366 / Error
Event Submitted/Written: 04/01/2008 03:21:23 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.

Event Record #/Type1365 / Error
Event Submitted/Written: 04/01/2008 03:21:23 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type1340 / Error
Event Submitted/Written: 03/30/2008 10:33:17 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application LimeWire.exe, version 1.0.0.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1138 / Error
Event Submitted/Written: 03/21/2008 08:45:18 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application avant.exe, version 11.5.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1137 / Error
Event Submitted/Written: 03/21/2008 08:44:57 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application avant.exe, version 11.5.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2416 / Warning
Event Submitted/Written: 03/27/2008 08:33:34 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type2412 / Warning
Event Submitted/Written: 03/27/2008 07:33:59 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type2402 / Warning
Event Submitted/Written: 03/27/2008 05:49:31 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type2401 / Warning
Event Submitted/Written: 03/27/2008 05:12:44 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type2374 / Warning
Event Submitted/Written: 03/27/2008 04:59:07 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-04-01 15:22:36 ------------

Hi qwerty,

I dont see anything in these logs. Is there a specific problem you are encountering?

i was just worried about my computer just to check to see if i'm all clean and i'm glad to find out it's running fine. Might have some problems with thats just maybe due to some of the programs i installed and glad it isn't from malware.

Also sorry to ask this but are you able to help scan this laptop as i recently got it and it has been online for quite sometime now without protection. i'm afraid it can be infected with malware. its a new laptop and kids has been using it so i would like you to check it if you can. Also could u recommend some of the programs and some of the software that we should havve? i installed the basic stuff like java , anti virus just a before so please help, thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:28 PM, on 4/1/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Avant Browser\avant.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AveoKeySti] "C:\Program Files\\AVEO\AVEO_UVC_FILTER_DRIVER_KIT\AveoSTI.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: aveosti.exe.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 5366 bytes

Hi qwerty,

That log looks clean as well. What sort of software recommendations are you looking for? I can recommend Antivirus/Antispyware programs, etc.

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.