please help me my pc is so slow [CLOSED] [RESOLVED]

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

please help me my pc is so slow [CLOSED] [RESOLVED]

#1 shannianni

Group: Member
Posts: 922
Joined: 11-May 05

Posted 12 January 2008 - 08:18 AM

my friends pc is very very slow and he is getting a lot of pop ups, can someone please help him
many thanks for your time
shannianni

here is his log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:03:32, on 12/01/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redi...&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.blueyonder.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Nothing - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINDOWS\System32\hp1ECD.tmp (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Tool Enc Cool Vga] C:\Documents and Settings\All Users\Application Data\BookFindToolEnc\less type.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/inst...leanerstart.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/gba2337.exe
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll
O22 - SharedTaskScheduler: USB Ware - {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 7081 bytes

#2 Rorschach112

Group: Retired Staff
Posts: 47,710
Joined: 23-March 07

Posted 12 January 2008 - 03:03 PM

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Nothing - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINDOWS\System32\hp1ECD.tmp (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Tool Enc Cool Vga] C:\Documents and Settings\All Users\Application Data\BookFindToolEnc\less type.exe
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.driveclea...leanerstart.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/gba2337.exe
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll
O22 - SharedTaskScheduler: USB Ware - {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - (no file)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Please download OTMoveIt by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Documents and Settings\All Users\Application Data\BookFindToolEnc\less type.exe
C:\WINDOWS\web\related.htm
C:\WINDOWS\System32\vbsys2.dll
Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.

Reboot then do this

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

#3 shannianni

Group: Member
Posts: 922
Joined: 11-May 05

Posted 14 January 2008 - 12:15 PM

Rorschach112

thank you for your time here are the logs that you wanted

Deckard's System Scanner v20071014.68
Run by PJ on 2008-01-14 18:06:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
6: 2008-01-14 18:06:20 UTC - RP295 - Deckard's System Scanner Restore Point
5: 2008-01-13 22:37:20 UTC - RP294 - System Checkpoint
4: 2008-01-12 13:53:25 UTC - RP293 - Installed AVG 7.5
3: 2008-01-12 13:48:28 UTC - RP292 - Removed Symantec AntiVirus
2: 2008-01-12 13:47:01 UTC - RP291 - Removed Driving Test Success 2003-2004

-- First Restore Point --
1: 2008-01-12 13:08:38 UTC - RP290 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 448 MiB (512 MiB recommended).

-- HijackThis (run as PJ.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:08:02, on 14/01/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\PJ\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\PJ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.blueyonder.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 7173 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080114-180357-244 O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
backup-20080114-180357-453 O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
backup-20080114-180357-464 O2 - BHO: Nothing - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINDOWS\System32\hp1ECD.tmp (file missing)
backup-20080114-180357-609 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080114-180357-639 O4 - HKLM\..\Run: [Tool Enc Cool Vga] C:\Documents and Settings\All Users\Application Data\BookFindToolEnc\less type.exe
backup-20080114-180358-293 O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/inst...leanerstart.cab
backup-20080114-180358-489 O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/gba2337.exe
backup-20080114-180358-629 O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll (file missing)
backup-20080114-180359-749 O22 - SharedTaskScheduler: USB Ware - {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Asapi - c:\windows\system32\drivers\asapi.sys <Not Verified; VOB Computersysteme GmbH; asapi>

S3 RecAgent - c:\windows\system32\drivers\recagent.sys <Not Verified; ; Modem>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-01-13 16:44:03 248 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2007-10-11 17:00:00 250 --ah----- C:\WINDOWS\Tasks\A63E8DE491850BA4.job
2007-09-20 18:26:35 358 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2004-08-04 18:42:43 258 --a------ C:\WINDOWS\Tasks\Registration reminder 3.job

-- Files created between 2007-12-14 and 2008-01-14 -----------------------------

2008-01-13 16:22:18 0 d-------- C:\Documents and Settings\KS\Application Data\AVG7
2008-01-13 16:22:09 0 d-------- C:\Documents and Settings\KS\Application Data\Grisoft
2008-01-13 16:22:07 0 d-------- C:\Documents and Settings\KS\Application Data\Google
2008-01-12 14:32:22 0 dr-h----- C:\$VAULT$.AVG
2008-01-12 14:31:47 0 d-------- C:\Documents and Settings\PJ\Application Data\Grisoft
2008-01-12 14:24:56 0 d-------- C:\Documents and Settings\PJ\Application Data\Google
2008-01-12 14:24:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-01-12 14:24:47 0 d-------- C:\Program Files\Google
2008-01-12 14:22:38 0 d-------- C:\Program Files\SpywareGuard
2008-01-12 14:13:00 0 d-------- C:\ie-spyad_zo
2008-01-12 14:02:46 0 d-------- C:\Program Files\Trend Micro
2008-01-12 13:54:12 0 d-------- C:\Documents and Settings\PJ\Application Data\AVG7
2008-01-12 13:54:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-12 13:53:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-12 13:53:26 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7

-- Find3M Report ---------------------------------------------------------------

2008-01-14 18:08:17 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-13 21:51:24 0 d-------- C:\Program Files\Common Files
2008-01-12 13:47:05 0 d-------- C:\Program Files\Driving Test Success 2003-2004

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [26/03/2004 13:07 C:\WINDOWS\system32\VTTimer.exe]
"SoundMan"="SOUNDMAN.EXE" [26/02/2004 15:53 C:\WINDOWS\SOUNDMAN.EXE]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [30/01/2004 10:45]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [22/12/2003 07:38]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [09/06/2003 23:11]
"MISAggregator"="" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [29/02/2004 16:44]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [14/11/2002 19:29]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [12/03/2005 10:49]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [13/04/2005 03:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [26/07/2004 19:34]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/01/2008 13:53]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 09:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [15/11/2004 19:45]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [12/01/2008 14:25]

C:\Documents and Settings\PJ\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [29/08/2003 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [16/09/2003 04:19:24]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"wininet.dll"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=MsgPlusLoader.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFTray]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareQuake]
C:\Program Files\SpywareQuake\SpywareQuake.exe /h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tool Enc Cool Vga]
C:\Documents and Settings\All Users\Application Data\BookFindToolEnc\city ball.exe

*Newly Created Service* - AVGASCLN

-- Hosts -----------------------------------------------------------------------

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

60 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-01-14 18:09:09 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 3000+
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 447.48 MiB / 130.2 MiB
Pagefile Memory (total/avail): 606.8 MiB / 268.95 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1947.56 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 70.52 GiB total, 61.9 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 2 partitions
\PARTITION0 - Unknown - 4 GiB
\PARTITION1 (bootable) - Installable File System - 70.52 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is disabled.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\PJ\Application Data
CLIENTNAME=Console
COLLECTIONID=COL8143
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SN037609220021
ComSpec=C:\WINDOWS\system32\cmd.exe
HMSERVER=https://h30083.www3.hp.com/wuss/servlet/WUSSServlet
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\PJ
ITEMID=dj-22741-6
LANG=2057
LOGONSERVER=\\SN037609220021
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
OSVER=winXPH
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PROGRA~1\COMMON~1\TVNAVI~1
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONID=1097213222662wuws04-l15ed659:ff8869b0c1:-441e
SESSIONNAME=Console
SWUTVER=1.0.22.20030804
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PJ\LOCALS~1\Temp
TIMEOUT=0
TMP=C:\DOCUME~1\PJ\LOCALS~1\Temp
TOOLPATH=/C:\Program%20Files\HP\HP%20Software%20Update\install.htm
UPDATEDIR=C:\DOCUME~1\PJ\LOCALS~1\Temp\rad0836E.tmp
USERDOMAIN=SN037609220021
USERNAME=PJ
USERPROFILE=C:\Documents and Settings\PJ
VERSION=3.0.2.97
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

PJ (admin)
JI (admin)
KS (admin)
DC (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe" -lang="en-uk"
--> C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
--> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{09B44E78-A988-4BC0-962F-63ECD3333708} /l1033
--> C:\PROGRA~1\S3\S3\s3setvga.exe -s -fC:\PROGRA~1\S3\S3\S3.uns
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\Modio\SLAMR2KO\Setup.exe /Remove
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.EXE" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\SETUP.EXE" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
--> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
--> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
--> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
--> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
AOL UK (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_uk.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Bookshelf 99 --> "C:\Program Files\Microsoft Reference\Bookshelf 99\bsuninst.exe" /uninstall
Bumper Box CD1 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Alternative Software Ltd\Bumper Box CD1\DeIsL1.isu" -c"C:\Program Files\Alternative Software Ltd\Bumper Box CD1\_ISREG32.DLL"
Bumper Box CD2 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Alternative Software Ltd\Bumper Box CD2\DeIsL1.isu" -c"C:\Program Files\Alternative Software Ltd\Bumper Box CD2\_ISREG32.DLL"
Encarta Encyclopedia Deluxe 99 --> "C:\Program Files\Microsoft Reference\Encarta Encyclopedia 99\eeuninst.exe" /uninstall
Encarta Reference Suite 99 --> "C:\Program Files\Microsoft Reference\Encarta Reference Suite 99\stuninst.exe" /uninstall
Encarta Research Organizer --> "C:\Program Files\Microsoft Reference\Encarta Research Organizer\rouninst.exe" /uninstall
Encarta Virtual Globe 99 --> "C:\Program Files\Microsoft Reference\Encarta Virtual Globe 99\evgunnst.exe" /uninstall
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Hazard Perception Training 2003-2004 --> MsiExec.exe /I{33D5D3BC-5818-46DF-9454-8713BD6332C1}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Image Zone 3.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.5 --> "C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP PSC & OfficeJet 3.5 --> "C:\Program Files\HP\Digital Imaging\{18E0918E-1060-48f3-925C-56C82E88551B}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire Media Center --> "C:\Program Files\LimeWire Media Center\unins000.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Mavis Beacon Teaches Typing 9.0.0 --> C:\PROGRA~1\MINDSC~1\MAVISB~1\UNINST.EXE
Messenger Plus! 3 --> "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Microsoft AutoRoute v11.0 --> MsiExec.exe /I{8704D51E-25B7-4F23-81E7-AA4F54790220}
Microsoft Encarta Encyclopedia Standard - WE 2004 --> MsiExec.exe /I{045A0040-9149-45C6-A806-F2BF9CFCE762}
Microsoft Money --> MsiExec.exe /I{1D643CD0-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money System Pack --> MsiExec.exe /I{8C64E149-54BA-11D6-91B1-00500462BE80}
Microsoft Office Publisher 2003 --> MsiExec.exe /I{91190409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Photo Standard 9 --> C:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft Word 2002 --> MsiExec.exe /I{901B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works --> MsiExec.exe /I{B9966F27-9678-4620-9579-925E3084647E}
Microsoft Works 2004 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2004\Setup\Launcher.exe /ARP D:\
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{33BEE6F3-9987-4F98-A069-97A64EC8321A}
Norton Personal Firewall --> MsiExec.exe /I{15BFECE8-A100-4861-B92B-1EFF76683C23}
Packard Bell InfoCentre --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07A1C2E1-76DD-11D6-9922-009027E9C183}\setup.exe"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Live Toolbar --> MsiExec.exe /X{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}

-- Application Event Log -------------------------------------------------------

Event Record #/Type4184 / Error
Event Submitted/Written: 01/14/2008 06:00:03 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2800.1106, hang module msxml3.dll, version 8.70.1113.0, hang address 0x000039cc.

Event Record #/Type4183 / Error
Event Submitted/Written: 01/14/2008 05:59:50 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2800.1106, hang module msntb.dll, version 3.1.0.68, hang address 0x000176b5.

Event Record #/Type4182 / Error
Event Submitted/Written: 01/14/2008 05:59:48 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2800.1106, hang module msntb.dll, version 3.1.0.68, hang address 0x000176b5.

Event Record #/Type4176 / Error
Event Submitted/Written: 01/13/2008 09:50:33 PM
Event ID/Source: 13 / ccEvtMgr
Event Description:
ccEvtMgr: Failed to create the Trust Module.

Event Record #/Type4175 / Warning
Event Submitted/Written: 01/13/2008 09:50:33 PM
Event ID/Source: 13 / ccEvtMgr
Event Description:
ccEvtMgr: Loaded the default configuration settings.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type27872 / Error
Event Submitted/Written: 01/14/2008 06:08:22 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The SmartLinkService service has reported an invalid current state 0.

Event Record #/Type27867 / Warning
Event Submitted/Written: 01/13/2008 11:13:49 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type27841 / Error
Event Submitted/Written: 01/13/2008 09:53:43 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS) service hung on starting.

Event Record #/Type27787 / Warning
Event Submitted/Written: 01/12/2008 04:11:45 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type27735 / Error
Event Submitted/Written: 01/12/2008 01:52:05 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

-- End of Deckard's System Scanner: finished at 2008-01-14 18:09:09 ------------

i will try to reply at the weekend

many thanks

shannianni

#4 Rorschach112

Group: Retired Staff
Posts: 47,710
Joined: 23-March 07

Posted 14 January 2008 - 01:12 PM

Hello

Delete OTMoveIt.exe and the folder C:\OTMoveIt

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
C:\WINDOWS\Tasks\A63E8DE491850BA4.job
C:\Program Files\SpywareQuake
C:\Documents and Settings\All Users\Application Data\BookFindToolEnc
```
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

purity
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareQuake
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tool Enc Cool Vga

Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Reboot and post a new DSS log

#5 Rorschach112

Group: Retired Staff
Posts: 47,710
Joined: 23-March 07

Posted 19 January 2008 - 07:21 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

#6 Rorschach112

Group: Retired Staff
Posts: 47,710
Joined: 23-March 07

Posted 19 January 2008 - 07:30 AM

Please post the logs

#7 shannianni

Group: Member
Posts: 922
Joined: 11-May 05

Posted 19 January 2008 - 07:34 AM

Many thanks

here are the logs

File/Folder C:\WINDOWS\Tasks\A63E8DE491850BA4.job not found.
File/Folder C:\Program Files\SpywareQuake not found.
File/Folder C:\Documents and Settings\All Users\Application Data\BookFindToolEnc not found.
[Custom Input]
< purity >
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareQuake >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareQuake\\ not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tool Enc Cool Vga >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tool Enc Cool Vga\\ not found.

OTMoveIt2 v1.0.8 log created on 01192008_133141

just rebooting and will post dss log in 2 mins

thanks

#8 shannianni

Group: Member
Posts: 922
Joined: 11-May 05

Posted 19 January 2008 - 07:40 AM

hi

rebooted and here is the new dss log

thanks

Deckard's System Scanner v20071014.68
Run by PJ on 2008-01-19 13:38:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 448 MiB (512 MiB recommended).

-- HijackThis (run as PJ.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:38:56, on 19/01/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\PJ\Desktop\New Folder\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\PJ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.blueyonder.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 7217 bytes

-- Files created between 2007-12-19 and 2008-01-19 -----------------------------

2008-01-13 16:22:18 0 d-------- C:\Documents and Settings\KS\Application Data\AVG7
2008-01-13 16:22:09 0 d-------- C:\Documents and Settings\KS\Application Data\Grisoft
2008-01-13 16:22:07 0 d-------- C:\Documents and Settings\KS\Application Data\Google
2008-01-12 14:32:22 0 dr-h----- C:\$VAULT$.AVG
2008-01-12 14:31:47 0 d-------- C:\Documents and Settings\PJ\Application Data\Grisoft
2008-01-12 14:24:56 0 d-------- C:\Documents and Settings\PJ\Application Data\Google
2008-01-12 14:24:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-01-12 14:24:47 0 d-------- C:\Program Files\Google
2008-01-12 14:22:38 0 d-------- C:\Program Files\SpywareGuard
2008-01-12 14:13:00 0 d-------- C:\ie-spyad_zo
2008-01-12 14:02:46 0 d-------- C:\Program Files\Trend Micro
2008-01-12 13:54:12 0 d-------- C:\Documents and Settings\PJ\Application Data\AVG7
2008-01-12 13:54:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-12 13:53:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-12 13:53:26 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7

-- Find3M Report ---------------------------------------------------------------

2008-01-19 13:36:53 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-19 13:36:48 0 d-------- C:\Program Files\Common Files
2008-01-12 13:47:05 0 d-------- C:\Program Files\Driving Test Success 2003-2004

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [26/03/2004 13:07 C:\WINDOWS\system32\VTTimer.exe]
"SoundMan"="SOUNDMAN.EXE" [26/02/2004 15:53 C:\WINDOWS\SOUNDMAN.EXE]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [30/01/2004 10:45]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [22/12/2003 07:38]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [09/06/2003 23:11]
"MISAggregator"="" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [29/02/2004 16:44]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [14/11/2002 19:29]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [12/03/2005 10:49]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [13/04/2005 03:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [26/07/2004 19:34]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/01/2008 13:53]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 09:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [15/11/2004 19:45]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [12/01/2008 14:25]

C:\Documents and Settings\PJ\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [29/08/2003 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [16/09/2003 04:19:24]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"wininet.dll"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=MsgPlusLoader.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFTray]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

-- End of Deckard's System Scanner: finished at 2008-01-19 13:39:38 ------------

#9 shannianni

Group: Member
Posts: 922
Joined: 11-May 05

Posted 19 January 2008 - 07:49 AM

thanks for your time

this is not my pc its a friends so i have to go to his house to run the relevant tools and to reply

if you reply i will be as quick as possible

many thanks

shannianni

#10 Rorschach112

Group: Retired Staff
Posts: 47,710
Joined: 23-March 07

Posted 19 January 2008 - 08:44 AM

One more scan then we should be done

Download and scan with SUPERAntiSpyware Free for Home Users

Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Also tell me how the PC is running now

#11 shannianni

Group: Member
Posts: 922
Joined: 11-May 05

Posted 20 January 2008 - 04:50 AM

Rorschach112

hi my friend is running a scan i will try to reply today with the report

can you tell me is this ok, i am trying to learn what the lines are.

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

also his pc say his virtual memory is low, why is this

many thanks for your time with helping me

shannianni

#12 Rorschach112

Group: Retired Staff
Posts: 47,710
Joined: 23-March 07

Posted 20 January 2008 - 08:57 AM

Those entries are legit, check this link

http://www.bleepingcomputer.com/startups/c...n.exe-1121.html

The virtual memory problem is not malware related, probably needs to upgrade the PC.

Post the results of the scan when it is done and tell me how the PC is running

#13 shannianni

Group: Member
Posts: 922
Joined: 11-May 05

Posted 21 January 2008 - 12:07 PM

hi

sorry for the delay here is the log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/20/2008 at 11:01 AM

Application Version : 3.9.1008

Core Rules Database Version : 0
Trace Rules Database Version: 1378

Scan type : Complete Scan
Total Scan Time : 00:18:06

Memory items scanned : 445
Memory threats detected : 0
Registry items scanned : 6035
Registry threats detected : 1
File items scanned : 30190
File threats detected : 25

Adware.Tracking Cookie
C:\Documents and Settings\PJ\Cookies\pj@revsci[2].txt
C:\Documents and Settings\PJ\Cookies\pj@ehg-autotrader.hitbox[1].txt
C:\Documents and Settings\PJ\Cookies\pj@indextools[2].txt
C:\Documents and Settings\PJ\Cookies\pj@hitbox[1].txt
C:\Deckard\System Scanner\20080119133832\backup\DOCUME~1\PJ\LOCALS~1\Temp\Cookies\pj@atdmt[1].txt
C:\Deckard\System Scanner\20080119133832\backup\DOCUME~1\PJ\LOCALS~1\Temp\Cookies\pj@counter12.sextracker[1].txt
C:\Deckard\System Scanner\20080119133832\backup\DOCUME~1\PJ\LOCALS~1\Temp\Cookies\pj@counter2.sextracker[1].txt
C:\Deckard\System Scanner\20080119133832\backup\DOCUME~1\PJ\LOCALS~1\Temp\Cookies\pj@cs.sexcounter[2].txt
C:\Deckard\System Scanner\20080119133832\backup\DOCUME~1\PJ\LOCALS~1\Temp\Cookies\pj@ehg-legonewyorkinc.hitbox[2].txt
C:\Deckard\System Scanner\20080119133832\backup\DOCUME~1\PJ\LOCALS~1\Temp\Cookies\pj@hitbox[2].txt
C:\Deckard\System Scanner\20080119133832\backup\DOCUME~1\PJ\LOCALS~1\Temp\Cookies\pj@image.masterstats[1].txt
C:\Deckard\System Scanner\20080119133832\backup\DOCUME~1\PJ\LOCALS~1\Temp\Cookies\pj@pornaccess[1].txt
C:\Deckard\System Scanner\20080119133832\backup\DOCUME~1\PJ\LOCALS~1\Temp\Cookies\pj@sextracker[2].txt
C:\Deckard\System Scanner\20080119133832\backup\DOCUME~1\PJ\LOCALS~1\Temp\Cookies\pj@statcounter[1].txt
C:\Deckard\System Scanner\20080119133832\backup\DOCUME~1\PJ\LOCALS~1\Temp\Cookies\pj@toplist[1].txt
C:\Deckard\System Scanner\20080119133832\backup\DOCUME~1\PJ\LOCALS~1\Temp\Cookies\pj@windowsmedia[1].txt
C:\Deckard\System Scanner\20080119133832\backup\DOCUME~1\PJ\LOCALS~1\Temp\Cookies\pj@www.[bleep]ing-cash[2].txt
C:\Deckard\System Scanner\20080119133832\backup\DOCUME~1\PJ\LOCALS~1\Temp\Cookies\pj@www.penisbot[2].txt
C:\Deckard\System Scanner\20080119133832\backup\DOCUME~1\PJ\LOCALS~1\Temp\Cookies\pj@www.porn365[1].txt
C:\Documents and Settings\KS\Cookies\ks@ehg-autotrader.hitbox[1].txt
C:\Documents and Settings\KS\Cookies\ks@hitbox[2].txt

Trojan.Security Toolbar
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url
C:\Documents and Settings\PJ\Favorites\Antivirus Test Online.url
C:\Documents and Settings\All Users\Desktop\Online Security Guide.url

Trojan.Homepage/Puper
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#wininet.dll

#14 Rorschach112

Group: Retired Staff
Posts: 47,710
Joined: 23-March 07

Posted 21 January 2008 - 12:13 PM

Your logs look good ! We need to do a few things

Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html

Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

#15 shannianni

Group: Member
Posts: 922
Joined: 11-May 05

Posted 21 January 2008 - 04:14 PM

Rorschach112

thank you very much I will perform these tasks when I see him later tomorrow.
His family has 4 accounts I have told him to delete 3 and just keep 1 as his kids use the rest and have told him why, also today I ran a disc defrag as it was quite bad I hope this was ok?

he has norton firewall is this ok? or is there a better one available?

once again thank you for your patience and your help.

Many thanks

Ian aka shannianni ( my daughters name )

Back to Virus, Spyware, Malware Removal

Share this topic:

2 Pages
1
2
→

Please log in to reply

please help me my pc is so slow [CLOSED] [RESOLVED] - Geeks to Go Forums