Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer REALLY slow, various issues


  • Please log in to reply

#1
Beli

Beli

    New Member

  • Member
  • Pip
  • 8 posts
Hi, the Title and Description pretty much says it all. SFC /SCANNOW seemed to fix a little bit of the sound issue (it still does have the problem just not as much), and I want to be 100% sure I don't have any malware issues on this system. I don't trust Norton but that's what we had to get. I keep it latest updates 99% of the time, they are at latest defs as of writing this.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:35 PM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\GE Fanuc\Proficy Common\Proficy Common Licensing\CCFLIC0.exe
C:\Program Files\GE Fanuc\Proficy Machine Edition\fxControl\Runtime\NT\FxControl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Intellution\iLicenseSvc.exe
C:\Program Files\GE Fanuc\Proficy Event Logger\LoggingService.exe
C:\WINDOWS\system32\NA_Service.exe
C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
C:\WINDOWS\system32\NA_XWAY.exe
C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\GE Fanuc\Proficy Machine Edition\Common\Components\NT\trapiserver.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Common Files\Siemens\S7ubtoox\S7ubtoox.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Siemens\Sqlany\dbsrv7.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incre...il.com/english/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [BbPrintMonitor] C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe
O4 - HKLM\..\Run: [BbInstallUser] C:\Program Files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [S7UB Start] "C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dan Smith\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1198229254849
O23 - Service: AEClientHostService - GE Fanuc Automation Americas - C:\Program Files\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Proficy Licensing (CCFLIC0) - GE Fanuc Automation - C:\Program Files\GE Fanuc\Proficy Common\Proficy Common Licensing\CCFLIC0.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FxControl Runtime (FxControlRuntime) - GE Fanuc Automation Canada Inc. - C:\Program Files\GE Fanuc\Proficy Machine Edition\fxControl\Runtime\NT\FxControl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: M1 Licensing Helper (iLicenseSvc) - GE Fanuc Automation Americas, Inc. - C:\WINDOWS\Intellution\iLicenseSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Proficy Log Server (LoggingService) - Unknown owner - C:\Program Files\GE Fanuc\Proficy Event Logger\LoggingService.exe
O23 - Service: NetAccess Service (NA_Service) - Schneider Automation - C:\WINDOWS\system32\NA_Service.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Proficy Driver Runtime - Total Control Products (Canada) Inc. - C:\Program Files\GE Fanuc\Proficy Machine Edition\fxView\Runtime\ProficyDrivers\Win32\GefPdfOpc.exe
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Trapi File Server (TrapiServer) - GE Fanuc Automation Canada Inc. - C:\Program Files\GE Fanuc\Proficy Machine Edition\Common\Components\NT\trapiserver.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11356 bytes
  • 0

Advertisements


#2
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Hi there,

Sorry for the delay. Our helpers have been very busy.

You're right, I don't see any traces of malware. If you want, we can take a deeper look with DSS.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. Note: It's likely that the two logs won't fit into one post. If so, please post extra.txt in a separate post.

  • 0

#3
Beli

Beli

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Tal, and thanks for taking a look at it. I'm not near my laptop right now but I will run DSS as soon as I'm there. Thanks.
  • 0

#4
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
OK, you're welcome. I'll reply here as soon as you post.
  • 0

#5
Beli

Beli

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OK guy, here's the main.txt logfile:

Deckard's System Scanner v20071014.68
Run by Dan Smith on 2008-05-13 15:22:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
68: 2008-05-13 19:23:03 UTC - RP225 - Deckard's System Scanner Restore Point
67: 2008-05-12 20:13:09 UTC - RP224 - System Checkpoint
66: 2008-05-11 20:02:39 UTC - RP223 - System Checkpoint
65: 2008-05-10 19:08:44 UTC - RP222 - System Checkpoint
64: 2008-05-09 13:03:01 UTC - RP221 - System Checkpoint


-- First Restore Point --
1: 2008-02-14 23:55:31 UTC - RP158 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 3.31 GiB (less than 15%) free.


-- HijackThis (run as Dan Smith.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:24:43 PM, on 5/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\GE Fanuc\Proficy Common\Proficy Common Licensing\CCFLIC0.exe
C:\Program Files\GE Fanuc\Proficy Machine Edition\fxControl\Runtime\NT\FxControl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Intellution\iLicenseSvc.exe
C:\Program Files\GE Fanuc\Proficy Event Logger\LoggingService.exe
C:\WINDOWS\system32\NA_Service.exe
C:\WINDOWS\system32\NA_XWAY.exe
C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\GE Fanuc\Proficy Machine Edition\Common\Components\NT\trapiserver.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Siemens\S7ubtoox\S7ubtoox.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Common Files\Siemens\Sqlany\dbsrv7.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Dan Smith\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dan Smith.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incre...il.com/english/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [BbPrintMonitor] C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe
O4 - HKLM\..\Run: [BbInstallUser] C:\Program Files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [S7UB Start] "C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dan Smith\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1198229254849
O23 - Service: AEClientHostService - GE Fanuc Automation Americas - C:\Program Files\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Proficy Licensing (CCFLIC0) - GE Fanuc Automation - C:\Program Files\GE Fanuc\Proficy Common\Proficy Common Licensing\CCFLIC0.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FxControl Runtime (FxControlRuntime) - GE Fanuc Automation Canada Inc. - C:\Program Files\GE Fanuc\Proficy Machine Edition\fxControl\Runtime\NT\FxControl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: M1 Licensing Helper (iLicenseSvc) - GE Fanuc Automation Americas, Inc. - C:\WINDOWS\Intellution\iLicenseSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Proficy Log Server (LoggingService) - Unknown owner - C:\Program Files\GE Fanuc\Proficy Event Logger\LoggingService.exe
O23 - Service: NetAccess Service (NA_Service) - Schneider Automation - C:\WINDOWS\system32\NA_Service.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Proficy Driver Runtime - Total Control Products (Canada) Inc. - C:\Program Files\GE Fanuc\Proficy Machine Edition\fxView\Runtime\ProficyDrivers\Win32\GefPdfOpc.exe
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Trapi File Server (TrapiServer) - GE Fanuc Automation Canada Inc. - C:\Program Files\GE Fanuc\Proficy Machine Edition\Common\Components\NT\trapiserver.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11498 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 Dpmtrcdd - c:\windows\system32\drivers\dpmtrcdd.sys <Not Verified; Siemens AG; SIMATIC NET Software>
R2 s7snsrtx (PROFINET IO RT-Protocol) - c:\windows\system32\drivers\s7snsrtx.sys
R2 scpdrv - c:\program files\common files\siemens\sws\plugins\scp\scpdrv.sys
R2 SNTIE (SIMATIC Industrial Ethernet (ISO)) - c:\windows\system32\drivers\sntie.sys <Not Verified; Siemens AG; SIMATIC NET Software>
R3 DUNTLW (UNTLW device) - c:\windows\system32\drivers\duntlwnt.sys <Not Verified; Schneider Automation; Unitelway Protocol Driver>
R3 PPJoyBus (Parallel Port Joystick Bus device driver) - c:\windows\system32\drivers\ppjoybus.sys <Not Verified; Deon van der Westhuysen; Parallel Port Joystick Bus Enumerator>
R3 PPortJoystick (Parallel Port Joystick device driver) - c:\windows\system32\drivers\pportjoy.sys <Not Verified; Deon van der Westhuysen; Parallel Port Joystick Driver>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S3 s7oefs_x (SIMATIC MPI/EFS Driver) - c:\windows\system32\drivers\s7oefs_x.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7™ Programmable Controller>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AEClientHostService - "c:\program files\ge fanuc\alarm viewer\host\aeclienthostservice.exe" <Not Verified; GE Fanuc Automation Americas; Proficy Alarm Viewer>
R2 almservice (Automation License Manager Service) - "c:\program files\common files\siemens\sws\almsrv\almsrvx.exe" <Not Verified; SIEMENS AG; Automation License Manager®>
R2 FxControlRuntime (FxControl Runtime) - c:\program files\ge fanuc\proficy machine edition\fxcontrol\runtime\nt\fxcontrol.exe <Not Verified; GE Fanuc Automation Canada Inc.; Logic Developer PC>
R2 iLicenseSvc (M1 Licensing Helper) - c:\windows\intellution\ilicensesvc.exe <Not Verified; GE Fanuc Automation Americas, Inc.; iFIX®>
R2 LoggingService (Proficy Log Server) - c:\program files\ge fanuc\proficy event logger\loggingservice.exe <Not Verified; ; LoggingService Module>
R2 NA_Service (NetAccess Service) - c:\windows\system32\na_service.exe <Not Verified; Schneider Automation; NetAccess>
R2 s7asysvx (S7 Global Services) - "c:\program files\siemens\step7\s7bin\s7asysvx.exe" <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7™ Programmable Controller>
R2 s7oiehsx (SIMATIC IEPG Help Service) - c:\program files\common files\siemens\s7iepg\s7oiehsx.exe <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7™ Automatisierungssystem>
R2 TrapiServer (Trapi File Server) - c:\program files\ge fanuc\proficy machine edition\common\components\nt\trapiserver.exe <Not Verified; GE Fanuc Automation Canada Inc.; Proficy Machine Edition>

S3 OpcEnum - c:\windows\system32\opcenum.exe <Not Verified; OPC Foundation; OPC Server Enumerator 1.10>
S3 Proficy Driver Runtime - c:\program files\ge fanuc\proficy machine edition\fxview\runtime\proficydrivers\win32\gefpdfopc.exe <Not Verified; Total Control Products (Canada) Inc.; Proficy Drivers>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&277104FA&0&0102
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&277104FA&0&0102
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-05-12 20:00:00 630 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Dan Smith.job


-- Files created between 2008-04-13 and 2008-05-13 -----------------------------

2008-05-08 19:29:44 0 d-------- C:\Program Files\Trend Micro
2008-05-05 16:31:43 0 d-------- C:\GE Proficy 5.7 suppl
2008-05-05 16:01:57 0 d-------- C:\Program Files\Common Files\OPC Foundation
2008-05-04 20:48:40 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-05-04 20:41:41 0 d-------- C:\Program Files\HP
2008-05-04 20:40:23 1395 -----n--- C:\WINDOWS\hpfmdl05.dat
2008-05-04 20:40:23 78889 --a------ C:\WINDOWS\hpfins05.dat
2008-05-04 20:40:19 0 d-------- C:\Documents and Settings\Dan Smith\Application Data\HP
2008-05-04 20:40:06 372736 --a------ C:\WINDOWS\system32\hpzidi01.dll
2008-05-04 20:38:14 0 d-------- C:\Documents and Settings\Dan Smith\temp
2008-05-03 17:51:37 0 d-------- C:\WINDOWS\DESKTOP
2008-05-03 17:51:17 246784 --a------ C:\WINDOWS\UNINST16.EXE <Not Verified; Stirling Technologies, Inc.; InstallShield Deinstaller>
2008-05-03 17:51:17 20976 --a------ C:\WINDOWS\system\CTL3D.DLL <Not Verified; Microsoft Corporation; 3d Windows Control>
2008-04-30 08:57:12 113 --ah----- C:\WINTAY40.DAT
2008-04-30 08:48:50 0 d-------- C:\Program Files\GE Industrial Systems
2008-04-30 08:47:41 0 d-------- C:\WINDOWS\Intellution
2008-04-30 08:47:38 0 d-------- C:\Program Files\GE Fanuc
2008-04-27 14:05:40 34686 --a------ C:\WINDOWS\system32\drivers\Capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>
2008-04-27 14:05:40 24569 --a------ C:\WINDOWS\system32\drivers\Camd905c.sys <Not Verified; Service & Quality Technology.; SQ905c>
2008-04-15 20:08:08 0 d-------- C:\Program Files\2K Games


-- Find3M Report ---------------------------------------------------------------

2008-05-13 15:25:19 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-13 12:52:25 0 d-------- C:\Program Files\Hurricane
2008-05-12 06:58:28 0 d-------- C:\Documents and Settings\Dan Smith\Application Data\OpenOffice.org2
2008-05-08 06:33:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-06 07:24:59 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-05 22:22:59 0 d-------- C:\Program Files\Zune
2008-05-05 22:21:55 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-05 22:19:28 0 d-------- C:\Program Files\Real
2008-05-05 22:19:09 0 d-------- C:\Program Files\Pawn 2
2008-05-05 22:18:28 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-05 22:16:49 0 d-------- C:\Program Files\DivX
2008-05-05 22:15:47 0 d-------- C:\Program Files\Disaffected
2008-05-05 16:01:57 0 d-------- C:\Program Files\Common Files
2008-04-30 09:06:02 90 --ah----- C:\WINTAY.DAT
2008-04-30 08:49:12 0 d-------- C:\Program Files\Java
2008-04-15 17:22:43 0 d-------- C:\Program Files\World of Warcraft
2008-03-20 21:19:42 0 d-------- C:\Documents and Settings\Dan Smith\Application Data\Real
2008-03-08 09:04:39 2114 --a------ C:\Documents and Settings\Dan Smith\Application Data\SAS7_000.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
08/24/2007 11:51 PM 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
01/31/2008 09:17 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [08/24/2007 11:51 PM 316784]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [12/19/2005 09:08 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/31/2008 02:15 PM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [08/25/2007 12:53 AM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [03/30/2007 08:00 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [03/30/2007 08:00 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [03/30/2007 07:59 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 08:29 PM]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [04/17/2002 11:42 AM]
"BbPrintMonitor"="C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe" [03/19/2007 12:10 PM]
"BbInstallUser"="C:\Program Files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe" [10/05/2007 01:55 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 06:20 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [02/16/2005 05:15 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/24/2007 10:52 PM]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [11/15/2007 10:51 PM]
"S7UB Start"="C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" [12/18/2003 12:20 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" []
"DNS7reminder"="C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [03/19/2007 10:20 AM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [05/10/2007 11:22 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [02/16/2005 05:15 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/25/2006 10:03 AM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [05/11/2005 11:12 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]

C:\Documents and Settings\Dan Smith\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [8/17/2007 10:57:56 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{09994587-4ECE-4685-92C2-11C55F9B2610}"= C:\shellexecutefiasco.dll [10/14/2007 04:10 AM 6656]

*Newly Created Service* - COMHOST



-- Hosts -----------------------------------------------------------------------

127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
127.0.0.1 d.abnad.net

18188 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-13 15:25:46 ------------

Extra.txt in next post.
  • 0

#6
Beli

Beli

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Extra.txt file contents:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T5500 @ 1.66GHz
CPU 1: Intel® Core™2 CPU T5500 @ 1.66GHz
Percentage of Memory in Use: 61%
Physical Memory (total/avail): 1014.05 MiB / 386.48 MiB
Pagefile Memory (total/avail): 3964.98 MiB / 3415.04 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.77 MiB

C: is Fixed (NTFS) - 55.89 GiB total, 3.31 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST96023AS - 55.89 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 55.89 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton Internet Security v15.0.0.60 (Symantec Corporation)
AV: Norton Internet Security v15.0.0.60 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Documents and Settings\\Dan Smith\\Desktop\\incredimail_install.exe"="C:\\Documents and Settings\\Dan Smith\\Desktop\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\\Documents and Settings\\Dan Smith\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe"="C:\\Documents and Settings\\Dan Smith\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe:*:Enabled:IncrediMail Installer"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Dan Smith\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=QDSMI-DANSMITH
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Dan Smith
LOGONSERVER=\\QDSMI-DANSMITH
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Common Files\Siemens\Sqlany;C:\Program Files\Siemens\Step7\S7bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PROGRA~1\COMMON~1\AUTODE~1;C:\Program Files\GE Fanuc\Proficy Machine Edition\Common\Path
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
S7TMP=C:\Program Files\Siemens\Step7\S7Tmp
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SQLANY=C:\Program Files\Common Files\Siemens\Sqlany
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DANSMI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\DANSMI~1\LOCALS~1\Temp
USERDOMAIN=QDSMI-DANSMITH
USERNAME=Dan Smith
USERPROFILE=C:\Documents and Settings\Dan Smith
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Dan Smith (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUn040c.exe -a -f"C:\Program Files\Schneider Electric\XBT-L1000\Proto.isu"
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{E0DB10FD-7A38-4CB4-89A2-F3792C4425C0}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Aide PDF to DXF Converter 6.5 --> "C:\Program Files\Aide PDF to DXF Converter\unins000.exe"
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
AutoCAD 2000 --> C:\WINDOWS\uninst.exe -fC:\PROGRA~1\ACAD2000\DeIsL1.isu -c"C:\PROGRA~1\ACAD2000\unacad.dll
Automation License Manager V2.1 + HF2 --> MsiExec.exe /I{DAD9816A-60AA-4BA6-9E11-09BEB5083034}
Bluebeam PDF Revu v5.5.3 --> C:\Program Files\InstallShield Installation Information\{FB83E662-9360-4278-B97C-6DE0634454EF}\setup.exe -runfromtemp -l0x0409
Broadcom Gigabit Integrated Controller --> MsiExec.exe /X{B7F54262-AB66-44B3-88BF-9FC69941B643}
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Dassault Systemes Software Prerequisites x86 --> MsiExec.exe /I{9877BCD9-6698-4951-AE19-D5F398D83D5A}
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Dragon NaturallySpeaking 9 --> MsiExec.exe /I{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}
EclipseCrossword --> MsiExec.exe /I{C61177FD-37C4-4C5F-BE6C-E04A8AC399B6}
Egd Cfg Client Library - V03.01.00C --> MsiExec.exe /I{ED9FE25B-8693-4BDB-AC08-82FF8362E81A}
EPLAN Electric P8 1.8.5 --> MsiExec.exe /I{E10025EA-5CC6-4380-BE04-256802BE2D8E}
EPLAN License --> MsiExec.exe /I{0100BD88-3990-431F-9175-AB60E31AFFDE}
FREE Hi-Q Recorder 1.92 --> "C:\Program Files\Garret\Hi-Q Recorder\unins000.exe"
Hardlock Device Drivers --> C:\WINDOWS\system32\UNWISE.EXE C:\WINDOWS\system32\HLDRV.LOG
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Deskjet 3900 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{3819891A-030B-4a4e-98ED-B28A649E48AB}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP Imaging Device Functions 5.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photo and Imaging 2.2 - Scanjet 3970 Series --> MsiExec.exe /I{796ADAFF-7C5B-4CED-BA11-55A3644F1E0D}
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Hurricane --> C:\Program Files\Hurricane\uninstall_hurricane.exe
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
M4 Common Licensing --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3E6AE45D-B78E-4B52-9688-C99C193EBDFC}\setup.exe" -l0x9 -removeonly
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Halo --> "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.0b3) --> C:\Program Files\Mozilla Firefox 3 Beta 3\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton AntiVirus Help --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security --> MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" /X
Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
oggcodecs 0.71.0946 --> C:\Program Files\illiminable\oggcodecs\uninst.exe
OpenOffice.org 2.3 --> MsiExec.exe /I{83C03FBE-4492-4133-BBAB-421CD88ADA32}
Parallel Port Joystick --> C:\WINDOWS\unvise32.exe C:\Program Files\Parallel Port Joystick\uninstal.log
PowerDVD 5.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Proficy Event Logger --> MsiExec.exe /X{FDECAC65-8D24-4781-9FC0-88FB0CBD8A54}
Proficy Machine Edition --> MsiExec.exe /I{BD68AA71-C9CC-4482-91EB-BBAAB8790679}
ProSoft Configuration Builder --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{E076EBD1-ED22-4A6F-A2A1-3D8FEA979E31}
ProWORX NxT --> C:\WINDOWS\IsUninst.exe -fC:\ProWORX\NxT\Uninstnx.isu
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SA Driver Manager --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\XWAYMgrUninst.isu -cC:\WINDOWS\system32\XwayMgrU.dll
SA UNITELWAY WDM Driver --> C:\WINDOWS\IsUninst.exe -fC:\XWAYDRV\UNITELWAYW2KDriverUninst.isu -cC:\WINDOWS\system32\DUNTLWU.DLL
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SIMATIC iMap - STEP7 AddOn V2.0 + SP3 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Siemens\Step7\Cbs\DeIsL1.isu" -c"C:\WINDOWS\system32\S7esetdx.dll
SIMATIC STEP 7 V5.3 + SP3 --> MsiExec.exe /I{9A09E05E-0389-4E98-9048-BB55F25DDB4A}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
TES Construction Set --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x9
TurboCAD Designer v9.2 --> MsiExec.exe /I{CEB37677-3019-4EBE-9BDD-A110A4F70439}
UNITELWAY Driver --> C:\WINDOWS\IsUninst.exe -fC:\XWAYDRV\UnitelwayNTDriverUninst.isu
Virtual Earth 3D (Beta) --> MsiExec.exe /I{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}
Warcraft III --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
XBT-L1000 V4.30 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Schneider Electric\XBT-L1000\Uninst.isu" -cC:\PROGRA~1\SCHNEI~1\XBT-L1~1\UnDll.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Zune --> MsiExec.exe /X{FE0256DB-509C-40AC-B888-2543AD4298E6}


-- Application Event Log -------------------------------------------------------

Event Record #/Type7943 / Warning
Event Submitted/Written: 05/12/2008 06:57:35 AM
Event ID/Source: 18 / Automation License Manager Service
Event Description:
Plugin Almpgiipcx.ALMPlugIn CoCreateInstance failed with 0x80040154.

Event Record #/Type7873 / Warning
Event Submitted/Written: 05/11/2008 07:59:05 AM
Event ID/Source: 18 / Automation License Manager Service
Event Description:
Plugin Almpgiipcx.ALMPlugIn CoCreateInstance failed with 0x80040154.

Event Record #/Type7857 / Warning
Event Submitted/Written: 05/10/2008 10:28:52 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type7721 / Warning
Event Submitted/Written: 05/09/2008 07:04:01 AM
Event ID/Source: 18 / Automation License Manager Service
Event Description:
Plugin Almpgiipcx.ALMPlugIn CoCreateInstance failed with 0x80040154.

Event Record #/Type7653 / Error
Event Submitted/Written: 05/08/2008 06:37:06 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application AcroRd32.exe, version 8.1.0.137, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type25988 / Error
Event Submitted/Written: 05/13/2008 11:19:02 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Remote Access Connection Manager service terminated with the following error:
%%126

Event Record #/Type25986 / Error
Event Submitted/Written: 05/13/2008 11:19:01 AM
Event ID/Source: 20063 / Rasman
Event Description:
Remote Access Connection Manager failed to start because the Point to Point
Protocol failed to initialize. The specified module could not be found.

Event Record #/Type25984 / Error
Event Submitted/Written: 05/13/2008 11:19:00 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Remote Access Connection Manager service terminated with the following error:
%%126

Event Record #/Type25982 / Error
Event Submitted/Written: 05/13/2008 11:18:59 AM
Event ID/Source: 20063 / Rasman
Event Description:
Remote Access Connection Manager failed to start because the Point to Point
Protocol failed to initialize. The specified module could not be found.

Event Record #/Type25980 / Error
Event Submitted/Written: 05/13/2008 11:18:58 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Remote Access Connection Manager service terminated with the following error:
%%126



-- End of Deckard's System Scanner: finished at 2008-05-13 15:25:46 ------------

Thanks!
  • 0

#7
Beli

Beli

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
bump, still waiting for another reply for many days! Thanks.
  • 0

#8
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Hi,

Sorry for the delay. I had many logs going on and you must have slipped through the cracks :)

Anyway, the logs are clean. Any specific issues you can point out?
  • 0

#9
Beli

Beli

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I think I'll take the issue to the Hardware forum, since this really isn't a malware issue (at least I now know that it isn't.) Thanks, Tal. (Wow, you live in Tel-Aviv, Israel! Very interesting.)
  • 0

#10
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
You're welcome. Below are some suggestions on how to keep your PC clean :) I will leave this topic open for a few days for any additional questions or concerns you have.

(Wow, you live in Tel-Aviv, Israel! Very interesting.)

Not really Tel Aviv, but close. I just put in Tel Aviv for clarity's sake :)

We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]
System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

You should also have a good firewall. Here are 3 free ones available for personal use:
and a good antivirus (these are also free for personal use):
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
monthly. And to keep your system clean run these free malware scanners
weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!

Tal
  • 0

#11
Beli

Beli

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks Tal, and those suggestions are great! I run Norton already (I don't trust it but it has kept the computer clean with weekly scans). I also already run the MVP HOSTS file and various other things.

By the way, I work at Protonic.com as a computer support technician, and I could have looked at the logfile myself, but I wanted a true second opinion. Thanks!
  • 0

#12
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
You're welcome :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP