Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I know I have spyware, but which one(s) I don't know . .


  • This topic is locked This topic is locked

#1
Scrappie

Scrappie

    New Member

  • Member
  • Pip
  • 8 posts
Hi, thanks so much for reading this. My laptop has slowed down a lot in the last couple months and freezes up sometimes where I have to log off and back on. When I go online, Firesearch has been coming up as my homepage, I don't know why. I ran ad-aware but that hasn't helped. I am very unfamiliar with this kind of stuff, any help would be greatly appreciated!

Here is my HiJack This log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:41:40 PM, on 6/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svcd\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\verizon\McciBrowser.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O23 - Service: Security Service (AAVF) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6958 bytes





And here is my Hijack this uninstall list:

Ad-Aware 2007
Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
AOL Instant Messenger
AOL Toolbar 2.0
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom 802.11 Wireless LAN Adapter
BUM
Conexant AC-Link Audio
Google Updater
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB929120)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
Intel® Extreme Graphics 2 Driver
InterVideo WinDVD Creator 2
iTunes
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Works 7.0
MSN
MSN Messenger 7.0
MSXML 4.0 SP2 (KB927978)
Picasa 2
PlayLinc
QuickTime
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB925454)
Shockwave
SoftV90 Data Fax Modem with SmartCP
Synaptics Pointing Device Driver
The Print Shop 20
Update for Windows XP (KB904942)
Update for Windows XP (KB920342)
Update for Windows XP (KB925876)
Verizon Broadband Toolbar
Verizon Online Help and Support
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
  • 0

Advertisements


#2
IndiGenus

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
Hi Scrappie and welcome to the forums.

My name is Dave. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can sometimes take a while to research so please be patient and I'd be grateful if you would note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • I recommend you make a backup of any data that you have created, such as documents, pictures, music, ect... before we begin the fix.

Please download SDFix and save it to your Desktop.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Double click on SDFix.exe. It should automatically extract a folder called SDFix to your system drive (usually C:\). Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • Open the SDFix folder and double click on RunThis.bat to start the script.
  • Type Y and press Enter to begin the script.
  • It will start cleaning your PC and then prompt you to press any key to Reboot.
  • Press any key to restart the PC.
  • Your system will take longer than normal to restart as the fixtool will be removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished.
  • Press any key to end the script and to load your desktop icons.
  • A text file should automatically open, so please copy the contents and post them here. We also need you to post a new HijackThis log

  • 0

#3
Scrappie

Scrappie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you, Dave. I follwed those steps you gave me and here is the text file:


SDFix: Version 1.188
Run by Dawn on Fri 06/06/2008 at 04:15 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
AAVF

Path :
C:\WINDOWS\system32\svcd\svchost.exe

AAVF - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\CID - Deleted
C:\WINDOWS\system32\svcd\svchost.exe - Deleted
C:\WINDOWS\system32\SvcNm - Deleted
C:\WINDOWS\system32\TmpX.exe - Deleted
C:\WINDOWS\system32\upds.log - Deleted
C:\WINDOWS\system32\url1 - Deleted
C:\WINDOWS\system32\url2 - Deleted
C:\WINDOWS\system32\url3 - Deleted



Folder C:\WINDOWS\system32\svcd - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 16:26:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\9482f4b4-e343-43b6-b170-9a65bc822c77]
"FlushCacheFiles"=str(7):"d\2Xq
\xfff8\xffffq\xffc8\xffffPretzel.DocumentInfo.1\0l\0006\xfff0\xffff`\xf7\x1fc00\x32f00\xffd8\xffffv\16\n\0q\1\0\1qTraigoeq\xfff8\xffffq\xff90\xffffn \0\0\x83\0\0\0\0\xffff\xffff\xffff\xffff\1\0Ohw\xffff\xffff\0\0\0\0@\0\x80\0\0\0 \098B2\x303048E5BF63B49\xfff0\xffff/\xc780\0\xffe8\xffffv\0.\00q\1\0\0\xffd8\xffffv\v\4\1qSoIfCce\t\xffe0\xffffv\a\4\0\xffd0\xffffAxsTextCommand Class\0q\xffc8\xffffv ~\0 \xa0\1\0\1O\x3245\x3034F791BAD6\x3338B1204\xffe8\xffffv\0\x80\0\xeed8/\1\0\0\0\xfff0\xffffX-[email protected]\xfff0\xffffCC\xf575\xfff0\xffffq\xf020
\xffe8\xffffPq\xe850qq\xed50q\xed78q\xffd8\xffffv\v\22\0q\1\0\1\x32f6Isalae\xed12\xfff8\xffff\0(q\3\0\1\0Bo\0\0\xff88\xffffn \x2ee0\xf8b9|\0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\0q\0\xffff\xffff\0\0\0\0\b\0e\0\0\0(\049A92B07CD86C\x3343322431\xffe0\xffffv\4e\0 \3\0\1\0Bo\0\0\xffe0\xffffv\4\x377\0r\3\0\1\x2a1aBoVF\xfff8\xffffq\xfff0\xffffnull\0\27\xfff8\xffff(q\xffe0\xffffv\4\0 q\3\0\1\0Bo\0\0\xff88\xffffn 0\0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\00q\0\xffff\xffff\0\0\0\0\b\05\0\n(\0\x3034\x3237B3F\x33435\x333488F26B5041A2\xffe0\xffffv\45\08\3\0\1\xdd9aBoK\xffe0\xffffv\4\0 \3\0\1\0Bo\0\0\xfff8\xffffqhimail CA\0\24\0\1\0\24\0r4\xf455 r~ \0\1\0\x331\00\x2d030\10*H\xdf7\x504\x3000\xb310\x306UA\x3015\x613\x804Wse\x206eCp10\x306U a\x2065Tw\x1a310\x306U
hw\x2065Cnutn\x2831\x2630\x306U etfcto evc\x2073Dvso\x2431\x2230\x306Uhw\x2065Proa rea\x206cC\x2b31\x2930*H\xdf7esn\[email protected]\x2e65c\x306d\x171e
\x3036\x3031\x3031\x3030\x30300\x3032\x32313\x333255\x305a\xb310\x306UA\x3015\x613\x804Wse\x206eCp10\x306U a\x2065Tw\x1a310\x306U
hw\x2065Cnutn\x2831\x2630\x306U etfcto evc\x2073Dvso\x2431\x2230\x306Uhw\x2065Proa rea\x206cC\x2b31\x2930*H\xdf7esn\[email protected]\x2e65c\x306d0*H\xdf7\x501\x300\x3000\x81װd\xe971\xd847 \xeab6r^-\xdf12\x2585\x2875t\x2c42\x2763{\x1a64n\x4de8\xa638z\xa50cK\x2919\x269aջ\x824jژ\xe5dbZ\x302\1\x3013\x3011\x60f\x4ff\x3005\xff010*H\xdf7\x504\x300\x2f9c\xa6fe݄\xf8e4w\xffd8\xffffv\20l\0pq\1\0\1HdIosomn\xfff0\xffffopen\0s\xfff0\xffff\xa678\xf7PI\xfff8\xffffq\xfde0\xffffs\x2ba2\xab28\x82\xf8c8q\a\0\0\1\0\0\0\0\24\0\2\22\0\0\24?\17\0\0\x500\22\0\xb00\24\0\0\0\x500 \0\x220\0\xb00\30\0\2\0\0\x500 \0\x221\0\x1a00\30\0\0\0\x500\25\0&\x2f1e\xe8dd\x1ce4\xa78a2\0\x501\0\0\x500\25\0&\x2f1e\xe8dd\x1ce4\xa78a2\08\xffd8\xffffv\17\2\xffff\3\0am\0\0\xffffURL: AOL Instant Messenger Protocol\0er\xffffn \0\0q\1\0\0\0q\xffff\xffff\0\0\xffff\xffff \x82\xffff\xffff\b\0\0\0\0\0\0\0\xffff\xffff\5\0se\xff6c\xffff\xffffn \0\0q\1\0\0\0Xq\xffff\xffff\0\0\xffff\xffff \x82\xffff\xffff\16\0\0\0\0\0\0\0\xffff\xffff\4\0oe\xffff\xffff\xffffn \0\0q\0\0\0\0\xffff\xffff\xffff\xffff\1\0XA \x82\xffff\xffff\0\0\0\0\0\0D\0\xffff\xffff\a\0cmad\xfff0\xffff&New\0\xffe8\xffffv\0Z\0,\1\0\0\xffffC:\Program Files\AIM\aimauto.exe\0q\xfff0\xffff\xf575\xfff0\xffff\xf150`Pq
\xff88\xffffn \xa9f0w\0\0(\5\5\0\0\0-\xffff\xffff\2\0A \x82\xffff\xffff0\0\0\0\n\0N\0\20\0&\0{\x33428F\x2d461B-A\x2d41\x30411-D\x33364\x323106R\xffc8\xffffPretzel.AxsTextCommand.1\0q\xfff0\xffffH\xf575\b\0+\x501\x705\x806+\x501\x705\x303\3\0\1\0\24\0$
W\xa643\xa7f\x74b\xf649\x2ba2\24\0\1\0\24\0\x2f90|\xf1e\xa54b\x1311\xea47 \0\1\0\x244\000\xa901\xdf28<\xfa82\x10670*H\xdf7\x502\x3000a\x3011\x60f\x704\x813Itre\x17310\x306U
eii\x2c6e n\x312e\x30331\xb04\x2a13VrSg omri\x206cSfwr ulse\x2073C0900\x3030\x3030\x3030\x175a\x300d\x3034\x3031\x323739901\xf30\x306Unent\x3017\x615\xa04VrSg\x202cI\x2e63\x3331\x3130\x306U *eii\x206eCmeca ota\x2065Pbihr \x30410*H\xdf7\x501\x300\x3000\x81iR\x28abTŇJ׀\xd88d\xf10c\x29a9vŦ\xd85c8\xed90T\xef5f\x2de\xdd82\x2988\xa54fd<\xffe8\xffffv\0&\0r\1\0\0r\xfff0\xffff\xd68;\b\0Pq\xffd8\xffffv\vj\0pq\1\0\1Dslyaeɇ\xfff0\xffffrrr\xff88\xffffn \xf3e0_\0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\0q\0\xffff\xffff\0\0\0\0\b\0\x487\0\0\0(\0245C1173\x33382D\x3243\x3236F36D062\xff88\xffffn \xe580\\0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\0q\0\xffff\xffff\0\0\0\0\b\0e\0\0\0(\02137E96AA7F0\x3241DB2A\x3338\x33303\xff88\xffffn \0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\0q\0\xffff\xffff\0\0\0\0\b\0\x3f7\0\0\0(\0372\x304472\x33335FA\x3343445EBDFFA\xff88\xffffn 0\0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x9fe8q\0\xffff\xffff\0\0\0\0\b\0\0\v(\0383\x3336F52CBA\x30460CEB3606C\xfff8\xffffq\xfff8\xffff(q\xfff8\xffff qhiIDORES\0\24\0\1\0\24\0(rs\x2d0e\x1a72 \0\1\0\000\x2002\x3000\x60d\x2a09\xf786
\50\x300b\x609\x604E10\x306U ACLN10\x306U ACLN\x1931\x1730\x306U
P euia A\x3018\x616\xb04\xf13Criiains\x3017\x615\x304I\x2053SRIOE1\x1c30*H\xdf7[email protected]\x2e6ci\x2e73e09\x3130\x3130\x333220\x175a\x300d9\x3232\x3239\x3233\x303170\x300b\x609\x604E10\x306U ACLN10\x306U ACLN\x1931\x1730\x306U
P euia A\x3018\x616\xb04\xf13Criiains\x3017\x615\x304I\x2053SRIOE1\x1c30*H\xdf7[email protected]\x2e6ci\x2e73e0\x309f\x60d\x2a09\xf786
\5\x8d0\xa910\x22d8\x596T\xa7c5وw\x33e\x2dd2lF\xab22
\xdd1d\xf446\xdd01.=p\x187c\xabd0\x777F \\xdba0B\xe6c0\xffd8\xffffv\20l\0q\1\0\1SoIosomn\xfff0\xffff;&\0\xffe0\xffffv\b\4\xffffv\bR\0q\1\0\1\x2ffcHlLn\xffff\4\0\1\0\20\0\x23db=\xfa69KD^A\31\0\1\0\20\0YAWs\x2a4bu\3\0\1\0\24\0'\x24e1W \x2be8V\x32f5\t\0\1\0\26\00\x806+\x501\x705\x806+\x501\x705\v\0\1\08\0VeriSign Class 1 Primary CA\0\24\0\1\0\24\0gH\xea6e\xe5ec^ \0\1\0\x306\000L\xaaeaq\x1093:0*H\xdf7\x505\x3000\xb310\x306US\x3017\x615\xa04VrSg\x202cI\x2e6310\x306U 3ls ul\x2063Pia\x2079Criiai\x206eAtoi\x2079\x202d\x324710\x306U \x2831\x2963 9\x2038VrSg\x202cI\x2e63\x2d20 o uhrz\x2064u\x2065ol1\x1d30\x306U eii\x206eTu\x2074Nto\x306b\x171e
858\x3030\x3030020\x3130\x333255\x305a\xb310\x306US\x3017\x615\xa04VrSg\x202cI\x2e6310\x306U 3ls ul\x2063Pia\x2079Criiai\x206eAtoi\x2079\x202d\x324710\x306U \x2831\x2963 9\x2038VrSg\x202cI\x2e63\x2d20 o uhrz\x2064u\x2065ol1\x1d30\x306U eii\x206eTu\x2074Nto\x306b0*H\xdf7\x501\x300\x3000\x81\x2d16\xfd21\xd894Rn\xa56U\x2187\xde21\x326b\x1b3f\x595\xeb35\xeb92\xdd96?S\xe5ed\x2ae2Z\xa6c4\xa6eb]$\x1aaboQ\xa66e\xe2c8\xe5b7\xdc34A\[email protected]=\x302\1\x3001\x60d\x2a09\xf786
\x501\5\x81\x2cbe\xd9cb-;-k`#\б\xe0db\xdd0dNJ\xe6c0\xa56b\xdda4\xed72N\xead3tAe\xf158<ɇm"\xe85c\xd9f2\xec25\xffd8\xffffv\f\4\2\x20e1\0_b"\xaabd\x34a[fl\xab41A\xec2a) \xa9c0\xed38j\x3042>]PKt\xe4f7a\xf07f\xeb9e\x19abd\x302\1\x304c\x304aH0\x1080\x270d\xe429\x2a05w5\x2d93\x1d30\x1b31\x1930\x306Uo\x2074S\x2043Atoiy\x200a\xed1\x3080\x60d\x2a09\xf786
\5\x24e5\xe815\xed5a_\xdbb2P-\xffffn b\0\0\xe608}\0\0\0\0\xffff\xffff\xffff\xffff\17\0 r \x82\xffff\xffff\0\0\0\0(\0j\0\xf868\3\0WA\xff88\xffffn \xdb00\0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\0q\0\xffff\xffff\0\0\0\0\b\0\0\0\0(\0\x3034E81\x323531D94A11\x3342B3BA5F\xff88\xffffn Є\0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\08q\0\xffff\xffff\0\0\0\0\b\0\x385\0\0\0(\0\x3334DBF\x3346B9\x3337\x333810FB89\x3035\x3332\x30447\x3035\xffe0\xffffv\4\x385\0 q\3\0\1\0Bo\0\0\xff88\xffffn \0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\0@q\0\xffff\xffff\0\0\0\0\b\0\x3f7\0\0\0(\0\x3334FB\x3031DBF4\x3232\x32353\x3042\x30440232E95\xffe0\xffffv\4\x3f7\0\x1970\3\0\1\0Bo\0\0\xff88\xffffn \x2080\xf8b6|\0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\0q\0\xffff\xffff\0\0\0\0\b\0\x31c\0\0\0(\04\x3336C3DCC\x30306962B5\x3344B\x3238586\xffe0\xffffv\4\x31c\0\xe858\3\0\1\0Bo\0\0\xfff8\xffffhq\xff88\xffffn \x2ee0\xf8b9|\0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\0(q\0\xffff\xffff\0\0\0\0\b\0\0\0\0(\04AB1C\x32416\x3238479F\x3234946\x323763D\xffe0\xffffv\4\0\xe020q\3\0\1\xdd9aBoK\xfff8\xffffq\xff88\xffffn \x2ee0\xf8b9|\0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\0q\0\xffff\xffff\0\0\0\0\b\0\x3f8\0\0\0(\04\x3234171FA86CF76\x3238A\x3030AD\x32324\xffe0\xffffv\4\x3f8\0\xf430q\3\0\1\0Bo\0\0\xfff8\xffffq\xffe0\xffffv\4 \0\xf020q\3\0\1\x2bc2Bo\x28d1"\xfff8\xffffq\xfff8\xffffqhi\x2a10\xf283,\xfe194\v\0\1\0006\0FESTE, Public Notary Certs\0\t\0\1\0\26\00\x806+\x501\x705\x806+\x501\x705\3\0\1\0\24\0\xdd43\xf607#|\24\0\1\0\24\0\xe1bd\x2f53\xfbba#_?\x2e82"\x1b1b\xe006 \0\1\0\000\x3000\x60d\x2a09\xf786
\50\x3194\x300b\x609\x604E10\x306U acln10\x306U acln10\x306U
udco ET\x23310\x306UET\x202cPbi oa\x2079Crs\x301e\x61c\x2a09\xf786
\xf16fsefs\x2e65o\x3067\x171e
953\x3239\x32318\x3032\x3130\x3130122\x305a\xb310\x306US\x3012\x610\x804Breoa\x3012\x610\x704Breoa\x3018\x616\xa04\xf13Fnai\x206eFSE#!\x304\x1a13FS\x2c45 ul\x2063Ntr et1\x1c30*H\xdf7[email protected]\x309f\x60d\x2a09\xf786
\5\x8d0\xe100\xf383\x2e9b\xe7c9v\xe7be\x2686\x1a77U&_2A@p\xf1f0\xf8dabSbX\xf76c\x18e1\x280701OYE~\xdbc9\xdfd4\x181eM\x1ad6\x2f3\1\x3030F35B690D\x3341C7\x32394\x3242F\xfff8\xffffq\xfff8\xffff\xdac8q\xfff8\xffffq\xffd8\xffffv\16\24\0hs\1\0\1Dslyeso\xfff8\xffffv\0z\08.\1\0\0q\xfff8\xffffHq\xffd8\xffffv\f4\0p.\1\0\1/Cne\x2074Tp\x2b80/\xffffn `\0\0\0\0\0\0\xffff\xffff\xffff\xffff\1\0A \x82\xffff\xffff\0\0\0\0\0\0.\0\0\0\6\0PoI\0\xfff0\xffff\x22f0/\xefe0NPO\xffe8\xffffv\0\34\0>\1\0\0q\xfff0\xffff \x85\x85q\xfff0\xffffl\1\xeaf8q1\0\xffe8\xffffv\0002\0.\1\0\0\xffe8\xffffv\0(\0\1\0\0\xffe0\xffffv\2h\0-\3\0\1\x3331\0tn\xfff8\xffffq\xfff8\xffffq\xfff8\xffffq\xffd8\xffffv\16\26\07\1\0\1eAtUdtTs \xffe0\xffffv\5\x8e\0<\1\0\1sTkns\b\0Xq\xfff0\xffff\x31f8.\x31f8..\xfff0\xffffhJ`J\x2d90J\xfff8\xffffq\xffe0\xffffv\5<\0<\a\0\1RFlsi\xffe8\xffffCR\x3231\x2030\x31309\x303412\xffe0\xffffv\5N\0\xa6d8\xf7\1\0\1ApDT\xffd0\xffffv\21(\0\1\0\1NxDtcinie\0\0\xffd8\xffffv\v\2Lvlii\xffe0\xffffv\a\4\1(q\1\xfff8\xffff\xe700q\xffffKodak Gallery Easy Upload Manager Class\0+\x501\xffffn O\0\0\xda58q\0\0\0\0\xffff\xffff\xffff\xffff\1\0q \x82\xffff\xffff\0\0\0\0\0\0N\0si\5\0CSDC\xffe8\xffffv\0N\0q\1\0\0\xffff{6f750201-1362-4815-a476-88533de61d0c}\0Eu\xff90\xffffn O\0\0\0\2\0\0\0 q\xffff\xffff\1\0\xdae0q \x82\xffff\xffff\f\0\0\0\0\0P\0\x32363\e\0aoul.FekoUlaM\xe72Eu\xffe8\xffffv\0P\0q\1\0\0q\xffffKodak Gallery Easy Upload Manager Class\0\xd9e7\xffffn 13\0\0q\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xdae8q \x82\xffff\xffff\0\0\0\0\0\0N\07\5\0CSD\xfff8\xffff8q\xfff8\xffffq\xffe8\xffffv\0N\0pq\1\0\0\x305f\xffff{6f750203-1362-4815-a476-88533de61d0c}\0\x60b\x304\xffffn 13\0\0q\0\0\0\0\xffff\xffff\xffff\xffff\1\0Hq \x82\xffff\xffff\0\0\0\0\0\0<\0\xfdcb\x20d8\6\0Cre\xffe8\xffffl\2q[\x7b8q\xffe8\xffffv\0<\0Pq\1\0\0\x77d\xffc0\xffffaxofupld.OFDesktopUploadMgr.4\0\xffe8\xffffv\0P\0\1\0\0D\xffe8\xffffv\0<\0\1\0\0\x28de\xfff8\xffffq\xffe8\xffffv\0v\08\08\1\0\0\x1aac\xffff\24\0\1\0\24\0\xf47b\x3387\xd8509`.\3\0\1\0\24\0\xf048\xd691H\31\0\1\0\20\0ӌ \0\1\0\x2e9\00\xe5020\x11a5Ӕ\xeeed\x30c0\x60d\x2a09\xf786
\5\x1d30\x1b31\x1930\x306Uo\x2074S\x2043Atoi\x3079\x171e
9\x3238\x3030\x3130\x323680\x3230\x33320\x3030\x3030\x305aE\x300b\x609\x604U10\x306U
T oprto\x1c31\x1a30\x306UT yeTu\x2074Ro0\x309f\x60d\x2a09\xf786
\5\x8d0\x220aO\xe5bd\xdf96B$'c^\x2402U=\xdbe5q\x28ba\x21d7\xf56eW'\x172b\x248aM\x2411\xeef3\x2d18O\x2c48\xea8f\xa923\x2122\x2de3\xffe0\xffffv\b,\0q\1\0\1qFlNm\xfff8\xffff\xe550q\xffd8\xffffv\fB\0\xdaf0q\1\0\1\x29dfULnobu\xffe0\xffffv\4\x36e\0\x368r\3\0\1\xda7dBo\2\xe397\xfff8\xffffq\xffe0\xffffv\4\x33f\0 r\3\0\1\0Bo\0\0\xfff8\xffffq\xfff8\xffffq\xfff8\xffffqhiliborca_comm.dll\0\xfdff\xff90\xffffn dO\0\0\0\0\0\0\xffff\xffff\xffff\xffff\1\0qhw\xffff\xffff\0\0\0\0@\0\0 \05F35B690D\x3341C7\x32394\x3242F\xffc8\xffffv \0q\1\0\19\x3030F35B690D\x3341C7\x32394\x3242F\xff08\xffffC:\Documents and Settings\Dawn\Local Settings\Application Data\Kodak EasyShare Gallery Software\Easy Upload\ofutils.dll\0U \xff78\xffffvl\2Dt\oa ayhr alr otae\xffe0\xffffv\5\4\0\0q\0\0\0\0\xffff\xffff\xffff\xffff\5\0Hq \x82\xffff\xffff\0\0\0\0\32\0002\0*\1\0\x3030\xffd8\xffffv\t2\0q\1\0\1NBidae\x10fa\x32de\xffc8\xffffMon May 15 21:47:22 2006\0\xffff\4\0\1\0\20\0*\0\1\08\0VeriSign Class 4 Primary CA\0\t\0\1\0*\0\x2830\x806+\x501\x705\x806+\x501\x705\x806+\x501\x705\x303\x806+\x501\x705\3\0\1\0\24\0?J\xe18baF\24\0\1\0\24\0\xe698.\x20e3.\x1b99\xabc9/ \0\1\0\x306\000~\xab112\xdb41^\xe301\xfdff0*H\xdf7\x505\x3000\xb310\x306US\x3017\x615\xa04VrSg\x202cI\x2e6310\x306U 3ls ul\x2063Pia\x2079Criiai\x206eAtoi\x2079\x202d\x324710\x306U \x2831\x2963 9\x2038VrSg\x202cI\x2e63\x2d20 o uhrz\x2064u\x2065ol1\x1d30\x306U eii\x206eTu\x2074Nto\x306b\x171e
858\x3030\x30300101\x333255\x305a\xb310\x306US\x3017\x615\xa04VrSg\x202cI\x2e6310\x306U 3ls ul\x2063Pia\x2079Criiai\x206eAtoi\x2079\x202d\x324710\x306U \x2831\x2963 9\x2038VrSg\x202cI\x2e63\x2d20 o uhrz\x2064u\x2065ol1\x1d30\x306U eii\x206eTu\x2074Nto\x306b0*H\xdf7\x501\x300\x3000\x81\xf0baTh\xdc44\x30e3s**\xed1c(~\xdc6a$A<\x1cbf\x594n\x1761l0\x2a37P\xdc81[\xeb6e\xe52fW\[email protected]M\xd81f\xe2bc\xe858)\x302\1\x3001\x60d\x2a09\xf786
\x501\5\x81b\xe772 \x28b1\x18ffc\x2b9a \xebc9\x1df5~\xa6e3\x1028u?\x17f9\x2726\x2b6f\xdbc1k\xe5dcZ\[email protected]\xef876\xf187\xeae5\xefa3\xa6fb\xe877/\xdd861V\xd99e\xe841\xffff\4\0\1\0\20\0\xda97\x1d98o3\31\0\1\0\20\0׭\xe192\v\0\1\0<\0Equifax Secure eBusiness CA-2\0\t\0\1\0 \00\x806+\x501\x705\x806+\x501\x705\x806+\x501\x705\x303\3\0\1\0\24\09\x60b\x18e5V\xe110\xe880\24\0\1\0\24\0P\xea0b\x20b9\xa648P\xfdcb\x20d8\xa77a \0\1\0\x324\00\x20030p\x30b5\x60d\x2a09\xf786
\x501\50\xb310\x306US\x3017\x615\xa04Euf\x2078Scr\x2631\x2430\x306U qia eu\x2065euie\x2073C\x322d090\x3332\x323114\x175a
9\x323632450\xb310\x306US\x3017\x615\xa04Euf\x2078Scr\x2631\x2430\x306U qia eu\x2065euie\x2073C\x322d0\x309f\x60d\x2a09\xf786
\5\x8d0\xe4009R\x281b\xf836)\xe7eb\x5ff\xd9e7\x12bf\xf20e$\xde11 , F\xa683Eb\x201b\x3270\xa6cd7\xf304$\x1a07\x2e1ea\xe50b\xdfa5\xabc5q7\xa752\x246aj\x21dfU\x17310\x306U
qia eue&$\xb04\x1d13Euf\x2078Scr Bsns \x2d412\x300d\x60b\x304CL\x1a30\x306\x1d55\x3013\x320f\x31309\x323632450\x306\x1d55\x304\x61f\x231d\x18040P\xea0b\x20b9\xa648P\xfdcb\x20d8\xa77a\x1d30\x306\x1d55^ j\xd8fd \x3076\x60c\x504\x330\x30ff\x61a\x2a09\xf686\x077dA\xd040\x51b\x3356\x302e\x363\x602\x30c0\x60d\x2a09\xf786
\x501\5\x81 \xf51a\xe2275\x293d\x7b4P\xa885\xe042\x70f\xdf39>D~\xe71f\xef9a\xdece\x320b\xd934\x28de\x33edk\xd7d4=\xab58\x97d-\xf570'Ŕɝ\xa69b\xf4d3\xdc0b\x26c5\xe157\x3091\xff10\xffffC:\Documents and Settings\Dawn\Local Settings\Application Data\Kodak EasyShare Gallery Software\Easy Upload\ofxml.dll\0\xfff8\xffffq\xffd8\xffffv\f\4q\xffd0\xffffv\24\4q\0\0\0\0\xffff\xffff\xffff\xffff\1\0q\0\xffff\xffff\0\0\0\0\b\0 \08\v(\04ABDD88E2F\x3235E\x30412\x30324\x32468AF\xffe0\xffffv\4\x36e\0q\3\0\1`Boh\xffe0\xffffv\4:\0 \3\0\1\0Bo\0\0\xffe0\xffffv\4\08r\3\0\1\0Bo\0\0\xfff8\xffffq\xfff8\xffff\xeed0qhi9`. \0\1\0\0000*H\xdf7\x504\x3000E\x300b\x609\x604U10\x306U
T oprto\x1c31\x1a30\x306UT yeTu\x2074Ro09\x3230\x3332\x3332\x3130\x3030\x175a\x300d\x3036\x3232\x32333900\xb310\x306US\x3018\x616\xa04\xf13G\x2045Croain\x301c\x61a\x304G\x2045Cbrrs o\x30740*H\xdf7\x501\x300\x3000\x81\xe6b8O||D\xfd3\xd946\xe564BI\x2d35\xe77a1/\xfb0c\xa79f? \x1b29\xe987\xc7e\xa59f\xf57f\xd882h\x615h\xf8bd\x29f0Z\xa77\x2522\xaa45\xa8d4\x24cc\x2791J\x66d9\x338\x302\1\x3001\x60d\x2a09\xf786
\5\x81u\x1d5fU\0\0\0q\xffff\xffff\0\0\xffff\xffff \x82\xffff\xffff\6\0\0\0\0\0\0\0 \xef42\3\0S0\xffd0\xffffLegitCheckControl.dll\0\xfff0\xffff929ea\0\xff98\xffffn 0\0\0\xa960f\1\0\0\0s\xffff\xffff\0\0\xffff\xffff \x82\xffff\xffff$\0\0\0\0\0\0\0eN\23\0Cd tr aaaeB\0\xffd8\xffffv\n\4\0\xffd8\xffffv\n\4l\2([\x7b8꿭\xfff0\xffff\x1948
\xffd8\xffffl\3\xa8400\0p=\xa7880=\xf2e(q
\30\0v\0\4\0"\r\0\1\xbfC\rga ie\PDgt\x206cIaigSish1b\s\xa95c\xbf\xffffv1\2\0\1\0\1C\rga ie\PDgt\x206cIaigSish1d\s\\xffffv1\2\xffff\1\0q \x82\xffff\xffff\n\0\0\0\0\0P\0a\35\0aoul.FekoUlaM\x2e722\x269c\xffe8\xffffv\0P\0q\1\0\0\xf3e7\xfff8\xffffq\xfff8\xffffXq\xffffhttp://www.microsoft.com/genuine\0~\xffe0\xffffv\b,\0\xee38q\1\0\1FlNm\xff88\xffffn \x2ee0\xf8b9|\0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xdff0q\0\xffff\xffff\0\0\0\0\b\0\0\0\0(\067C70\x3230\x3345C37FD\x324585\x30411934\xffe0\xffffv\4\0\xf470r\3\0\1\0Bo\0\0\xff88\xffffn \x2ee0\xf8b9|\0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xdff8q\0\xffff\xffff\0\0\0\0\b\0\x341\0\0\0(\0686B0EEACB7\x3334\x3339\x3044750A15\xffe0\xffffv\4\x341\0\x3020r\3\0\1\0Bo\0\0\xfff0\xffffnull\0\0\b\0\xe578q\xff88\xffffn \x2ee0\xf8b9|\0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\0\0\0\0(\04\x3246E60CB01\x30456\x3045E43ADB\x3233D\xff88\xffffn \x2ee0\xf8b9|\0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\0"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 11 Apr 2008 6,104,632 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Sat 13 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 20 Oct 2006 121,344 ...H. --- "C:\Documents and Settings\Dawn\Application Data\MSN6\msnupdate!@#@.exe"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0c114cf5b19927cfea8b29c83de1ed86\BIT67.tmp"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22c3bb229d81eea2958e2b928ed5b9f9\BIT63.tmp"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\40a830826de015286a7a5523023b1e09\BIT6D.tmp"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\582374c56f566bb2a83a59d0c2cd7d87\BIT6B.tmp"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6b1eb7074a817bb98d49a4ae9242f4d3\BIT6A.tmp"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6b5f9b6e24a379bdb34ad3589556de3e\BIT72.tmp"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\89b70ceab9c1882c80e33e4e8d6798ba\BIT66.tmp"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\BIT68.tmp"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b79f0480d592be3a8c6db381ffc0c693\BIT6C.tmp"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c3c3c6d9de8be474641d4bbceb22a36f\BIT65.tmp"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cd41db5c2bdd95605f53e6da96f2b182\BIT69.tmp"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d820fbd6e1527bc9c51d0c3b240b96fd\BIT6E.tmp"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d8816d09f86abbe0c321ddc90d5c0948\BIT6F.tmp"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\deb995e7b7d2953ec6904bd5047bd45f\BIT70.tmp"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ee52836d5c671146809a1dc54498be1f\BIT71.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\131ae35a2f5be2cefedd349d083bb253\download\BIT5F.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\299966e551b4462ae94e39e251e277b6\download\BIT5C.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\29f79ad83880337acafe2a37966d9d29\download\BIT64.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\393673217fc83f2b990ca70aa98f1df8\download\BIT60.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a6fd42e27be0137ebef38efe87879ed1\download\BIT5D.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\aa19f15378aa75d2b2c7ba5771e0c521\download\BIT61.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c1b0851ac9312d2f7e1ab716c11967b5\download\BIT62.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\download\BIT5E.tmp"

Finished!



And my new Hijack This log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:35:33 PM, on 6/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6885 bytes
  • 0

#4
IndiGenus

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
Well it looks better, but before we continue with the fix, we need to address something. It doesn't appear you have any Antivirus running. Is this so? If not you should download and install one ASAP before getting re-infected. Here are a few free for home use ones.

AVG AntiVirus
Avast Antivirus Home Version--Free
Antivir Personal - Free

Get one of these installed, updated, and run a full system scan, letting it fix or quarantine anything it finds. Report back how it went and post a new HijackThis log, also let me know how it's running.

Regards,
Dave
  • 0

#5
Scrappie

Scrappie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Okay, I downloaded the AVG one. It says I have 189 warnings. I don't really understand this stuff . . . . do I remove them? How do I know if they really are bad?
I'm still getting a weird homepage. Some Apache site . . I tried to set MSN as my homepage, but it just won't take.


Here is my latest Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:05 PM, on 6/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7434 bytes

Edited by Scrappie, 06 June 2008 - 08:09 PM.

  • 0

#6
IndiGenus

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
Let's just proceed with the fix. At least there is some protection in there now so things don't go bad again.

Use ATF Cleaner to remove temp files,
cookies, cache, ect...

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply along with a Hijackthis log.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please do an online scan with Kaspersky WebScanner

You need to use Internet Explorer for this scan.

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Post a new HijackThis log also.
  • 0

#7
IndiGenus

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
How are you making out here? Still need help?

Please let me know,
Dave
  • 0

#8
Scrappie

Scrappie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Sorry Dave, something came up and I had to be out of town for a couple days.
Okay, I did the first two. I am having trouble getting that Kaspersky one. It told me that I needed Java, so I tried to install that, and it gives me pop ups saying that they encountered an error and couldn't install it.


Here is my latest Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:55:05 PM, on 6/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7562 bytes


And here is what the malwarebytes report said. (It found nothing, by the way)


Malwarebytes' Anti-Malware 1.17
Database version: 848

3:43:31 PM 6/11/2008
mbam-log-6-11-2008 (15-43-31).txt

Scan type: Quick Scan
Objects scanned: 38534
Time elapsed: 13 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#9
IndiGenus

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
Yes, kaspersky just updated their online scanner in the last couple of days to make that change. Some people don't like to have, or don't need Java, as it can present a security risk when not updated. I can give you another scanner to use.

Lets run an F-Secure online scan for Viruses, Spyware and RootKits:
  • Go to http://support.f-sec.../home/ols.shtml
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
Notes:
  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take several hours, so please be patient

  • 0

#10
Scrappie

Scrappie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
It scanned for about 3 hours and then shut down. I will try it again today.
  • 0

Advertisements


#11
Scrappie

Scrappie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I ran it through again. I checked submit samples and when I clicked on automatic cleaning, I got a pop up window saying that there was a malfunction and to close my browser and try again. My computer is running really slow now, webpages take a while to load, it was never slow before. I restarted the computer but it is still going slow.
  • 0

#12
IndiGenus

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
Let's get a little closer look.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#13
Scrappie

Scrappie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Deckard's System Scanner v20071014.68
Run by Dawn on 2008-06-13 12:36:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
97: 2008-06-13 16:37:24 UTC - RP477 - Deckard's System Scanner Restore Point
96: 2008-06-12 21:22:31 UTC - RP476 - System Checkpoint
95: 2008-06-11 20:54:06 UTC - RP475 - System Checkpoint
94: 2008-06-10 20:44:11 UTC - RP474 - System Checkpoint
93: 2008-06-09 19:51:38 UTC - RP473 - System Checkpoint


-- First Restore Point --
1: 2008-03-16 20:52:43 UTC - RP381 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 479 MiB (512 MiB recommended).


-- HijackThis (run as Dawn.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:12 PM, on 6/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Documents and Settings\Dawn\Desktop\dss.exe
C:\WINDOWS\system32\ssstars.scr
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dawn.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7712 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 catchme - c:\docume~1\dawn\locals~1\temp\catchme.sys (file missing)
S3 hamachi_oem (PlayLinc Adapter) - c:\windows\system32\drivers\gan_adapter.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver, OEM>
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: PlayLinc Adapter
Device ID: ROOT\NET\0000
Manufacturer: Super Computer Inc.
Name: PlayLinc Adapter
PNP Device ID: ROOT\NET\0000
Service: hamachi_oem


-- Scheduled Tasks -------------------------------------------------------------

2008-06-09 07:42:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-13 and 2008-06-13 -----------------------------

2008-06-11 16:33:42 0 d-------- C:\fsaua.data
2008-06-11 15:24:06 0 d-------- C:\Documents and Settings\Dawn\Application Data\Malwarebytes
2008-06-11 15:23:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-11 15:23:49 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 15:43:45 0 d-------- C:\Program Files\MyDSC2
2008-06-08 15:43:45 0 d-------- C:\Program Files\JL2005C
2008-06-08 15:43:41 68954 --a------ C:\WINDOWS\system32\drivers\jl2005c.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
2008-06-08 15:43:41 0 d-------- C:\Program Files\JL2005D
2008-06-08 09:17:53 0 d-------- C:\Program Files\PhoTags Express
2008-06-07 14:43:18 0 d-------- C:\Program Files\MSECache
2008-06-06 20:41:02 0 d--h----- C:\$AVG8.VAULT$
2008-06-06 19:43:07 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-06 19:42:41 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-06 19:16:02 0 d-------- C:\Program Files\AVG
2008-06-06 19:03:32 0 d-------- C:\Program Files\Alwil Software
2008-06-06 16:08:12 0 d-------- C:\WINDOWS\ERUNT
2008-06-03 18:41:23 0 d-------- C:\Program Files\Trend Micro
2008-05-21 12:30:43 0 d-------- C:\Program Files\MSN Messenger
2008-05-21 12:25:54 0 d-------- C:\Documents and Settings\Dawn\Application Data\MSNInstaller
2008-05-21 08:44:57 0 d-------- C:\Documents and Settings\Dawn\Application Data\Motive
2008-05-21 06:36:21 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-21 06:34:52 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-20 19:40:38 0 d-------- C:\Program Files\iPod
2008-05-20 19:40:17 0 d-------- C:\Program Files\iTunes
2008-05-20 19:38:41 0 d-------- C:\Program Files\Bonjour
2008-05-20 19:37:20 0 d-------- C:\Program Files\QuickTime
2008-05-20 19:30:11 0 d-------- C:\Program Files\Common Files\Apple
2008-05-20 19:29:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple


-- Find3M Report ---------------------------------------------------------------

2008-06-12 18:15:22 0 d-------- C:\Documents and Settings\Dawn\Application Data\MSN6
2008-05-22 08:49:32 0 d-------- C:\Program Files\verizon
2008-05-21 12:24:11 0 d-------- C:\Program Files\Common Files
2008-05-21 08:36:29 0 d-------- C:\Program Files\Common Files\Motive
2008-05-20 20:02:57 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-20 20:00:05 0 d-------- C:\Documents and Settings\Dawn\Application Data\Adobe
2008-05-20 19:32:50 0 d-------- C:\Program Files\Apple Software Update
2008-04-30 19:38:54 0 d-------- C:\Documents and Settings\Dawn\Application Data\Move Networks


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 08:00 AM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/08/2004 08:31 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/08/2004 08:27 AM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [11/04/2004 07:40 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/04/2004 07:38 PM]
"Motive SmartBridge"="C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe" [06/23/2006 12:33 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [08/04/2003 06:28 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 09:38 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" []
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [08/08/2007 03:53 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [09/28/2007 02:30 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/06/2008 07:42 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"AIM"="C:\Program Files\AIM\aim.exe" [08/01/2006 04:35 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [3/3/2008 9:30:09 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [9/16/2003 6:19:24 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

*Newly Created Service* - F-SECURE_STANDALONE_MINIFILTER



-- End of Deckard's System Scanner: finished at 2008-06-13 12:46:12 ------------
  • 0

#14
Scrappie

Scrappie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is the Extra.txt notepad:


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® M processor 1.30GHz
Percentage of Memory in Use: 74%
Physical Memory (total/avail): 478.42 MiB / 121.61 MiB
Pagefile Memory (total/avail): 1829.14 MiB / 1390.14 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1945.89 MiB

C: is Fixed (NTFS) - 55.88 GiB total, 45.37 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - WDC WD600VE-07HDT0 - 55.89 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 55.88 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Dawn\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DAWN-F48538E7A1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Dawn
LOGONSERVER=\\DAWN-F48538E7A1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Dawn\LOCALS~1\Temp
TMP=C:\DOCUME~1\Dawn\LOCALS~1\Temp
USERDOMAIN=DAWN-F48538E7A1
USERNAME=Dawn
USERPROFILE=C:\Documents and Settings\Dawn
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Dawn (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /X{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Toolbar 2.0 --> "C:\Program Files\AOL\AOL Toolbar 2.0\uninstall.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom 802.11 Wireless LAN Adapter --> "C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
BUM --> MsiExec.exe /I{55937F00-A69B-4049-8D3A-1C7729742B6F}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant AC-Link Audio --> CIAunwdm.exe
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Image Zone 3.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.5 --> "C:\Program Files\HP\Digital Imaging\{18E0918E-1060-48f3-925C-56C82E88551B}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
KODAK EASYSHARE Gallery Easy Upload, v2.1 --> C:\Documents and Settings\Dawn\Local Settings\Application Data\KodakGallery\EasyShareSetup\$SETUP_140007_a537576\Setup.exe /APR-REMOVE
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Dawn\Application Data\Move Networks\ie_bin\Uninst.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}
PhoTags Express --> C:\PROGRA~1\PHOTAG~1\Setup.exe /remove /q0
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PlayLinc --> MsiExec.exe /I{9CCE527D-356F-41A8-9718-77A68AC065FB}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Security Update for Step By Step Interactive Training (KB898458) -->
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SoftV90 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_3080103C\HXFSETUP.EXE -U -Ihpm30805.inf
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Print Shop 20 --> MsiExec.exe /I{152BF35B-56D7-4652-B519-1661AAC270EE}
Uninstall Dual Mode Camera --> "C:\Program Files\JL2005D\unins000.exe"
Verizon Broadband Toolbar --> C:\Program Files\VZBB Toolbar\Uninstall.exe
Verizon Online Help and Support --> C:\PROGRA~1\verizon\UNWISE.EXE C:\PROGRA~1\verizon\INSTALL.LOG
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type16071 / Error
Event Submitted/Written: 06/13/2008 00:43:16 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.

Event Record #/Type16070 / Error
Event Submitted/Written: 06/13/2008 00:43:16 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: The data is invalid.

Event Record #/Type16069 / Error
Event Submitted/Written: 06/13/2008 00:43:16 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type16068 / Error
Event Submitted/Written: 06/13/2008 00:43:01 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: The data is invalid.

Event Record #/Type16067 / Error
Event Submitted/Written: 06/13/2008 00:42:31 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The operation timed out



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type20356 / Error
Event Submitted/Written: 06/12/2008 03:04:13 PM
Event ID/Source: 16 / Windows Update Agent
Event Description:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Event Record #/Type20350 / Warning
Event Submitted/Written: 06/12/2008 00:15:39 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type20340 / Warning
Event Submitted/Written: 06/10/2008 10:20:23 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type20338 / Error
Event Submitted/Written: 06/10/2008 03:04:12 PM
Event ID/Source: 16 / Windows Update Agent
Event Description:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Event Record #/Type20313 / Warning
Event Submitted/Written: 06/09/2008 08:27:17 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.



-- End of Deckard's System Scanner: finished at 2008-06-13 12:46:12 ------------
  • 0

#15
IndiGenus

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
Hi,
I'm not seeing anything malicious at this point and don't believe this is a Malware issue now. There are many other things that can cause poor performance. You do have older hardware, and there is quite a few things running at startup that do not need to be. We did add an Antivirus and that does take some system resources, but is necessary. Take a look through the following links and try some of the suggestions to see if they help.

http://users.telenet...owcomputer.html
http://www.microsoft...estoreperf.mspx
http://tweakhound.co...upertweaks1.htm

Let me know how you make out and post a new HijackThis log.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP