Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Older Computer but really really slow [CLOSED]

Started by wadeb_21 , Apr 25 2008 08:01 AM

  • This topic is locked This topic is locked

#1
wadeb_21
Posted 25 April 2008 - 08:01 AM

wadeb_21

    Member

  • Member
  • PipPipPip
  • 387 posts
My friend said his computer was extremely slow and wanted to know what he could do to maybe get it checked out. I told him about this site and how it has helped me allot before. So I told him I would take a look at it and come here if I needed to. Well after running Virus Scans and Spyware Scans I cleared some stuff out but it still is really slow. It is an older computer with only 128MB of Ram but I think its runing unusually slow for that amout of RAM. I have attached a Hijackthis Log to this post. I would greatly appreciate it if someone could help me out. Thanks in advance.


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Celeron processor
Percentage of Memory in Use: 80%
Physical Memory (total/avail): 125.98 MiB / 24.55 MiB
Pagefile Memory (total/avail): 498.81 MiB / 285.51 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.52 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 18.59 GiB total, 9.86 GiB free.
D: is CDROM (No Media)
E: is Removable (FAT)

\\.\PHYSICALDRIVE0 - ST320410A - 18.65 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 18.59 GiB - C:

\\.\PHYSICALDRIVE1 - Staples USB Device - 54.91 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 60.53 MiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\ADMIN\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-U10IXI0ANW
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\ADMIN
LOGONSERVER=\\YOUR-U10IXI0ANW
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=080a
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMIN\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMIN\LOCALS~1\Temp
USERDOMAIN=YOUR-U10IXI0ANW
USERNAME=ADMIN
USERPROFILE=C:\Documents and Settings\ADMIN
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
ed (admin)
ADMIN (admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E518B2-B174-11D3-9D4E-0060B0A4823E}\setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Beetle Buggin' --> C:\WINDOWS\System32\UninstallBeetle.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conexant SoftK56 Modem(M) --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_8D8B155D\hxfSETUP.EXE -U -IVEN_14F1&DEV_2F00&SUBSYS_8D8B155D
Corel WordPerfect Suite 8 --> C:\Corel\Suite8\AppMan\Setup\REMOVELAUNCHER.EXE
dxvid --> c:\windows\system32\dxvid.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intergalactic Exterminator Demo --> C:\PROGRA~1\eGames\INTERG~1\UNWISE.EXE C:\PROGRA~1\eGames\INTERG~1\INSTALL.LOG
Lexmark Supplies Monitor --> C:\WINDOWS\System32\LXSMUNIN.EXE
Lexmark Z23-Z33 --> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxaiUN5C.EXE -dLexmark Z23-Z33
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
McAfee VirusScan Home Edition --> MsiExec.exe /I{E4DC62CE-5F95-11D6-B254-00C04FF4B435}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Home Publishing Express 2000 --> MsiExec.exe /I{1F90C982-33C6-11D3-A3E0-00C04F7989D8}
Microsoft MechCommander 2 Demo --> "C:\Program Files\Microsoft Games\MechCommander 2 Demo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Money 2002 --> MsiExec.exe /I{E7298FD5-1386-11D5-8D6C-0050DAD32D95}
Microsoft Money 2002 System Pack --> MsiExec.exe /I{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}
Microsoft Press Interactive Training --> C:\Program Files\MSPress\Training\lunins32_s.exe
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 2000 --> MsiExec.exe /I{56364334-9530-11D2-BFFC-00C04FA329AA}
ms1src --> C:\Program Files\Common Files\system\ms1src.exe /uninstall
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
TContext --> "C:\Program Files\Internet Optimizer\optimize.exe" /u 8
Viewpoint Media Player (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WG111v2 Configuration Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0F252A6-DE85-4E93-A93B-DFC3537B3965}\setup.exe" -l0x9 REMOVE -removeonly
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Word Connect Demo --> C:\PROGRA~1\eGames\WORDCO~1\UNWISE.EXE C:\PROGRA~1\eGames\WORDCO~1\INSTALL.LOG
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Install Manager --> C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type436 / Warning
Event Submitted/Written: 04/23/2008 02:05:23 PM
Event ID/Source: 1020 / ASP.NET 1.1.4322.0
Event Description:
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Event Record #/Type413 / Warning
Event Submitted/Written: 04/23/2008 01:40:19 PM
Event ID/Source: 0 / System.ServiceModel.Install 3.0.0.0
Event Description:
Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly.
If you believe this message is an error, check your IIS installation to make sure it is installed properly.

Event Record #/Type396 / Warning
Event Submitted/Written: 04/23/2008 01:22:04 PM
Event ID/Source: 40 / WinMgmt
Event Description:
WMI ADAP was unable to create the object Win32_PerfRawData_ASPNET_2050727_ASPNETAppsv2050727 for Performance Library ASP.NET_2.0.50727 because error 0x80041001 was returned

Event Record #/Type395 / Warning
Event Submitted/Written: 04/23/2008 01:22:04 PM
Event ID/Source: 35 / WinMgmt
Event Description:
WMI ADAP was unable to load the ASP.NET_2.0.50727 performance library because it returned invalid data: 0x0

Event Record #/Type394 / Warning
Event Submitted/Written: 04/23/2008 01:22:01 PM
Event ID/Source: 40 / WinMgmt
Event Description:
WMI ADAP was unable to create the object Win32_PerfRawData_ASPNET_ASPNETApplications for Performance Library ASP.NET because error 0x80041001 was returned



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type11882 / Error
Event Submitted/Written: 04/25/2008 09:29:46 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Event Record #/Type11880 / Error
Event Submitted/Written: 04/25/2008 09:29:44 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Event Record #/Type11868 / Error
Event Submitted/Written: 04/25/2008 09:29:10 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The AVSync Manager service failed to start due to the following error:
%%2

Event Record #/Type11863 / Warning
Event Submitted/Written: 04/25/2008 09:25:51 AM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "SAS window"

Event Record #/Type11862 / Error
Event Submitted/Written: 04/25/2008 09:16:15 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}



-- End of Deckard's System Scanner: finished at 2008-04-25 09:44:20 ------------
  • 0

Advertisements

#2
wadeb_21
Posted 28 April 2008 - 05:53 AM

wadeb_21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 387 posts
I was just wondering if someone would help me out with this its been a few days since I started the topic. I would really appreciate it thanks.
  • 0

#3
Essexboy
Posted 29 April 2008 - 01:02 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay could I have a fresh look at your system

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#4
wadeb_21
Posted 29 April 2008 - 01:47 PM

wadeb_21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 387 posts
Essexboy

thanks for helping me attached is the Main.txt file. It never gave me a extra.txt file. Should I do the scan again?

Deckard's System Scanner v20071014.68
Run by ADMIN on 2008-04-29 15:39:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 82% (more than 75%).
Total Physical Memory: 126 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-29 15:40:17
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\ADMIN\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.javacools...autoupdate.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Adult Links - {965E6B07-6832-4738-BDBE-25F226BA2AB0} - C:\WINDOWS\system32\QaBar.dll (file missing)
O3 - Toolbar: (no name) - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - (no file)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: setup_pcc.lnk = D:\Setup\setup.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://download.micr...D0C/wmv9dmo.cab
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast....wareControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1130203641171
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O21 - SSODL: SysTray.Exgr - {5368D1FC-4F5C-4f1b-B134-E67214FC78E9} - C:\WINDOWS\System32\blpadcpn.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe


--
End of file - 6844 bytes

-- Files created between 2008-03-29 and 2008-04-29 -----------------------------

2008-04-29 09:05:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-29 09:05:39 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-29 09:05:11 0 d-------- C:\WINDOWS\LastGood
2008-04-25 12:56:14 570 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-25 12:53:43 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-25 12:53:43 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-25 12:53:42 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-25 12:53:42 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-25 12:53:41 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-25 12:53:40 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-25 12:53:39 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-25 12:53:37 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-23 12:43:47 0 d-------- C:\Program Files\MSXML 6.0
2008-04-23 11:41:44 0 d-------- C:\Documents and Settings\ADMIN\Application Data\AVG7
2008-04-23 11:40:32 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-23 11:38:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-23 11:27:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-23 10:42:06 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-23 10:21:14 0 d-------- C:\WINDOWS\system32\LogFiles
2008-04-23 10:21:14 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-23 10:00:45 0 d-------- C:\Program Files\MSBuild
2008-04-23 09:35:20 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-04-23 09:28:07 0 d-------- C:\Program Files\Reference Assemblies
2008-04-23 09:17:37 0 d-------- C:\aa8c3dd9a920c6f20da13c
2008-04-23 08:20:43 0 d-------- C:\WINDOWS\RegisteredPackages
2008-04-23 08:13:21 0 d-------- C:\Program Files\CONEXANT
2008-04-23 08:00:23 0 d-------- C:\WINDOWS\system32\URTTemp
2008-04-22 14:44:46 0 d-------- C:\WINDOWS\network diagnostic
2008-04-22 12:03:16 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-04-22 11:56:19 0 d-------- C:\WINDOWS\Prefetch
2008-04-21 15:22:39 0 d--hs---- C:\Documents and Settings\ADMIN\UserData
2008-04-21 14:58:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-21 14:51:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-21 14:50:30 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-21 14:50:12 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-04-21 14:50:10 0 d-------- C:\Program Files\SpywareBlaster
2008-04-21 13:14:26 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-21 13:14:25 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-21 13:14:24 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-21 13:14:23 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-04-21 13:14:23 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-04-21 13:14:10 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-04-21 13:14:09 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-04-21 13:14:09 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-21 13:14:08 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-21 13:14:08 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-21 13:14:06 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-21 13:14:06 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-21 13:14:05 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-21 13:14:04 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-21 13:14:03 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-21 13:14:03 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-21 13:14:00 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-21 13:13:57 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-21 12:20:30 0 d-------- C:\WINDOWS\pss
2008-04-21 11:56:01 0 d-------- C:\Documents and Settings\ADMIN\Application Data\InterTrust
2008-04-21 11:56:01 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Identities
2008-04-21 11:56:01 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Adobe
2008-04-21 11:56:01 0 d-------- C:\Documents and Settings\ADMIN\and
2008-04-21 11:56:00 0 d-------- C:\Documents and Settings\ADMIN\Users
2008-04-21 11:56:00 0 d--h----- C:\Documents and Settings\ADMIN\Templates
2008-04-21 11:56:00 0 dr------- C:\Documents and Settings\ADMIN\Start Menu
2008-04-21 11:56:00 0 d-------- C:\Documents and Settings\ADMIN\Settings
2008-04-21 11:56:00 0 dr-h----- C:\Documents and Settings\ADMIN\SendTo
2008-04-21 11:56:00 0 dr-h----- C:\Documents and Settings\ADMIN\Recent
2008-04-21 11:56:00 0 d--h----- C:\Documents and Settings\ADMIN\PrintHood
2008-04-21 11:56:00 0 d--h----- C:\Documents and Settings\ADMIN\NetHood
2008-04-21 11:56:00 0 dr------- C:\Documents and Settings\ADMIN\My Documents
2008-04-21 11:56:00 0 d-------- C:\Documents and Settings\ADMIN\Menu
2008-04-21 11:56:00 0 d--h----- C:\Documents and Settings\ADMIN\Local Settings
2008-04-21 11:56:00 0 d-------- C:\Documents and Settings\ADMIN\Gallery
2008-04-21 11:56:00 0 dr------- C:\Documents and Settings\ADMIN\Favorites
2008-04-21 11:56:00 0 dr------- C:\Documents and Settings\ADMIN\Desktop
2008-04-21 11:56:00 0 d--hs---- C:\Documents and Settings\ADMIN\Cookies
2008-04-21 11:56:00 0 d-------- C:\Documents and Settings\ADMIN\Clip
2008-04-21 11:56:00 0 dr-h----- C:\Documents and Settings\ADMIN\Application Data
2008-04-21 11:55:59 1310720 --ah----- C:\Documents and Settings\ADMIN\NTUSER.DAT
2008-04-21 11:48:01 0 d-------- C:\Documents and Settings\Administrator\Gallery
2008-04-21 11:48:01 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-04-21 11:48:01 0 dr------- C:\Documents and Settings\Administrator\Desktop
2008-04-21 11:48:01 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-21 11:48:01 0 d-------- C:\Documents and Settings\Administrator\Clip
2008-04-21 11:48:01 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-21 11:48:01 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-21 11:48:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-04-21 11:48:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-21 11:48:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-21 11:48:01 0 d-------- C:\Documents and Settings\Administrator\and
2008-04-21 11:48:00 0 d-------- C:\Documents and Settings\Administrator\Users
2008-04-21 11:48:00 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-21 11:48:00 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-21 11:48:00 0 d-------- C:\Documents and Settings\Administrator\Settings
2008-04-21 11:48:00 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-21 11:48:00 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-21 11:48:00 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-21 11:48:00 479232 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-21 11:48:00 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-21 11:48:00 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-21 11:48:00 0 d-------- C:\Documents and Settings\Administrator\Menu
2008-04-21 11:48:00 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-21 11:25:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-04-21 10:02:05 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-21 10:00:22 0 d-------- C:\Program Files\AVG
2008-04-21 10:00:16 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-21 09:32:03 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-21 09:31:40 0 d--h----- C:\WINDOWS\$hf_mig$
2008-04-21 09:12:26 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-18 15:25:37 0 --a------ C:\CONFIG.SYS
2008-04-18 15:12:59 0 d-------- C:\Documents and Settings\Default User\Application Data\AVG7
2008-04-18 14:08:23 0 d-------- C:\WINDOWS\peernet
2008-04-18 14:08:18 0 d-------- C:\WINDOWS\provisioning
2008-04-18 14:00:01 0 d-------- C:\WINDOWS\ServicePackFiles
2008-04-18 13:20:54 0 d-------- C:\WINDOWS\EHome
2008-04-08 20:10:59 112384 --a------ C:\WINDOWS\system32\drivers\wg111v2.sys <Not Verified; NETGEAR Inc.; NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NDIS Driver>
2008-04-08 20:10:50 13532 --a------ C:\WINDOWS\system32\drivers\SjyPkt.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
2008-04-08 20:10:39 196608 --a------ C:\WINDOWS\system32\RtlLib.dll <Not Verified; Realtek Semiconductor Corp.; RtlLib Dynamic Link Library>
2008-04-08 20:10:39 155648 --a------ C:\WINDOWS\system32\IpLib.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-04-08 20:10:39 126976 --a------ C:\WINDOWS\system32\EnumDevLib.dll <Not Verified; ; EnumDevLib Dynamic Link Library>
2008-04-08 20:10:39 0 d-------- C:\Program Files\NETGEAR
2008-04-08 20:10:38 0 d-------- C:\WINDOWS\OPTIONS


-- Find3M Report ---------------------------------------------------------------

2008-04-22 13:52:22 0 d-------- C:\Program Files\Messenger
2008-04-22 09:05:17 0 d-------- C:\Program Files\Movie Maker
2008-04-22 08:47:55 0 d-------- C:\Program Files\Windows NT
2008-04-22 07:43:40 0 d-------- C:\Program Files\Common Files
2008-04-22 07:40:37 0 d-------- C:\Program Files\Sqwire
2008-04-21 12:45:21 0 d-------- C:\Program Files\McAfee.com
2008-04-21 08:07:58 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-18 15:05:42 22736 --a----c- C:\WINDOWS\system32\emptyregdb.dat
2008-04-18 14:59:32 0 d-------- C:\Program Files\Online Services
2008-04-18 14:47:20 62 --ahs---- C:\Documents and Settings\ADMIN\Application Data\desktop.ini
2008-04-18 11:18:08 0 d-------- C:\Program Files\Vemcvnv
2008-04-08 20:42:58 0 d-------- C:\Program Files\Beetle Buggin'
2008-04-08 20:21:23 0 d-------- C:\Program Files\Disney Imagineering
2008-04-08 20:21:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-08 20:09:15 0 d-------- C:\Program Files\Common Files\InstallShield


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXSUPMON"="C:\WINDOWS\System32\LXSUPMON.exe" [10/09/2001 12:06 PM]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe" [09/04/2002 11:28 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/23/2008 11:39 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SysTray.Exgr"= {5368D1FC-4F5C-4f1b-B134-E67214FC78E9} - C:\WINDOWS\System32\blpadcpn.dll [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,dblstssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Date Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Date Manager.lnk
backup=C:\WINDOWS\pss\Date Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Service]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TimeSink Ad Client]
"C:\Program Files\TimeSink\AdGateway\TsAdBot.exe"




-- End of Deckard's System Scanner: finished at 2008-04-29 15:43:24 ------------
  • 0

#5
Essexboy
Posted 29 April 2008 - 01:59 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I see it so first we will clear the main problem and then work from there

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Whilst you are running that I will look at the rest of the log for nasties
  • 0

#6
wadeb_21
Posted 30 April 2008 - 06:23 AM

wadeb_21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 387 posts
Essexboy sorry it took me so long to get back to you I was kinda busy last night so I'm just now getting what you told me to do done. This first post is the report from SDfix and the secone post is the new Hijackthis log. Thanks again.


SDFix: Version 1.177
Run by ADMIN on Wed 04/30/2008 at 07:50 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 08:09:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 13 Oct 2004 1,694,208 ...H. --- "C:\Program Files\Messenger\msmsgs.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 31 Jan 2002 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 31 Jan 2002 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv18.bak"
Mon 7 Jun 1999 762,432 A..H. --- "C:\Program Files\eGames\Word Connect Demo\WCSUP.DLL"
Wed 23 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!
  • 0

#7
wadeb_21
Posted 30 April 2008 - 06:24 AM

wadeb_21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 387 posts
Heres the Hijackthis log.


Deckard's System Scanner v20071014.68
Run by ADMIN on 2008-04-30 08:16:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 90% (more than 75%).
Total Physical Memory: 126 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-30 08:17:25
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Documents and Settings\ADMIN\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.javacools...autoupdate.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Adult Links - {965E6B07-6832-4738-BDBE-25F226BA2AB0} - C:\WINDOWS\system32\QaBar.dll (file missing)
O3 - Toolbar: (no name) - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - (no file)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: setup_pcc.lnk = D:\Setup\setup.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://download.micr...D0C/wmv9dmo.cab
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast....wareControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1130203641171
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O21 - SSODL: SysTray.Exgr - {5368D1FC-4F5C-4f1b-B134-E67214FC78E9} - C:\WINDOWS\System32\blpadcpn.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe


--
End of file - 6877 bytes

-- Files created between 2008-03-30 and 2008-04-30 -----------------------------

2008-04-30 07:45:14 0 d-------- C:\WINDOWS\ERUNT
2008-04-29 09:05:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-29 09:05:39 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-25 12:56:14 570 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-25 12:53:43 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-25 12:53:43 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-25 12:53:42 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-25 12:53:42 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-25 12:53:41 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-25 12:53:40 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-25 12:53:39 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-25 12:53:37 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-23 12:43:47 0 d-------- C:\Program Files\MSXML 6.0
2008-04-23 11:41:44 0 d-------- C:\Documents and Settings\ADMIN\Application Data\AVG7
2008-04-23 11:40:32 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-23 11:38:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-23 11:27:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-23 10:42:06 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-23 10:21:14 0 d-------- C:\WINDOWS\system32\LogFiles
2008-04-23 10:21:14 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-23 10:00:45 0 d-------- C:\Program Files\MSBuild
2008-04-23 09:35:20 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-04-23 09:28:07 0 d-------- C:\Program Files\Reference Assemblies
2008-04-23 09:17:37 0 d-------- C:\aa8c3dd9a920c6f20da13c
2008-04-23 08:20:43 0 d-------- C:\WINDOWS\RegisteredPackages
2008-04-23 08:13:21 0 d-------- C:\Program Files\CONEXANT
2008-04-23 08:00:23 0 d-------- C:\WINDOWS\system32\URTTemp
2008-04-22 14:44:46 0 d-------- C:\WINDOWS\network diagnostic
2008-04-22 12:03:16 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-04-22 11:56:19 0 d-------- C:\WINDOWS\Prefetch
2008-04-21 15:22:39 0 d--hs---- C:\Documents and Settings\ADMIN\UserData
2008-04-21 14:58:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-21 14:51:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-21 14:50:30 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-21 14:50:12 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-04-21 14:50:10 0 d-------- C:\Program Files\SpywareBlaster
2008-04-21 13:14:26 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-21 13:14:25 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-21 13:14:24 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-21 13:14:23 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-04-21 13:14:23 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-04-21 13:14:10 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-04-21 13:14:09 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-04-21 13:14:09 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-21 13:14:08 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-21 13:14:08 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-21 13:14:06 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-21 13:14:06 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-21 13:14:05 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-21 13:14:04 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-21 13:14:03 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-21 13:14:03 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-21 13:14:00 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-21 13:13:57 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-21 12:20:30 0 d-------- C:\WINDOWS\pss
2008-04-21 11:56:01 0 d-------- C:\Documents and Settings\ADMIN\Application Data\InterTrust
2008-04-21 11:56:01 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Identities
2008-04-21 11:56:01 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Adobe
2008-04-21 11:56:01 0 d-------- C:\Documents and Settings\ADMIN\and
2008-04-21 11:56:00 0 d-------- C:\Documents and Settings\ADMIN\Users
2008-04-21 11:56:00 0 d--h----- C:\Documents and Settings\ADMIN\Templates
2008-04-21 11:56:00 0 dr------- C:\Documents and Settings\ADMIN\Start Menu
2008-04-21 11:56:00 0 d-------- C:\Documents and Settings\ADMIN\Settings
2008-04-21 11:56:00 0 dr-h----- C:\Documents and Settings\ADMIN\SendTo
2008-04-21 11:56:00 0 dr-h----- C:\Documents and Settings\ADMIN\Recent
2008-04-21 11:56:00 0 d--h----- C:\Documents and Settings\ADMIN\PrintHood
2008-04-21 11:56:00 0 d--h----- C:\Documents and Settings\ADMIN\NetHood
2008-04-21 11:56:00 0 dr------- C:\Documents and Settings\ADMIN\My Documents
2008-04-21 11:56:00 0 d-------- C:\Documents and Settings\ADMIN\Menu
2008-04-21 11:56:00 0 d--h----- C:\Documents and Settings\ADMIN\Local Settings
2008-04-21 11:56:00 0 d-------- C:\Documents and Settings\ADMIN\Gallery
2008-04-21 11:56:00 0 dr------- C:\Documents and Settings\ADMIN\Favorites
2008-04-21 11:56:00 0 dr------- C:\Documents and Settings\ADMIN\Desktop
2008-04-21 11:56:00 0 d--hs---- C:\Documents and Settings\ADMIN\Cookies
2008-04-21 11:56:00 0 d-------- C:\Documents and Settings\ADMIN\Clip
2008-04-21 11:56:00 0 dr-h----- C:\Documents and Settings\ADMIN\Application Data
2008-04-21 11:55:59 1310720 --ah----- C:\Documents and Settings\ADMIN\NTUSER.DAT
2008-04-21 11:48:01 0 d-------- C:\Documents and Settings\Administrator\Gallery
2008-04-21 11:48:01 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-04-21 11:48:01 0 dr------- C:\Documents and Settings\Administrator\Desktop
2008-04-21 11:48:01 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-21 11:48:01 0 d-------- C:\Documents and Settings\Administrator\Clip
2008-04-21 11:48:01 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-21 11:48:01 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-21 11:48:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-04-21 11:48:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-21 11:48:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-21 11:48:01 0 d-------- C:\Documents and Settings\Administrator\and
2008-04-21 11:48:00 0 d-------- C:\Documents and Settings\Administrator\Users
2008-04-21 11:48:00 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-21 11:48:00 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-21 11:48:00 0 d-------- C:\Documents and Settings\Administrator\Settings
2008-04-21 11:48:00 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-21 11:48:00 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-21 11:48:00 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-21 11:48:00 479232 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-21 11:48:00 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-21 11:48:00 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-21 11:48:00 0 d-------- C:\Documents and Settings\Administrator\Menu
2008-04-21 11:48:00 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-21 11:25:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-04-21 10:02:05 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-21 10:00:22 0 d-------- C:\Program Files\AVG
2008-04-21 10:00:16 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-21 09:32:03 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-21 09:31:40 0 d--h----- C:\WINDOWS\$hf_mig$
2008-04-21 09:12:26 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-18 15:25:37 0 --a------ C:\CONFIG.SYS
2008-04-18 15:12:59 0 d-------- C:\Documents and Settings\Default User\Application Data\AVG7
2008-04-18 14:08:23 0 d-------- C:\WINDOWS\peernet
2008-04-18 14:08:18 0 d-------- C:\WINDOWS\provisioning
2008-04-18 14:00:01 0 d-------- C:\WINDOWS\ServicePackFiles
2008-04-18 13:20:54 0 d-------- C:\WINDOWS\EHome
2008-04-08 20:10:59 112384 --a------ C:\WINDOWS\system32\drivers\wg111v2.sys <Not Verified; NETGEAR Inc.; NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NDIS Driver>
2008-04-08 20:10:50 13532 --a------ C:\WINDOWS\system32\drivers\SjyPkt.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
2008-04-08 20:10:39 196608 --a------ C:\WINDOWS\system32\RtlLib.dll <Not Verified; Realtek Semiconductor Corp.; RtlLib Dynamic Link Library>
2008-04-08 20:10:39 155648 --a------ C:\WINDOWS\system32\IpLib.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-04-08 20:10:39 126976 --a------ C:\WINDOWS\system32\EnumDevLib.dll <Not Verified; ; EnumDevLib Dynamic Link Library>
2008-04-08 20:10:39 0 d-------- C:\Program Files\NETGEAR
2008-04-08 20:10:38 0 d-------- C:\WINDOWS\OPTIONS


-- Find3M Report ---------------------------------------------------------------

2008-04-22 13:52:22 0 d-------- C:\Program Files\Messenger
2008-04-22 09:05:17 0 d-------- C:\Program Files\Movie Maker
2008-04-22 08:47:55 0 d-------- C:\Program Files\Windows NT
2008-04-22 07:43:40 0 d-------- C:\Program Files\Common Files
2008-04-22 07:40:37 0 d-------- C:\Program Files\Sqwire
2008-04-21 12:45:21 0 d-------- C:\Program Files\McAfee.com
2008-04-21 08:07:58 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-18 15:05:42 22736 --a----c- C:\WINDOWS\system32\emptyregdb.dat
2008-04-18 14:59:32 0 d-------- C:\Program Files\Online Services
2008-04-18 14:47:20 62 --ahs---- C:\Documents and Settings\ADMIN\Application Data\desktop.ini
2008-04-18 11:18:08 0 d-------- C:\Program Files\Vemcvnv
2008-04-08 20:42:58 0 d-------- C:\Program Files\Beetle Buggin'
2008-04-08 20:21:23 0 d-------- C:\Program Files\Disney Imagineering
2008-04-08 20:21:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-08 20:09:15 0 d-------- C:\Program Files\Common Files\InstallShield


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXSUPMON"="C:\WINDOWS\System32\LXSUPMON.exe" [10/09/2001 12:06 PM]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe" [09/04/2002 11:28 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/23/2008 11:39 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SysTray.Exgr"= {5368D1FC-4F5C-4f1b-B134-E67214FC78E9} - C:\WINDOWS\System32\blpadcpn.dll [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,dblstssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Date Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Date Manager.lnk
backup=C:\WINDOWS\pss\Date Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Service]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TimeSink Ad Client]
"C:\Program Files\TimeSink\AdGateway\TsAdBot.exe"




-- End of Deckard's System Scanner: finished at 2008-04-30 08:20:24 ------------
  • 0

#8
Essexboy
Posted 30 April 2008 - 01:16 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I see no other malware present at the moment so lets go for a spring clean and take it from there. But your main problem appears to be Total Physical Memory: 126 MiB (512 MiB recommended). I am also seeing indications of two Antivirus programmes AVG and McAfee please uninstall one of them

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

THEN

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done

NEXT

Defragment the drive

Download and run this small but good free defragmenter from here - Installation and usage info is on this page http://www.auslogics...defrag/download

Having done that could you then let me know how it is running
  • 0

#9
wadeb_21
Posted 30 April 2008 - 01:25 PM

wadeb_21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 387 posts
Thanks again Essexboy. I'll do what you said to and then post back here. It probably wont be until tomorrow because I'm headed to work shortly. Thanks
  • 0

#10
wadeb_21
Posted 30 April 2008 - 01:55 PM

wadeb_21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 387 posts
Essexboy,

I have actually tried a few different times to remove the Mcafee antivirus but for some reason it will not let me uninstall the thing everytime I go to add and remove programs it starts to uninstall but then stops with the error message "installation failed". Do you know of a way I could get rid of it.
  • 0

#11
Essexboy
Posted 30 April 2008 - 01:58 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Try this http://www.softpedia...oval-Tool.shtml
  • 0

#12
Essexboy
Posted 06 May 2008 - 12:21 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP