Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Malware Causing Performance Problems [CLOSED]


  • This topic is locked This topic is locked

#1
mmarquez

mmarquez

    New Member

  • Member
  • Pip
  • 6 posts
I must say I absolutely love you guys! I had a nasty trojan that gave me the 'Internet Security Toolbar' last January and it completely took over my computer. I read through some posts that other users posted and things seem to have cleared up.

However, my internet explorer recently slowed wayyy down. I ran the AVG remover and the Super Anti Spyware and there were a couple of items that came up as 'high' risk so I used the recommended action. However, things are still excruciatingly slow.

Everything was fine until this weekend when my nephew used my computer... Hmmmm...

Any help would be greatly appreciated!!

Please see the HiJackThis log below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:07 PM, on 5/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\hkcmd.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
F:\Program Files\HP\hpcoretech\hpcmpmgr.exe
F:\PROGRA~1\AWS\WEATHE~1\Weather.exe
F:\Program Files\MySpace\IM\MySpaceIM.exe
F:\Program Files\MySpace\IM\MySpaceIM.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.bankofam...a.com/index.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ElnkScamBHO Class - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - F:\Program Files\Equifax\Toolbar\EScamBlk.dll
O2 - BHO: ElnkPubBHO Class - {512ACF1B-64D9-4928-B382-A80556F28DB4} - F:\Program Files\Equifax\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: ElnkLegacyUninstBHO Class - {E713904C-DF05-4C79-BBAD-02DB923253BE} - F:\Program Files\Equifax\Toolbar\uninsttb.dll
O3 - Toolbar: Equifax Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - F:\Program Files\Equifax\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] F:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] F:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] F:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "F:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [DellMCM] "F:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] F:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [DeviceDiscovery] F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [SNM] F:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISUSPM] "F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [HP Software Update] "F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "F:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [Weather] F:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsgCenterExe] "F:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [MySpaceIM] F:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] F:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] F:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] F:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] F:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://F:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://F:\Program Files\Equifax\Toolbar\SearchUI.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - F:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: https://*.webconference.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - F:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Viewpoint Manager Service - Unknown owner - F:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O24 - Desktop Component 0: (no name) - file:///F:/DOCUME~1/CapeCod/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 8009 bytes
  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello mmarquez, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following..

Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
If you are using Vista, you need to right-click at dss.exe icon and choose Run as Administrator
  • 0

#3
mmarquez

mmarquez

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks for the response! Here are the log files...


Deckard's System Scanner v20071014.68
Run by CapeCod on 2008-06-01 12:26:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
93: 2008-06-01 16:26:30 UTC - RP910 - Deckard's System Scanner Restore Point
92: 2008-05-31 22:33:00 UTC - RP909 - System Checkpoint
91: 2008-05-30 21:34:06 UTC - RP908 - System Checkpoint
90: 2008-05-29 20:36:00 UTC - RP907 - System Checkpoint
89: 2008-05-28 19:36:01 UTC - RP906 - System Checkpoint


-- First Restore Point --
1: 2008-03-04 03:14:09 UTC - RP818 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as CapeCod.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:19 PM, on 6/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\hkcmd.exe
F:\WINDOWS\system32\igfxpers.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
F:\Program Files\Analog Devices\Core\smax4pnp.exe
F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
F:\Program Files\HP\hpcoretech\hpcmpmgr.exe
F:\PROGRA~1\AWS\WEATHE~1\Weather.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Program Files\MySpace\IM\MySpaceIM.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\MySpace\IM\MySpaceIM.exe
F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\Documents and Settings\CapeCod\Desktop\dss.exe
F:\PROGRA~1\TRENDM~1\HIJACK~1\CapeCod.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.bankofam...a.com/index.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ElnkScamBHO Class - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - F:\Program Files\Equifax\Toolbar\EScamBlk.dll
O2 - BHO: ElnkPubBHO Class - {512ACF1B-64D9-4928-B382-A80556F28DB4} - F:\Program Files\Equifax\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: ElnkLegacyUninstBHO Class - {E713904C-DF05-4C79-BBAD-02DB923253BE} - F:\Program Files\Equifax\Toolbar\uninsttb.dll
O3 - Toolbar: Equifax Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - F:\Program Files\Equifax\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] F:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] F:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] F:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "F:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [DellMCM] "F:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] F:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [DeviceDiscovery] F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [SNM] F:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISUSPM] "F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [HP Software Update] "F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "F:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [Weather] F:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsgCenterExe] "F:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [MySpaceIM] F:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] F:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] F:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] F:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] F:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://F:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://F:\Program Files\Equifax\Toolbar\SearchUI.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - F:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: https://*.webconference.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - F:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Viewpoint Manager Service - Unknown owner - F:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O24 - Desktop Component 0: (no name) - file:///F:/DOCUME~1/CapeCod/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 8239 bytes

-- HijackThis Fixed Entries (F:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080119-090909-116 O2 - BHO: (no name) - {C58CA735-63FA-0C79-DA2B-4CE604F40397} - F:\WINDOWS\system32\lthovtkb.dll (file missing)
backup-20080119-090909-136 O2 - BHO: (no name) - {BB8FAD36-6FFF-0C4D-DA2B-4CE604F40397} - F:\WINDOWS\system32\lthovtkb.dll (file missing)
backup-20080119-090909-167 O15 - Trusted Zone: https://*.webconference.com
backup-20080119-090909-353 O4 - Global Startup: Picture Package VCD Maker.lnk = ?
backup-20080119-090909-895 O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] F:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
backup-20080119-090909-990 O20 - Winlogon Notify: jxthugtq - jxthugtq.dll (file missing)
backup-20080119-090910-153 O20 - Winlogon Notify: lumcwfqv - lumcwfqv.dll (file missing)
backup-20080119-090910-663 O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - f:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 OMCI - f:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SASDIFSV - f:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - f:\program files\superantispyware\saskutil.sys
R3 SASENUM - f:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 aeaudio - f:\windows\system32\drivers\aeaudio.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 Viewpoint Manager Service - "f:\program files\viewpoint\common\viewpointservice.exe" (file missing)
S3 KodakCCS (Kodak Camera Connection Software) - f:\windows\system32\drivers\kodakccs.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-29 18:29:29 274 --a------ F:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-09-13 21:38:13 396 --a------ F:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2008-05-01 and 2008-06-01 -----------------------------

2008-05-29 19:09:07 0 d-------- F:\Documents and Settings\CapeCod\Application Data\Malwarebytes
2008-05-29 18:57:02 0 d-------- F:\Program Files\Malwarebytes' Anti-Malware
2008-05-29 18:57:02 0 d-------- F:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-29 07:01:42 0 d-------- F:\Microgaming


-- Find3M Report ---------------------------------------------------------------

2008-05-30 06:51:46 0 d-------- F:\Program Files\SUPERAntiSpyware
2008-05-29 06:36:03 0 d-------- F:\Documents and Settings\CapeCod\Application Data\Lavasoft
2008-05-28 19:26:00 0 d-------- F:\Program Files\LimeWire
2008-05-26 07:32:40 0 d-------- F:\Documents and Settings\CapeCod\Application Data\LimeWire
2008-05-22 01:08:20 0 d-------- F:\Documents and Settings\CapeCod\Application Data\WeatherBug
2008-04-30 20:34:40 0 d--h----- F:\Program Files\InstallShield Installation Information
2008-04-30 20:34:40 0 d-------- F:\Program Files\Full Tilt Poker
2008-04-20 10:45:06 0 d-------- F:\Program Files\PokerRoom.com
2008-04-20 10:44:56 0 d-------- F:\Program Files\PartyGaming
2008-04-20 10:04:33 0 d-------- F:\Documents and Settings\CapeCod\Application Data\Microgaming
2008-04-06 11:59:51 0 d-------- F:\Documents and Settings\CapeCod\Application Data\Creative Memories
2008-04-06 11:42:33 0 d-------- F:\Program Files\Creative Memories
2008-03-09 21:40:01 0 --a----c- F:\WINDOWS\system32\CMMGR32.EXE


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="F:\WINDOWS\system32\igfxtray.exe" [10/14/2005 02:49 PM]
"igfxhkcmd"="F:\WINDOWS\system32\hkcmd.exe" [10/14/2005 02:46 PM]
"igfxpers"="F:\WINDOWS\system32\igfxpers.exe" [10/14/2005 02:50 PM]
"Dell Photo AIO Printer 942"="F:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe" []
"DellMCM"="F:\Program Files\Dell Photo AIO Printer 942\memcard.exe" []
"QuickTime Task"="F:\Program Files\QuickTime\qttask.exe" [02/25/2007 10:53 AM]
"Adobe Reader Speed Launcher"="F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [10/12/2006 04:10 AM]
"SoundMAXPnP"="F:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 02:42 PM]
"HPDJ Taskbar Utility"="F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [03/08/2005 12:42 AM]
"DeviceDiscovery"="F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [05/21/2003 06:37 PM]
"SNM"="F:\Program Files\SpyNoMore\SNM.exe" []
"!AVG Anti-Spyware"="F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
"ISUSPM"="F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" []
"HP Software Update"="F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [06/25/2003 12:24 PM]
"HP Component Manager"="F:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [04/11/2003 04:25 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="F:\PROGRA~1\AWS\WEATHE~1\Weather.exe" [01/06/2006 10:57 AM]
"Yahoo! Pager"="F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" []
"swg"="F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/12/2007 09:08 AM]
"MsgCenterExe"="F:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" []
"MySpaceIM"="F:\Program Files\MySpace\IM\MySpaceIM.exe" [12/18/2007 09:47 PM]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [08/12/2004 09:56 AM]
"AdobeUpdater"="F:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 10:37 AM]
"SUPERAntiSpyware"="F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 12:39 PM]
"Uniblue SpeedUpMyPC"="F:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [09/10/2007 11:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=F:\Program Files\MySpace\IM\MySpaceIM.exe

F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [11/1/2005 3:57:40 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

*Newly Created Service* - ALERTER



-- End of Deckard's System Scanner: finished at 2008-06-01 12:29:17 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 66%
Physical Memory (total/avail): 502.08 MiB / 167.68 MiB
Pagefile Memory (total/avail): 2472.95 MiB / 2110.69 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.8 MiB

A: is Removable (No Media)
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 93.36 GiB total, 78.7 GiB free.

\\.\PHYSICALDRIVE0 - Maxtor 6L100M0 - 93.36 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 93.36 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="F:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"F:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="F:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=F:\Documents and Settings\All Users
APPDATA=F:\Documents and Settings\CapeCod\Application Data
CLASSPATH=.;F:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=F:\Program Files\Common Files
COMPUTERNAME=MARIANNE
ComSpec=F:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=F:
HOMEPATH=\Documents and Settings\CapeCod
LOGONSERVER=\\MARIANNE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=F:\WINDOWS\system32;F:\WINDOWS;F:\WINDOWS\system32\wbem;F:\Program Files\QuickTime\QTSystem"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=F:\Program Files
PROMPT=$P$G
QTJAVA=F:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=F:
SystemRoot=F:\WINDOWS
TEMP=F:\DOCUME~1\CapeCod\LOCALS~1\Temp
TMP=F:\DOCUME~1\CapeCod\LOCALS~1\Temp
USERDOMAIN=MARIANNE
USERNAME=CapeCod
USERPROFILE=F:\Documents and Settings\CapeCod
windir=F:\WINDOWS


-- User Profiles ---------------------------------------------------------------

CapeCod (admin)
Administrator (new local, admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> F:\WINDOWS\ISUNINST.EXE -f"F:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"F:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> F:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
AOL Uninstaller (Choose which Products to Remove) --> F:\Program Files\Common Files\AOL\uninstaller.exe
AVG Anti-Spyware 7.5 --> F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Broadcom Advanced Control Suite --> F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{468190DA-FB4C-45BA-8E40-4B165FF1A939} /l1033
Broadcom Driver Installer --> F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Comcast High-Speed Internet Install Wizard --> F:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Conexant D850 56K V.9x DFVc Modem --> F:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Creative Memories Memory Manager 2 --> MsiExec.exe /I{0F1A3568-7419-4115-A207-512B9F688267}
Creative Memories StoryBook Creator Plus --> MsiExec.exe /I{A3C7B70F-E60A-4429-B0EF-D5289EF89C5B}
Dell ResourceCD --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Doyles Room Poker --> F:\MICROG~1\Poker\DOYLES~1\DOYLES~1\UNWISE.EXE F:\MICROG~1\Poker\DOYLES~1\DOYLES~1\INSTALL.LOG
EnglishHarbourCasino --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{E3F1BAF0-ABA2-11D5-B8F7-00010323AB2C}\Setup.exe" -l0x9 -uninst
Equifax Toolbar (Powered by EarthLink) --> F:\Program Files\Equifax\Toolbar\uninstall.exe
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSEMAIL --> MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
essvcpt --> MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Google Earth --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Photos Screensaver --> MsiExec.exe /X{A52415E5-CA1E-44DE-9EDC-D412F31D271C}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "f:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2 --> "F:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPSFO --> MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}
hp deskjet 5600 --> msiexec /x{8CDC6712-AF80-459E-911F-F1E156CB0AB0}
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Officejet 5600 series --> rundll32 hpzcon12.dll,VendorJettison HP Officejet 5600 series
HP Photo and Imaging 2.0 - Deskjet Series --> MsiExec.exe /I{E0828692-FD9D-459F-9312-C645C3CA6650}
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE F:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
IrfanView (remove only) --> F:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Kodak EasyShare software --> F:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_460007_50eb168f\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Malwarebytes' Anti-Malware --> "F:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
MSN --> F:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MySpaceIM --> F:\Program Files\MySpace\IM\Uninstall.exe
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
PCDADDIN --> MsiExec.exe /I{65D85050-5610-4A91-A3B1-D5C744291AD4}
PCDHELP --> MsiExec.exe /I{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}
Picture Package --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x9 UNINSTALL
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
ResumeMaker Professional --> F:\PROGRA~1\RESUME~1\UNWISE.EXE F:\PROGRA~1\RESUME~1\INSTALL.LOG
S.M.A.R.T. --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{7E33F78B-E29C-4946-AC6B-047E0AE93932}\setup.exe" -l0x9 -uninst
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Snood for Windows version 3.52-W --> "F:\Program Files\Snood\unins000.exe"
Sony USB Driver --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
SoundMAX --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Spybot - Search & Destroy 1.4 --> "F:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TurboTax Basic 2004 --> F:\Program Files\TurboTax\Basic 2004\TaxUnst.EXE "F:\Program Files\TurboTax\Basic 2004\Uninstall.log" -NoGui
Uniblue SpeedUpMyPC 3 --> "F:\Program Files\Uniblue\SpeedUpMyPC 3\unins000.exe"
Viewpoint Manager (Remove Only) --> F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> F:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WeatherBug --> F:\PROGRA~1\AWS\WEATHE~1\REMOVE.EXE F:\PROGRA~1\AWS\WEATHE~1\INSTALL.LOG
WebConference.com V5.1.239 --> "F:\Program Files\WebConference.com\Version51239\unins000.exe"
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}


-- Application Event Log -------------------------------------------------------

Event Record #/Type1270 / Warning
Event Submitted/Written: 05/30/2008 05:56:37 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{8CDC6712-AF80-459E-911F-F1E156CB0AB0}', feature 'WebReg' failed during request for component '{436D7A23-36BE-11D2-ACBB-0080C7FCBB84}'

Event Record #/Type1269 / Warning
Event Submitted/Written: 05/30/2008 05:56:37 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{8CDC6712-AF80-459E-911F-F1E156CB0AB0}', feature 'WebReg', component '{6BD6B643-2B62-4912-9C22-65A02219061E}' failed. The resource 'F:\Program Files\Hewlett-Packard\webreg\bin\hpqdlg08.rsc' does not exist.

Event Record #/Type1267 / Warning
Event Submitted/Written: 05/30/2008 05:56:35 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{8CDC6712-AF80-459E-911F-F1E156CB0AB0}', feature 'WebReg' failed during request for component '{436D7A23-36BE-11D2-ACBB-0080C7FCBB84}'

Event Record #/Type1266 / Warning
Event Submitted/Written: 05/30/2008 05:56:35 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{8CDC6712-AF80-459E-911F-F1E156CB0AB0}', feature 'WebReg', component '{6BD6B643-2B62-4912-9C22-65A02219061E}' failed. The resource 'F:\Program Files\Hewlett-Packard\webreg\bin\hpqdlg08.rsc' does not exist.

Event Record #/Type1265 / Error
Event Submitted/Written: 05/30/2008 05:56:35 AM
Event ID/Source: 11706 / MsiInstaller
Event Description:
Product: hp deskjet 5600 -- Error 1706.No valid source could be found for product hp deskjet 5600. The Windows Installer cannot continue.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type862710 / Warning
Event Submitted/Written: 06/01/2008 09:44:35 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type862709 / Error
Event Submitted/Written: 05/31/2008 04:51:56 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Event Record #/Type862708 / Error
Event Submitted/Written: 05/31/2008 04:51:26 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Background Intelligent Transfer Service service terminated with the following error:
%%126

Event Record #/Type862705 / Error
Event Submitted/Written: 05/31/2008 04:51:26 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Event Record #/Type862704 / Error
Event Submitted/Written: 05/31/2008 04:50:56 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Background Intelligent Transfer Service service terminated with the following error:
%%126



-- End of Deckard's System Scanner: finished at 2008-06-01 12:29:17 ------------
  • 0

#4
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the reply.. First of all, your AVG Antispyware 7.5 is outdated and no longer supported by Grisoft. It has being replaced by AVG8.

I haven't seen any antivirus in your logs.. Antivirus is extremely crucial as without it you will get re-infected again! Do you have any? If you don't, please install ONLY ONE of these free and excellent antivirus below:

Please tell me which antivirus you choose for your computer.




NEXT


Please go to Start >> Run and type or copy/paste the following in the run box: "%userprofile%\desktop\dss.exe" /daft . Then press Enter
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.




NEXT


Please tell me, do you know/use these programs?

Viewpoint Manager (Remove Only)
Viewpoint Media Player
WeatherBug





NEXT


I see you already have MalwareBytes' Anti-Malware.. Please run and update it..
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Please post the following in your next reply..

1. Tell me which antivirus you choose
2. Tell me about those programs
3. MalwareBytes' report
4. A fresh Deckard System Scanner (after MalwareBytes' step)


Regards
fenzodahl512
  • 0

#5
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP