Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Older system freezing up [RESOLVED]


  • This topic is locked This topic is locked

#31
a_to_z

a_to_z

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
It doesn't work. I click on the fix.zip attatchment in your post and no matter whether I select "save" or "open" in the window that pops up, the window just closes and nothing happens. By the way, my CPU is now running at 100% because of the helpsvc.exe process. Is that part of what is wrong?
  • 0

Advertisements


#32
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
I have hosted the run file here

http://www.mediafire.com/?2jl9s3gvgw0

So all you have to do is download that, open the run file(don't need to save it), and fix the items that I checked

Let me know how that goes
  • 0

#33
a_to_z

a_to_z

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
I was able to run the file from the host site. Unfortunately, I did reboot and the error messages are still there.
  • 0

#34
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
This is strange, all your logs are coming up clean

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.



Please download and unzip Icesword to its own folder on your desktop


If you get a lot of "red entries" in an IceSword log, don't panic.

Step 1 : Close all windows and run IceSword. Click the Processes tab and watch for processes displayed in red color. A red colored process in this list indicates that it's hidden. Write down the PathName of any processes in red color. Then click on LOG at the top left. It will prompt you to save the log, call this Processes and save it to your desktop.


Step 2 : Click the Win32 Services tab and look out for red colored entries in the services list. Write down the Module name of any services in red color, you will need to expand out the Module tab to see the full name. Then click on LOG. It will prompt you to save the log, call this Services and save it to your desktop.


Step 3 : Click the Startup tab and look out for red colored entries in the startup list. Write down the Path of any startup entries in red color. Then click on LOG. It will prompt you to save the log, call this Startup and save it to your desktop.


Step 4 : Click the SSDT tab and check for red colored entries. If there are any, write down the KModule name.


Step 5 : Click the Message Hooks tab and check for any entries that are underneath Type and labelled WH_KEYBOARD. Write down the Process Path of these entries if present.



Now post all of the data collected under the headings for :

Processes
Win32 Services
Startup
SSDT
Message Hooks

  • 0

#35
a_to_z

a_to_z

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
Should I do both programs in safe mode or just the first one? Should I temporarily disable Norton since it was fussy before? Thanks!
  • 0

#36
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Just run SDFix in Safe Mode, no need to disable Norton as it wont be running in Safe Mode

Run IceSword.exe from Normal Mode

If you can write down the file path of the error you get when your PC starts up that will help as well
  • 0

#37
a_to_z

a_to_z

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
This is SDFix, Icesword report will be in the next post.

SDFix: Version 1.144

Run by angi on Thu 02/21/2008 at 05:56 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Checking Files:

No Trojan Files Found






Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 18:11:56
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:



Files with Hidden Attributes:

Thu 23 Aug 2001 94,784 ..SH. --- "C:\WINDOWS\twain.dll"
Thu 23 Aug 2001 46,592 ..SH. --- "C:\WINDOWS\twain_32.dll"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 23 Aug 2001 995,383 ..SH. --- "C:\WINDOWS\system32\mfc42.dll"
Thu 23 Aug 2001 50,688 ..SH. --- "C:\WINDOWS\system32\msvcirt.dll"
Thu 29 Aug 2002 401,462 A.SH. --- "C:\WINDOWS\system32\msvcp60.dll"
Thu 29 Aug 2002 323,072 A.SH. --- "C:\WINDOWS\system32\msvcrt.dll"
Thu 29 Aug 2002 569,344 ..SH. --- "C:\WINDOWS\system32\oleaut32.dll"
Thu 23 Aug 2001 106,496 ..SH. --- "C:\WINDOWS\system32\olepro32.dll"
Thu 23 Aug 2001 9,728 ..SH. --- "C:\WINDOWS\system32\regsvr32.exe"
Mon 19 Jan 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 3 Dec 2005 782 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv11.bak"
Sat 26 Nov 2005 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Sat 26 Nov 2005 48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Sun 22 Jan 2006 460 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti2.tmp"
Sun 18 Dec 2005 48,640 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 11CP\~WRL0001.tmp"
Mon 14 Nov 2005 27,648 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 11CP\~WRL0002.tmp"
Sun 23 Oct 2005 24,064 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 11CP\~WRL0004.tmp"
Tue 15 Nov 2005 30,208 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 11CP\~WRL0138.tmp"
Mon 19 Dec 2005 58,880 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 11CP\~WRL0162.tmp"
Mon 19 Dec 2005 59,392 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 11CP\~WRL0372.tmp"
Mon 19 Dec 2005 58,880 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 11CP\~WRL0899.tmp"
Mon 19 Dec 2005 59,392 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 11CP\~WRL0958.tmp"
Mon 19 Dec 2005 58,880 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 11CP\~WRL0976.tmp"
Mon 19 Dec 2005 50,688 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 11CP\~WRL0988.tmp"
Tue 15 Nov 2005 29,696 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 11CP\~WRL1308.tmp"
Tue 15 Nov 2005 29,184 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 11CP\~WRL1476.tmp"
Mon 19 Dec 2005 59,392 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 11CP\~WRL1713.tmp"
Mon 19 Dec 2005 60,416 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 11CP\~WRL1730.tmp"
Mon 19 Dec 2005 57,856 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 11CP\~WRL1813.tmp"
Mon 19 Dec 2005 51,712 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 11CP\~WRL1878.tmp"
Mon 19 Dec 2005 51,712 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 11CP\~WRL2122.tmp"
Tue 15 Nov 2005 29,696 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 11CP\~WRL2593.tmp"
Mon 19 Dec 2005 57,856 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 11CP\~WRL2671.tmp"
Mon 19 Dec 2005 59,392 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 11CP\~WRL3042.tmp"
Mon 19 Dec 2005 53,248 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 11CP\~WRL3301.tmp"
Mon 19 Dec 2005 58,880 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 11CP\~WRL3373.tmp"
Tue 15 Nov 2005 28,672 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 11CP\~WRL3584.tmp"
Mon 19 Dec 2005 49,664 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 11CP\~WRL3703.tmp"
Mon 19 Dec 2005 59,392 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 11CP\~WRL3965.tmp"
Tue 15 Nov 2005 29,184 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 11CP\~WRL4025.tmp"
Mon 19 Dec 2005 58,880 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 11CP\~WRL4032.tmp"
Tue 15 Nov 2005 30,208 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 11CP\~WRL4077.tmp"
Tue 15 Nov 2005 27,648 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 11CP\~WRL4097.tmp"
Wed 3 Jan 2007 26,112 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL0001.tmp"
Tue 9 Jan 2007 28,672 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL0002.tmp"
Tue 9 Jan 2007 26,112 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL0003.tmp"
Tue 9 Jan 2007 26,112 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL0005.tmp"
Tue 9 Jan 2007 27,648 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL0085.tmp"
Tue 9 Jan 2007 28,160 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL0359.tmp"
Tue 9 Jan 2007 28,672 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL0568.tmp"
Tue 9 Jan 2007 27,648 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL0714.tmp"
Tue 9 Jan 2007 26,112 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL0750.tmp"
Tue 9 Jan 2007 28,672 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL0885.tmp"
Tue 9 Jan 2007 28,672 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL0904.tmp"
Tue 9 Jan 2007 26,624 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL1146.tmp"
Tue 9 Jan 2007 29,184 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL1198.tmp"
Tue 9 Jan 2007 27,648 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL1266.tmp"
Tue 9 Jan 2007 26,624 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL1615.tmp"
Tue 9 Jan 2007 27,648 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL1626.tmp"
Tue 9 Jan 2007 27,648 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL1684.tmp"
Tue 9 Jan 2007 27,648 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL1853.tmp"
Tue 9 Jan 2007 27,136 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL1931.tmp"
Tue 9 Jan 2007 27,136 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL2053.tmp"
Tue 9 Jan 2007 28,160 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL2079.tmp"
Tue 9 Jan 2007 28,160 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL2531.tmp"
Tue 9 Jan 2007 26,112 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL2745.tmp"
Tue 9 Jan 2007 27,136 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL2926.tmp"
Tue 9 Jan 2007 27,648 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL2968.tmp"
Tue 9 Jan 2007 28,672 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL3009.tmp"
Tue 9 Jan 2007 27,136 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL3217.tmp"
Tue 9 Jan 2007 29,184 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL3266.tmp"
Tue 9 Jan 2007 28,160 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL3307.tmp"
Tue 9 Jan 2007 28,672 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL3369.tmp"
Tue 9 Jan 2007 28,672 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL3374.tmp"
Tue 9 Jan 2007 27,136 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL3398.tmp"
Tue 9 Jan 2007 27,136 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL3420.tmp"
Tue 9 Jan 2007 26,624 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL3539.tmp"
Tue 9 Jan 2007 28,672 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL3723.tmp"
Tue 9 Jan 2007 26,624 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL3783.tmp"
Tue 9 Jan 2007 28,160 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL3858.tmp"
Tue 9 Jan 2007 26,112 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL3930.tmp"
Tue 9 Jan 2007 27,136 ...H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\English 12 CP\~WRL3950.tmp"
Mon 21 Nov 2005 163,840 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\Spanish\~WRL0069.tmp"
Mon 21 Nov 2005 165,376 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\Spanish\~WRL0450.tmp"
Mon 21 Nov 2005 165,376 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\Spanish\~WRL0937.tmp"
Mon 21 Nov 2005 163,840 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\Spanish\~WRL1070.tmp"
Mon 21 Nov 2005 163,840 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\Spanish\~WRL1302.tmp"
Mon 21 Nov 2005 163,840 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\Spanish\~WRL1611.tmp"
Mon 21 Nov 2005 163,840 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\Spanish\~WRL2423.tmp"
Mon 21 Nov 2005 165,376 A..H. --- "C:\Documents and Settings\Allyson\My Documents\School\Sterling\Spanish\~WRL2612.tmp"
Sat 17 Jan 2004 7,318 A..H. --- "C:\Documents and Settings\angi\Application Data\Microsoft\Office\Shortcut Bar\Off3D.tmp"
Wed 4 May 2005 25,088 ...H. --- "C:\Documents and Settings\Jennifer\My Documents\Jen\School Stuff\Bio\~WRL0040.tmp"
Wed 4 May 2005 26,112 ...H. --- "C:\Documents and Settings\Jennifer\My Documents\Jen\School Stuff\Bio\~WRL0522.tmp"
Wed 4 May 2005 24,064 ...H. --- "C:\Documents and Settings\Jennifer\My Documents\Jen\School Stuff\Bio\~WRL3061.tmp"
Wed 4 May 2005 24,576 ...H. --- "C:\Documents and Settings\Jennifer\My Documents\Jen\School Stuff\Bio\~WRL3474.tmp"
Mon 21 Mar 2005 25,088 ...H. --- "C:\Documents and Settings\Jennifer\My Documents\Jen\School Stuff\Bio\~WRL3546.tmp"
Thu 12 Feb 2004 84,992 ...H. --- "C:\Documents and Settings\Jennifer\My Documents\Jen\School Stuff\Physics\~WRL0342.tmp"
Sat 18 Mar 2006 27,136 A..H. --- "C:\Documents and Settings\Allyson\My Documents\Other\Layouts\Quizilla\In Keeping Secrets Of Silent Earth\~WRL0001.tmp"
Sat 18 Mar 2006 26,112 A..H. --- "C:\Documents and Settings\Allyson\My Documents\Other\Layouts\Quizilla\In Keeping Secrets Of Silent Earth\~WRL0004.tmp"
Sat 18 Mar 2006 24,576 A..H. --- "C:\Documents and Settings\Allyson\My Documents\Other\Layouts\Quizilla\In Keeping Secrets Of Silent Earth\~WRL0005.tmp"
Sat 18 Mar 2006 27,648 A..H. --- "C:\Documents and Settings\Allyson\My Documents\Other\Layouts\Quizilla\In Keeping Secrets Of Silent Earth\~WRL0006.tmp"
Sat 18 Mar 2006 24,576 A..H. --- "C:\Documents and Settings\Allyson\My Documents\Other\Layouts\Quizilla\In Keeping Secrets Of Silent Earth\~WRL2216.tmp"
Sat 18 Mar 2006 24,576 A..H. --- "C:\Documents and Settings\Allyson\My Documents\Other\Layouts\Quizilla\In Keeping Secrets Of Silent Earth\~WRL2263.tmp"
Sat 18 Mar 2006 24,576 A..H. --- "C:\Documents and Settings\Allyson\My Documents\Other\Layouts\Quizilla\In Keeping Secrets Of Silent Earth\~WRL2315.tmp"
Sat 18 Mar 2006 26,112 A..H. --- "C:\Documents and Settings\Allyson\My Documents\Other\Layouts\Quizilla\In Keeping Secrets Of Silent Earth\~WRL3796.tmp"
Sat 18 Mar 2006 25,088 A..H. --- "C:\Documents and Settings\Allyson\My Documents\Other\Layouts\Quizilla\In Keeping Secrets Of Silent Earth\~WRL3802.tmp"
Sat 18 Mar 2006 26,624 A..H. --- "C:\Documents and Settings\Allyson\My Documents\Other\Layouts\Quizilla\In Keeping Secrets Of Silent Earth\~WRL3929.tmp"
Tue 23 Nov 2004 27,136 ...H. --- "C:\Documents and Settings\Jennifer\My Documents\Jen\School Stuff\English\12CP\~WRL0509.tmp"
Tue 23 Nov 2004 27,648 ...H. --- "C:\Documents and Settings\Jennifer\My Documents\Jen\School Stuff\English\12CP\~WRL1079.tmp"
Tue 23 Nov 2004 30,720 ...H. --- "C:\Documents and Settings\Jennifer\My Documents\Jen\School Stuff\English\12CP\~WRL2891.tmp"
Tue 11 Jan 2005 26,112 ...H. --- "C:\Documents and Settings\Jennifer\My Documents\Jen\School Stuff\English\12CP\~WRL2929.tmp"
Tue 23 Nov 2004 27,648 ...H. --- "C:\Documents and Settings\Jennifer\My Documents\Jen\School Stuff\English\12CP\~WRL3099.tmp"
Tue 11 Jan 2005 25,088 ...H. --- "C:\Documents and Settings\Jennifer\My Documents\Jen\School Stuff\English\12CP\~WRL3424.tmp"
Tue 31 May 2005 24,064 ...H. --- "C:\Documents and Settings\Jennifer\My Documents\Jen\School Stuff\English\12CP\Senior Project\~WRL1025.tmp"
Wed 1 Jun 2005 27,136 ...H. --- "C:\Documents and Settings\Jennifer\My Documents\Jen\School Stuff\English\12CP\Senior Project\~WRL1757.tmp"
Wed 1 Jun 2005 24,576 ...H. --- "C:\Documents and Settings\Jennifer\My Documents\Jen\School Stuff\English\12CP\Senior Project\~WRL1768.tmp"
Wed 1 Jun 2005 27,136 ...H. --- "C:\Documents and Settings\Jennifer\My Documents\Jen\School Stuff\English\12CP\Senior Project\~WRL2967.tmp"
Wed 1 Jun 2005 27,648 ...H. --- "C:\Documents and Settings\Jennifer\My Documents\Jen\School Stuff\English\12CP\Senior Project\~WRL3444.tmp"
Sun 16 May 2004 32,256 ...H. --- "C:\Documents and Settings\Jennifer\My Documents\Jen\School Stuff\English\Wagner\Debate\~WRL1913.tmp"
Mon 24 May 2004 26,112 ...H. --- "C:\Documents and Settings\Jennifer\My Documents\Jen\School Stuff\English\Wagner\Debate\~WRL2730.tmp"
Mon 24 May 2004 24,064 ...H. --- "C:\Documents and Settings\Jennifer\My Documents\Jen\School Stuff\English\Wagner\Debate\~WRL3496.tmp"

Finished!
  • 0

#38
a_to_z

a_to_z

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
Icesword Data:

Processes
No red entries

Win32 Services
No red entries

Startup
No red entries

SSDT
GoBack2K.sys appears twice
Unknown appears twice
\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys appears twice

Message Hooks
C:\WINDOWS\system32\ctfmon.exe appears once
C:\Program Files\Messenger\msmsgs.exe appears 3 times
C:\WINDOWS\system32\hphmon03.exe appears once
C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE appears 10 times
C:\Program Files\Spybot Search & Destroy\TeaTimer.exe appears once
C:\WINDOWS\explorer.exe appears 3 times
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe appears once
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe appears once

I wasn't sure if you needed the log files as well, will post those next if you want.
  • 0

#39
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Yes post the logs as well just so we don't miss anything

Do this as well

Download Silent Runners and extract it to a new folder on your Desktop.
Run the Silent Runners.vbs file.
You will receive a prompt: "Do you want to skip supplementary searches?" - click "NO."
If your antivirus has a script blocker, you will get a warning asking if you want to allow Silent Runners.vbs to run.
This script is not malicious so please allow it.
A text file will appear in the folder - it's not done, let it run. (It won't appear to be doing anything!)
Once the "All Done!" prompt flashes up, open the text file, and copy & paste it in your next reply.


Whatever is on your PC is hiding quite well.
  • 0

#40
a_to_z

a_to_z

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
Posting the Icesword logs:

Started Service:

Service Name:aawservice Display Name:Ad-Aware 2007 Service
Service Name:ALG Display Name:Application Layer Gateway Service
Service Name:AudioSrv Display Name:Windows Audio
Service Name:Automatic LiveUpdate Scheduler Display Name:Automatic LiveUpdate Scheduler
Service Name:AVG Anti-Spyware Guard Display Name:AVG Anti-Spyware Guard
Service Name:Bonjour Service Display Name:##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##
Service Name:Browser Display Name:Computer Browser
Service Name:ccEvtMgr Display Name:Symantec Event Manager
Service Name:ccSetMgr Display Name:Symantec Settings Manager
Service Name:CryptSvc Display Name:Cryptographic Services
Service Name:Dhcp Display Name:DHCP Client
Service Name:dmserver Display Name:Logical Disk Manager
Service Name:Dnscache Display Name:DNS Client
Service Name:ERSvc Display Name:Error Reporting Service
Service Name:Eventlog Display Name:Event Log
Service Name:EventSystem Display Name:COM+ Event System
Service Name:FastUserSwitchingCompatibility Display Name:Fast User Switching Compatibility
Service Name:GBPoll Display Name:GoBack Polling Service
Service Name:helpsvc Display Name:Help and Support
Service Name:iPod Service Display Name:iPod Service
Service Name:lanmanserver Display Name:Server
Service Name:lanmanworkstation Display Name:Workstation
Service Name:LmHosts Display Name:TCP/IP NetBIOS Helper
Service Name:MDM Display Name:Machine Debug Manager
Service Name:Messenger Display Name:Messenger
Service Name:navapsvc Display Name:Norton AntiVirus Auto-Protect Service
Service Name:Netman Display Name:Network Connections
Service Name:Nla Display Name:Network Location Awareness (NLA)
Service Name:NPFMntor Display Name:Norton AntiVirus Firewall Monitor Service
Service Name:NProtectService Display Name:Norton Unerase Protection
Service Name:PlugPlay Display Name:Plug and Play
Service Name:Pml Driver Display Name:Pml Driver
Service Name:Pml Driver HPZ12 Display Name:Pml Driver HPZ12
Service Name:PolicyAgent Display Name:IPSEC Services
Service Name:ProtectedStorage Display Name:Protected Storage
Service Name:RasMan Display Name:Remote Access Connection Manager
Service Name:RemoteRegistry Display Name:Remote Registry
Service Name:RpcSs Display Name:Remote Procedure Call (RPC)
Service Name:SamSs Display Name:Security Accounts Manager
Service Name:Schedule Display Name:Task Scheduler
Service Name:seclogon Display Name:Secondary Logon
Service Name:SENS Display Name:System Event Notification
Service Name:SharedAccess Display Name:Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
Service Name:ShellHWDetection Display Name:Shell Hardware Detection
Service Name:SNDSrvc Display Name:Symantec Network Drivers Service
Service Name:SPBBCSvc Display Name:Symantec SPBBCSvc
Service Name:Speed Disk service Display Name:Speed Disk service
Service Name:Spooler Display Name:Print Spooler
Service Name:srservice Display Name:System Restore Service
Service Name:SSDPSRV Display Name:SSDP Discovery Service
Service Name:Symantec Core LC Display Name:Symantec Core LC
Service Name:TapiSrv Display Name:Telephony
Service Name:TermService Display Name:Terminal Services
Service Name:Themes Display Name:Themes
Service Name:TrkWks Display Name:Distributed Link Tracking Client
Service Name:UMWdf Display Name:Windows User Mode Driver Framework
Service Name:uploadmgr Display Name:Upload Manager
Service Name:W32Time Display Name:Windows Time
Service Name:WebClient Display Name:WebClient
Service Name:winmgmt Display Name:Windows Management Instrumentation
Service Name:wuauserv Display Name:Automatic Updates
Service Name:WZCSVC Display Name:Wireless Zero Configuration

Startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
D-Link AirPlus Xtreme G
C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ANIWZCSService
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HPDJ Taskbar Utility
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvCplDaemon
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
nwiz
nwiz.exe /install

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ccApp
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SSC_UserPrompt
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Symantec NetDriver Monitor
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RemoteControl
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HPHmon03
C:\WINDOWS\System32\hphmon03.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TkBellExe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
QuickTime Task
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
iTunesHelper
"C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SunJavaUpdateSched
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adobe Reader Speed Launcher
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
MSMSGS
"C:\Program Files\Messenger\msmsgs.exe" /background

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Norton SystemWorks
"C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe
C:\WINDOWS\System32\ctfmon.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
SpybotSD TeaTimer
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk
C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Remark£º)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
desktop.ini


C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk
C:\Program Files\Microsoft Office\Office10\OSA.EXE (Remark£ºMicrosoft Office StartUp)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Norton GoBack.lnk
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe (Remark£ºNorton GoBack)

C:\Documents and Settings\angi\Start Menu\Programs\Startup
desktop.ini


C:\Documents and Settings\angi\Start Menu\Programs\Startup
PowerReg Scheduler.exe


Process:

System Idle Process
System
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\hphmon03.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\alg.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\smss.exe
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\NAVAPSVC.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\IWP\NPFMNTOR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hphipm09.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\angi\Desktop\IceSword122en\IceSword122en\IceSword.exe
C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
  • 0

Advertisements


#41
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Ok go on with the SilentRunners step
  • 0

#42
a_to_z

a_to_z

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
I let SilentRunners run overnight, when I checked the PC this morning there still was no "All Done" message. It could not have taken 12 hours to run, could it have? I opened the text file and have pasted what was on there, let me know if I need to start over:

"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Norton SystemWorks" = ""C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz" ["Symantec Corporation"]
"ctfmon.exe" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"D-Link AirPlus Xtreme G" = "C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe" ["D-Link"]
"ANIWZCSService" = "C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" ["Alpha Networks Inc."]
"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" ["HP"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"SSC_UserPrompt" = "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"HPHmon03" = "C:\WINDOWS\System32\hphmon03.exe" ["Hewlett-Packard"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]
"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["GRISOFT s.r.o."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {HKLM...CLSID} = "CNavExtBho Class"
\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{5EC3EA89-4453-4416-A78B-65F689DC2048}" = "Goback Drives"
-> {HKLM...CLSID} = "Goback Drives"
\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton GoBack\GBDrvShX.dll" [null data]
"{6809E580-A3A7-11D1-9A00-00A0C945B006}" = "GoBack Shell Extension"
-> {HKLM...CLSID} = "GoBack Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton GoBack\ShellExt.dll" ["Symantec Corporation"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)
-> {HKLM...CLSID} = "SABShellExecuteHook Class"
\InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"]
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["GRISOFT s.r.o."]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> !SASWinLogon\DLLName = "C:\Program Files\SUPERAntiSpyware\SASWINLO.dll" ["SUPERAntiSpyware.com"]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
GoBack\(Default) = "{6809E580-A3A7-11D1-9A00-00A0C945B006}"
-> {HKLM...CLSID} = "GoBack Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton GoBack\ShellExt.dll" ["Symantec Corporation"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Documents and Settings\angi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\angi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Startup items in "angi" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\angi\Start Menu\Programs\Startup
<<!>> "PowerReg Scheduler.exe" [empty string]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Gamma Loader.exe" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"Norton GoBack" -> shortcut to: "C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe" ["Symantec Corporation"]


Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]
"Norton AntiVirus - Scan my computer - angi" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Norton SystemWorks One Button Checkup" -> launches: "C:\Program Files\Norton SystemWorks\OBC.exe /CUSTOM /SCHEDULE /AUTO" ["Symantec Corporation"]
"Symantec Drmc" -> launches: "C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe /CUSTOM /SCHEDULE" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{40D41A8B-D79B-43D7-99A7-9EE0F344C385}" = (no title provided)
-> {HKLM...CLSID} = "AIM Search"
\InProcServer32\(Default) = "C:\Program Files\AIM Toolbar\AIMBar.dll" ["America Online, Inc"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search && Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."]
Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft"]
Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"]
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["GRISOFT s.r.o."]
GoBack Polling Service, GBPoll, "C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe" ["Symantec Corporation"]
iPod Service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Inc."]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton AntiVirus Firewall Monitor Service, NPFMntor, "C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe" ["Symantec Corporation"]
Norton Unerase Protection, NProtectService, "C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE" ["Symantec Corporation"]
Pml Driver, Pml Driver, "C:\WINDOWS\System32\HPHipm09.exe" ["HP"]
Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\System32\HPZipm12.exe" ["HP"]
Speed Disk service, Speed Disk service, "C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE" ["Symantec Corporation"]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
LIDIL hpzll4pi\Driver = "hpzll4pi.dll" ["Hewlett-Packard Company"]


---------- (launch time: 2008-02-21 19:57:09)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 396 seconds.
---------- (total run time: 950 seconds)
  • 0

#43
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Strange all your logs are showing up clean

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.



Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\DOCUME~1\Allyson\APPLIC~1\dbmtui.dll
    C:\DOCUME~1\Tina\LOCALS~1\Temp\ephabwkq.dll
    C:\DOCUME~1\Tina\LOCALS~1\Temp\efcddeb.dll
    C:\DOCUME~1\Tina\LOCALS~1\Temp\xfqdqluc.dll
    C:\DOCUME~1\Tina\LOCALS~1\Temp\pmni.dll
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    purity
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt
  • 0

#44
a_to_z

a_to_z

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
Hello,

Here are the results of your last set of instructions:

VundoFix V6.7.8

Checking Java version...

Java version is 1.4.2.6
Old versions of java are exploitable and should be removed.

Scan started at 4:20:40 PM 2/22/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:20:29 PM, on 2/22/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1203365557654
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 10482 bytes



OTMoveIt2 log:

File/Folder C:\DOCUME~1\Allyson\APPLIC~1\dbmtui.dll not found.
File/Folder C:\DOCUME~1\Tina\LOCALS~1\Temp\ephabwkq.dll not found.
File/Folder C:\DOCUME~1\Tina\LOCALS~1\Temp\efcddeb.dll not found.
File/Folder C:\DOCUME~1\Tina\LOCALS~1\Temp\xfqdqluc.dll not found.
File/Folder C:\DOCUME~1\Tina\LOCALS~1\Temp\pmni.dll not found.
[Custom Input]
< purity >

OTMoveIt2 v1.0.20 log created on 02222008_172309

Will post DSS scan in next message.

Edited by a_to_z, 22 February 2008 - 04:37 PM.

  • 0

#45
a_to_z

a_to_z

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
Here are the DSS files:

Deckard's System Scanner v20071014.68
Run by angi on 2008-02-22 17:36:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-02-22 22:37:00 UTC - RP1300 - Deckard's System Scanner Restore Point
3: 2008-02-22 16:13:56 UTC - RP1299 - System Checkpoint
2: 2008-02-21 16:08:25 UTC - RP1298 - ComboFix created restore point
1: 2008-02-20 23:30:45 UTC - RP1297 - After fix


Performed disk cleanup.



-- HijackThis (run as angi.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:37:19 PM, on 2/22/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\angi\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\angi.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1203365557654
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 10514 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080220-154626-969 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 GBDevice - c:\windows\system32\drivers\gbdevice.sys <Not Verified; Symantec Corporation; Norton GoBack>
R0 GoBack2K - c:\windows\system32\drivers\goback2k.sys <Not Verified; Symantec Corporation; Norton GoBack>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
R2 BCMNTIO - c:\program files\checkit\diagnostics\bcmntio.sys
R2 GBFSHook - c:\windows\system32\drivers\gbfshook.sys <Not Verified; Symantec Corporation; Norton GoBack>
R2 MAPMEM - c:\program files\checkit\diagnostics\mapmem.sys
R3 A3AB (D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)) - c:\windows\system32\drivers\a3ab.sys <Not Verified; D-Link Corporation; D-Link Wireless Network adapter>

S3 catchme - c:\docume~1\angi\locals~1\temp\catchme.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 SDdriver - c:\windows\system32\drivers\sddriver.sys <Not Verified; Symantec Corporation; Norton Speed Disk>
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 892)
2007-04-19 13:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>

C:\WINDOWS\system32\svchost.exe (pid 1116)
2006-02-28 12:42:30 94208 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Computer, Inc.; Bonjour>

C:\WINDOWS\explorer.exe (pid 288)
2006-12-20 13:55:48 77824 --a------ C:\Program Files\SUPERAntiSpyware\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware>


-- Scheduled Tasks -------------------------------------------------------------

2008-02-22 00:00:00 306 --a------ C:\WINDOWS\Tasks\Symantec Drmc.job
2008-02-21 22:57:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-02-18 14:47:56 290 --a------ C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
2008-02-15 20:13:04 546 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - angi.job


-- Files created between 2008-01-22 and 2008-02-22 -----------------------------

2008-02-22 16:20:40 0 d-------- C:\VundoFix Backups
2008-02-21 17:53:05 0 d-------- C:\WINDOWS\ERUNT
2008-02-21 11:06:23 68096 --a------ C:\WINDOWS\System32\zip.exe
2008-02-21 11:06:23 80412 --a------ C:\WINDOWS\System32\grep.exe
2008-02-21 11:06:22 98816 --a------ C:\WINDOWS\System32\sed.exe
2008-02-21 11:06:22 73728 --a------ C:\WINDOWS\System32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-20 17:53:31 0 d-------- C:\Program Files\Common Files\Java
2008-02-19 22:44:49 0 d-------- C:\WINDOWS\Prefetch
2008-02-19 21:37:50 0 d-------- C:\WINDOWS\ServicePackFiles
2008-02-19 21:37:50 0 d-------- C:\WINDOWS\ehome
2008-02-19 20:37:32 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-18 15:47:40 0 d-------- C:\Program Files\Trend Micro
2008-02-18 07:30:56 8576 --a------ C:\WINDOWS\System32\drivers\sdrkjtscwscx.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-02-17 17:25:07 0 d-------- C:\Documents and Settings\angi\Application Data\Grisoft
2008-02-17 13:15:56 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-17 13:15:30 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-17 13:15:30 0 d-------- C:\Documents and Settings\angi\Application Data\SUPERAntiSpyware.com
2008-02-16 00:46:36 0 d-------- C:\Documents and Settings\Tina\Application Data\MSN6
2008-02-16 00:46:36 0 d-------- C:\Documents and Settings\Tina\Application Data\Grisoft
2008-02-16 00:46:36 0 d-------- C:\Documents and Settings\Jennifer\Application Data\Grisoft
2008-02-16 00:46:36 0 d-------- C:\Documents and Settings\Allyson\Application Data\Grisoft
2008-02-16 00:46:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-15 15:27:31 44928 --a------ C:\WINDOWS\System32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-02-15 15:24:26 8576 --a------ C:\WINDOWS\System32\drivers\smpvgfgihmvs.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-02-15 07:29:32 0 d-------- C:\WINDOWS\System32\ActiveScan
2008-01-31 09:48:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-31 09:46:36 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-23 19:45:42 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-23 19:35:32 0 d-------- C:\Program Files\Bonjour
2008-01-23 19:17:25 0 d-------- C:\Program Files\Common Files\Macrovision Shared


-- Find3M Report ---------------------------------------------------------------

2008-02-22 16:16:57 0 d-------- C:\Program Files\Common Files
2008-02-22 16:08:46 0 d-------- C:\Documents and Settings\angi\Application Data\Real
2008-02-21 18:16:21 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-20 18:18:55 0 d-------- C:\Documents and Settings\angi\Application Data\Adobe
2008-02-20 18:01:58 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-20 17:54:52 0 d-------- C:\Program Files\Java
2008-02-19 22:42:06 0 d-------- C:\Program Files\Messenger
2008-02-19 21:37:15 0 d-------- C:\Program Files\Movie Maker
2008-02-19 12:45:45 0 d--h----- C:\Program Files\WindowsUpdate
2008-02-18 07:14:14 0 d-------- C:\Program Files\QuickTime
2008-02-18 07:14:14 0 d-------- C:\Program Files\iTunes
2008-02-18 07:13:47 0 d-------- C:\Program Files\Google
2008-02-13 16:35:08 0 d-------- C:\Program Files\Norton SystemWorks
2008-01-31 09:48:46 0 d-------- C:\Program Files\Lavasoft
2008-01-31 09:48:44 0 d-------- C:\Documents and Settings\angi\Application Data\Lavasoft
2008-01-13 19:10:20 202240 --a------ C:\WINDOWS\System32\Pride & Prejudice - Mr Darcy.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2008-01-13 18:26:09 0 d-------- C:\Documents and Settings\angi\Application Data\Macromedia
2008-01-13 18:03:50 0 d-------- C:\Program Files\Common Files\Macromedia Shared
2008-01-13 18:00:31 0 d-------- C:\Program Files\Common Files\Macromedia
2008-01-13 17:58:29 0 d-------- C:\Program Files\Macromedia
2008-01-13 17:58:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-05 22:48:03 0 d-------- C:\Program Files\iPod
2008-01-05 22:41:41 0 d-------- C:\Program Files\Apple Software Update


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link AirPlus Xtreme G"="C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe" [09/19/2003 09:34 PM]
"ANIWZCSService"="C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [08/21/2003 04:12 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [08/03/2001 09:24 PM]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [07/28/2003 02:19 PM]
"nwiz"="nwiz.exe" [07/28/2003 02:19 PM C:\WINDOWS\system32\nwiz.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/17/2008 11:42 AM]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/02/2004 04:59 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [04/05/2007 10:18 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [10/31/2003 07:42 PM]
"HPHmon03"="C:\WINDOWS\System32\hphmon03.exe" [08/03/2001 09:24 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/20/2007 04:19 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [12/11/2007 10:56 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 12:10 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/29/2002 05:41 AM]
"Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" [09/09/2004 09:12 PM]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [08/29/2002 05:41 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\angi\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [1/20/2004 7:54:58 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [7/1/2005 8:26:28 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
Norton GoBack.lnk - C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe [12/21/2004 10:19:00 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-02-22 17:43:12 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1700MHz
Percentage of Memory in Use: 66%
Physical Memory (total/avail): 511.48 MiB / 172.25 MiB
Pagefile Memory (total/avail): 731.29 MiB / 316.53 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.07 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 76.32 GiB total, 23.71 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (Unformatted)

\\.\PHYSICALDRIVE1 -

\\.\PHYSICALDRIVE0 - Maxtor 4D080H4 - 76.33 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 76.32 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\angi\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TERMINAL1
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\angi
LOGONSERVER=\\TERMINAL1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 0 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=000a
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\angi\LOCALS~1\Temp
TMP=C:\DOCUME~1\angi\LOCALS~1\Temp
USERDOMAIN=TERMINAL1
USERNAME=angi
USERPROFILE=C:\Documents and Settings\angi
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

john (admin)
angi (admin)
Jennifer
Allyson
Tina


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash CS3 Professional --> C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop 5.0.2 --> C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Photoshop 5.0\DeIsL1.isu" -c"C:\Program Files\Adobe\Photoshop 5.0\Uninst.dll"
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
AIM Toolbar --> C:\Program Files\AIM Toolbar\uninstall.exe
AirPlus Xtreme G --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{79B92240-9C65-4DD7-B1AD-59910D2C1353}
ANIO Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74FCFEA6-7447-4BDB-BFEC-FF195AA62A13}\Setup.exe"
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CheckIt Diagnostics --> C:\PROGRA~1\CheckIt\DIAGNO~1\UNWISE.EXE C:\PROGRA~1\CheckIt\DIAGNO~1\INSTALL.LOG
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
Hallmark Card Studio 3 Deluxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A022314D-F75A-4784-9AF7-A5F00C56ECC5}\setup.exe"
Harry Potter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F50AF3B-8997-4916-0095-99D63DDB785A}\setup.exe" -l0x9 Uninstall
Harry Potter and the Prisoner of Azkaban™ --> C:\Program Files\EA GAMES\Harry Potter and the Prisoner of Azkaban™\EAUninstall.exe
Harry Potter II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7BF68B83-5057-4D4B-0093-28285EEB9EE3}\setup.exe" -l0x9 Uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
hp photosmart 1115 series --> rundll32 hpzcon04.dll,VendorJettison hp photosmart 1115 series
hp photosmart printer series (Remove only) --> C:\Program Files\hp photosmart\printer\hphuni03.exe
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
iPod for Windows --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090}
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LOTR The Return of the King tm --> C:\Program Files\EA GAMES\LOTR The Return of the King tm\EAUninstall.exe
Macromedia Flash MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSa22.inf, Uninstall
Microsoft XML Parser and SDK --> MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSRedist --> MsiExec.exe /I{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}
Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton GoBack 4.02 (Symantec Corporation) --> MsiExec.exe /I{1F76ACFA-22FE-49F6-BC05-F4EC835F48CC}
Norton SystemWorks --> MsiExec.exe /I{9E23C48E-5483-4971-BA50-089F2FABCD66}
Norton SystemWorks 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{71E7B3F5-CFAF-4C1E-B494-528E28707937}.exe /X
Norton Utilities --> MsiExec.exe /I{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
NSW_DRM_COLLECTION --> MsiExec.exe /I{900B1884-2D6F-4a70-A3C7-C3F4DA873FDB}
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
Outlook Express Q823353 --> C:\WINDOWS\oeuninst.exe C:\WINDOWS\INF\Q823353.inf
Panda ActiveScan --> C:\WINDOWS\System32\ASUninst.exe Panda ActiveScan
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Pride & Prejudice - Mr Darcy Screen Saver --> C:\WINDOWS\System32\Pride & Prejudice - Mr Darcy.scr /u
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roll --> C:\WINDOWS\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SimSafari --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\DeIsL1.isu
SolidWorks Explorer --> MsiExec.exe /X{45E9E005-0AF1-497D-8B58-0C49DD152AFB}
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
TMPGEnc DVD Author 3 with DivX Authoring Trial Version --> MsiExec.exe /I{CF96BF8E-10A6-4912-942F-E83ABE7BE771}
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows XP Service Pack 1a --> C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type8057 / Warning
Event Submitted/Written: 02/22/2008 04:17:33 PM
Event ID/Source: 1005 / Windows Product Activation
Event Description:
Your Windows product has not been activated with Microsoft yet. Please use the Product Activation Wizard within 30 days.

Event Record #/Type8042 / Error
Event Submitted/Written: 02/22/2008 04:05:03 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 21955421.

Event Record #/Type8041 / Error
Event Submitted/Written: 02/22/2008 04:04:59 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2800.1106, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type8037 / Error
Event Submitted/Written: 02/22/2008 01:34:11 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2800.1106, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type8036 / Error
Event Submitted/Written: 02/22/2008 01:11:05 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2800.1106, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type58202 / Warning
Event Submitted/Written: 02/22/2008 04:15:25 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 12ACE7F10DDC. The IP address being used is 169.254.212.220.

Event Record #/Type58201 / Warning
Event Submitted/Written: 02/22/2008 04:15:19 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 12ACE7F10DDC. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type58187 / Warning
Event Submitted/Written: 02/22/2008 00:36:43 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type58164 / Error
Event Submitted/Written: 02/21/2008 10:57:27 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.0.103 for the Network Card with network address 12ACE7F10DDC has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type58134 / Warning
Event Submitted/Written: 02/21/2008 06:10:05 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 12ACE7F10DDC. The IP address being used is 169.254.212.220.



-- End of Deckard's System Scanner: finished at 2008-02-22 17:43:12 ------------
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP