Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

pc slowing down [CLOSED]


  • This topic is locked This topic is locked

#1
kunalmehra13

kunalmehra13

    Member

  • Member
  • PipPip
  • 18 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:17, on 2008-07-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
my pc is slowing down i had 1.6 ghz pentium 4 windows xp professional with sp2 and 1 gb of ram and whenever i run any software my pc slows down and hang up for few minutes
my hijack this log file is below unable to figure it out why its happening not been able to play movies also




C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
F2 - REG:system.ini: UserInit=userinit.exe,iph.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%20Architectural%202/AcDcToday.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred Control) - file:///C:/Program%20Files/AutoCAD%20Architectural%202/InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%20Architectural%202/AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CE620D4-7CF0-43CF-B25A-1CE7CCF57433}: NameServer = 218.248.240.23 218.248.240.135
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4979 bytes
  • 0

Advertisements


#2
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi kunalmehra13

welcome to geekstogo :)

i suspect i can see the problem, so we will do some scans to eliminate the problem and try and catch anything else on your machine.

the scans will likely take 2 hours, quite possibly much longer. so just let them run.


====STEP 1====
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



====STEP 2====
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



====STEP 3====
Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

====STEP 4====
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


In your next reply could i see:
1. the malwarebytes log
2. the SUPERantispyware log
3. the 2 DSS logs

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#3
kunalmehra13

kunalmehra13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
MY SUPER ANTI SYWARE LOG IS AS FOLLOWS

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/06/2008 at 08:19 PM

Application Version : 4.15.1000

Core Rules Database Version : 3497
Trace Rules Database Version: 1488

Scan type : Complete Scan
Total Scan Time : 03:33:44

Memory items scanned : 378
Memory threats detected : 0
Registry items scanned : 5947
Registry threats detected : 0
File items scanned : 65841
File threats detected : 0

Adware.Tracking Cookie
.tribalfusion.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
ads.adbrite.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
www5.addfreestats.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
4.adbrite.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.indiads.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
www4.addfreestats.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.www4.addfreestats.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.toplist.sk [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.toplist.cz [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
ad1.clickhype.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
clicktorrent.info [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
clicktorrent.info [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
clicktorrent.info [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
clicktorrent.info [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
clicktorrent.info [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
clicktorrent.info [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
clicktorrent.info [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
clicktorrent.info [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
clicktorrent.info [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.clicktorrent.info [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.clicktorrent.info [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.clicktorrent.info [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
clicktorrent.info [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
clicktorrent.info [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
clicktorrent.info [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.newstrackindia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.newstrackindia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.ads.ozonemedia.co.in [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.webstats4u.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.richmedia.yahoo.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.worldsex.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.worldsex.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.ads.clicksor.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
www.burstbeacon.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.metacafe.122.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
www7.addfreestats.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.www7.addfreestats.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.usenext.de [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.usenext.de [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.usenext.de [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
adserver.adreactor.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.myroitracking.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
www.sexyandfunny.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.sexyandfunny.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.sexyandfunny.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
rotator.adjuggler.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
rotator.adjuggler.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.xiti.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.iframe.mediaplazza.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.iframe.mediaplazza.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.furry.wikia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.furry.wikia.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
eas.apm.emediate.eu [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
www.bestofindya.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.digg.112.2o7.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.aimfar.solution.weborama.fr [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
counter.search.bg [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.dmtracker.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.ad.zanox.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.adultadworld.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.adultadworld.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.azjmp.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.downloadwarez.org [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.downloadwarez.org [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.ez-tracks.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.ez-tracks.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.ez-tracks.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\y10ycrxh.default\cookies.txt ]



MY DSS MAIN LOG IS


Deckard's System Scanner v20071014.68
Run by a on 2008-07-06 20:44:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
27: 2008-07-06 15:14:51 UTC - RP189 - Deckard's System Scanner Restore Point
26: 2008-07-06 11:09:26 UTC - RP188 - Installed SUPERAntiSpyware Free Edition
25: 2008-07-05 19:23:13 UTC - RP187 - System Checkpoint
24: 2008-07-04 14:14:44 UTC - RP186 - System Checkpoint
23: 2008-07-03 13:57:57 UTC - RP185 - System Checkpoint


-- First Restore Point --
1: 2008-06-11 06:32:11 UTC - RP163 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as a.exe) ---------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:49, on 2008-07-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\a\Desktop\dss.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\a.exe
C:\WINDOWS\system32\taskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
F2 - REG:system.ini: UserInit=userinit.exe,iph.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%20Architectural%202/AcDcToday.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred Control) - file:///C:/Program%20Files/AutoCAD%20Architectural%202/InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%20Architectural%202/AcPreview.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4913 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 Cap7134 (TV Capture Card WDM Video Capture) - c:\windows\system32\drivers\cap7134.sys <Not Verified; Animation Technologies Inc.; LifeView FlyVideo>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
R3 PhTVTune (TV Capture Card WDM TV Tuner) - c:\windows\system32\drivers\phtvtune.sys <Not Verified; Animation Technologies Inc.; LifeView FlyVideo>

S1 vcdrom (Virtual CD-ROM Device Driver) - c:\program files\bit lord 1.1\downloads\return to castle wolfenstein\rtcw - updates included.iso


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S4 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S4 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>
S4 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8029(AS) PCI Ethernet Adapter
Device ID: PCI\VEN_10EC&DEV_8029&SUBSYS_802910EC&REV_00\4&1351887D&0&50F0
Manufacturer: Realtek
Name: Realtek RTL8029(AS) PCI Ethernet Adapter
PNP Device ID: PCI\VEN_10EC&DEV_8029&SUBSYS_802910EC&REV_00\4&1351887D&0&50F0
Service: rtl8029

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&268D196D&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&268D196D&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2008-07-02 13:43:02 248 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-05-01 02:16:10 302 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job
2008-04-13 13:43:38 356 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2008-06-06 and 2008-07-06 -----------------------------

2008-07-06 16:39:42 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-06 16:39:27 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-06 16:39:27 0 d-------- C:\Documents and Settings\a\Application Data\SUPERAntiSpyware.com
2008-07-06 16:39:05 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 14:04:43 0 d-------- C:\Documents and Settings\a\Application Data\Malwarebytes
2008-07-06 14:04:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-06 14:04:37 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-06 00:06:33 0 d-------- C:\Program Files\Trend Micro
2008-07-03 12:24:26 0 dr-h----- C:\Documents and Settings\a\Recent
2008-07-03 10:06:43 0 d-------- C:\Program Files\7-Zip
2008-06-26 21:08:10 0 d--hs---- C:\FOUND.005
2008-06-16 15:17:20 30 -rahs---- C:\WINDOWS\system.bat
2008-06-14 17:56:40 0 d--hs---- C:\FOUND.004
2008-06-06 00:43:17 0 d-------- C:\Program Files\Common Files\xing shared


-- Find3M Report ---------------------------------------------------------------

2008-06-24 01:00:10 3879 --a------ C:\WINDOWS\mozver.dat
2008-06-02 21:40:30 0 d-------- C:\Documents and Settings\a\Application Data\Azureus
2008-06-02 21:37:24 0 d-------- C:\Program Files\Azureus
2008-05-15 11:34:54 0 d-------- C:\Program Files\AVG
2008-05-06 23:55:44 0 d-------- C:\Documents and Settings\a\Application Data\SystemRequirementsLab
2008-05-06 23:38:34 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-04 20:40:12 10 --a------ C:\WINDOWS\popcinfo.dat
2008-05-03 14:16:52 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-22 02:10:36 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-04-12 12:13:20 16384 ---h----- C:\WINDOWS\$NtUninstallKB908519$


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\A system shutdown is in progress.]
A system shutdown is in progress.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"A system shutdown is in progress."= A system shutdown is in progress. [ ]

[HKEY_CLASSES_ROOT\CLSID\A system shutdown is in progress.]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"A system shutdown is in progress."= A system shutdown is in progress. [ ]
"ITBarLayout"= A system shutdown is in progress. [ ]
"ITBar7Layout"= A system shutdown is in progress. [ ]

[-HKEY_CLASSES_ROOT\CLSID\A system shutdown is in progress.]

[-HKEY_CLASSES_ROOT\CLSID\ITBarLayout]

[-HKEY_CLASSES_ROOT\CLSID\ITBar7Layout]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-06 00:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 19:26]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"A system shutdown is in progress."= A system shutdown is in progress. [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"A system shutdown is in progress."= A system shutdown is in progress. [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= A system shutdown is in progress. [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"A system shutdown is in progress."= - A system shutdown is in progress. [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe,iph.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^a^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^a^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^a^Start Menu^Programs^Startup^Metacafe.lnk]
backup=C:\WINDOWS\pss\Metacafe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^a^Start Menu^Programs^Startup^WordWeb.lnk]
backup=C:\WINDOWS\pss\WordWeb.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
D:\bhaiya\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aspnet_state"=3 (0x3)
"Spooler"=2 (0x2)
"ServiceLayer"=3 (0x3)
"RichVideo"=2 (0x2)
"ose"=3 (0x3)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"MDM"=2 (0x2)
"SCardSvr"=3 (0x3)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasAuto"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Netlogon"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"ImapiService"=3 (0x3)
"dmadmin"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"AppMgmt"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07a29e63-1cc3-11dd-807a-0008020e897e}]
Auto\command- MicrosoftPowerPoint.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c1d09ba-0497-11dd-8025-0008020e897e}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Thumbs.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c1d09bb-0497-11dd-8025-0008020e897e}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Thumbs.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c1d09bc-0497-11dd-8025-0008020e897e}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Thumbs.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c1d09bd-0497-11dd-8025-0008020e897e}]
auto\command- J:\Thumbs.com
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Thumbs.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63962508-ed53-11dc-bcbb-0008020e897e}]
AutoRun\command- F:\Install.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba738396-0f97-11dd-804f-0008020e897e}]
Auto\command- MicrosoftPowerPoint.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

*Newly Created Service* - SASDIFSV
*Newly Created Service* - SASENUM
*Newly Created Service* - SASKUTIL



-- End of Deckard's System Scanner: finished at 2008-07-06 20:53:34 ------------


AND MY DSS EXTRA LOG IS

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.60GHz
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 1023.42 MiB / 655.26 MiB
Pagefile Memory (total/avail): 1438.05 MiB / 1153.55 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.79 MiB

C: is Fixed (FAT32) - 29.28 GiB total, 9.01 GiB free.
D: is Fixed (FAT32) - 26.58 GiB total, 3.61 GiB free.
F: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - Maxtor 96147H6 - 55.9 GiB - 2 partitions
\PARTITION0 (bootable) - Unknown - 29.29 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 26.6 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG Anti-Virus v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Bit Lord 1.1\\BitLord.exe"="C:\\Program Files\\Bit Lord 1.1\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\\Program Files\\Counter-Strike\\hlds.exe"="C:\\Program Files\\Counter-Strike\\hlds.exe:*:Enabled:HLDS Launcher"
"C:\\Program Files\\Counter-Strike\\hltv.exe"="C:\\Program Files\\Counter-Strike\\hltv.exe:*:Enabled:HLTV Launcher"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Counter-Strike\\hl.exe"="C:\\Program Files\\Counter-Strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"


-- Environment Variables -------------------------------------------------------

A system shutdown is in progress.
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\a\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MLC-55FD3763C96
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\a
LOGONSERVER=\\MLC-55FD3763C96
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\Common Files\Autodesk Shared;C:\Program Files\Smart Projects\IsoBuster;;C:\PROGRA~1\COMMON~1\AUTODE~1
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\a\LOCALS~1\Temp
TMP=C:\DOCUME~1\a\LOCALS~1\Temp
USERDOMAIN=MLC-55FD3763C96
USERNAME=a
USERPROFILE=C:\Documents and Settings\a
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

a (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

A system shutdown is in progress.
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 6.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG
Any Video Converter 2.5.9 --> "C:\Program Files\Any Video Converter\unins000.exe"
AutoCAD Architectural Desktop 2i --> MsiExec.exe /I{5783F2D7-0004-0409-0000-0060B0CE6BBA}
AVG 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BitLord 1.1 --> C:\Program Files\Bit Lord 1.1\uninst.exe
Clive Barker's Undying™ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{631A0B87-B0B7-4B47-00A2-119A4B942EB6}\setup.exe" -l0x9 Uninstall
CS16 Full v32.1 Non-Steam --> C:\Program Files\Counter-Strike\Uninstal.exe
Functions --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Functions\ST6UNST.LOG"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IsoBuster 2.3 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
jetAudio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe" -l0x9 -removeonly
K-Lite Codec Pack 2.72 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kundli for Windows (Lite Edition) --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Computer Zone\Kundli for Windows (Lite Edition)\DeIsL1.isu" -c"C:\Program Files\Computer Zone\Kundli for Windows (Lite Edition)\_ISREG32.DLL"
LimeWire PRO 4.12.10 --> "C:\Program Files\LimeWire\uninstall.exe"
Little Fighter 2 1.9c --> C:\Program Files\LittleFighter2\LF2_v1.9c\uninst.exe
Magic ISO Maker v5.4 (build 0256) --> C:\PROGRA~1\MAGICISO\UNWISE.EXE C:\PROGRA~1\MAGICISO\INSTALL.LOG
MagicDisc 2.6.93 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Metacafe --> C:\Program Files\Metacafe\uninstaller.exe
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.15) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Essentials --> MsiExec.exe /X{2A8C5C0E-DC54-46BF-92AE-A062C63A1033}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_eng_web.exe /LANG="2057"
Nokia PC Suite --> MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
Nokia Software Updater --> MsiExec.exe /X{F1C1272D-FEE6-4B24-862C-01F4959997E2}
PC Connectivity Solution --> MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
Pool 'm Up --> C:\PROGRA~1\POOL'M~1\UNINSTALL\UNINSTALL.EXE C:\PROGRA~1\POOL'M~1\UNINSTALL\INSTALL.LOG
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SmartMovie Converter (for Symbian phones) --> "C:\Program Files\Lonely Cat Games\SmartMovie Converter (for Symbian phones)\IIUninst.exe" C:\Program Files\Lonely Cat Games\SmartMovie Converter (for Symbian phones)\install.log
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Super DX-Ball v1.00 --> "C:\Program Files\Super DX-Ball\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Switch Off --> "C:\Program Files\Switch Off\uninstall.exe"
TypingMaster 2002 --> "C:\Program Files\TypingMaster\IsStub32.exe" -f"C:\Program Files\TypingMaster\DeIsL1.isu" -c"C:\Program Files\TypingMaster\_ISREG32.DLL"
Uniblue SpeedUpMyPC 3 --> "D:\bhaiya\Uniblue\SpeedUpMyPC 3\unins000.exe"
Uniblue SpyEraser --> "D:\bhaiya\Uniblue\SpyEraser\unins000.exe"
VideoLAN VLC media player 0.8.4a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WordWeb --> C:\Program Files\WordWeb\uninst.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type3064 / Error
Event Submitted/Written: 07/06/2008 08:51:01 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.

Event Record #/Type3063 / Error
Event Submitted/Written: 07/06/2008 08:51:01 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type3062 / Error
Event Submitted/Written: 07/06/2008 08:50:31 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type3061 / Error
Event Submitted/Written: 07/06/2008 08:50:01 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type3044 / Error
Event Submitted/Written: 06/28/2008 01:49:14 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.5730.13, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type9061 / Error
Event Submitted/Written: 07/06/2008 08:44:46 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Event Record #/Type9058 / Error
Event Submitted/Written: 07/06/2008 07:20:09 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The AVG8 WatchDog service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type9057 / Error
Event Submitted/Written: 07/06/2008 07:19:47 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The AVG8 E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type9055 / Error
Event Submitted/Written: 07/06/2008 07:19:43 PM
Event ID/Source: 7031 / Service Control Manager
Event Description
  • 0

#4
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
in this post we will clear the infections i can see.

also, when you reply to the post, click on Add Reply at the bottom of this thread, dont start a new topic.



====STEP 1====
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\iph.exe
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07a29e63-1cc3-11dd-807a-0008020e897e}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c1d09ba-0497-11dd-8025-0008020e897e}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c1d09bb-0497-11dd-8025-0008020e897e}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c1d09bc-0497-11dd-8025-0008020e897e}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c1d09bd-0497-11dd-8025-0008020e897e}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63962508-ed53-11dc-bcbb-0008020e897e}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba738396-0f97-11dd-804f-0008020e897e}
    EmptyTemp
    purity 
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



====STEP 2====
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

F2 - REG:system.ini: UserInit=userinit.exe,iph.exe

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.




In your next reply could i see:
1. the OTMoveIT log
2. a new hijackthis log

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#5
kunalmehra13

kunalmehra13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
sorry buddy i am new to this thats why but please look at this log also its the previous one


hi andrewuk smile.gif smile.gif as u have told me i have followed each and every step and will be posting my logs i wish that u could figure it out why its happening bcoz just for system scanning it took me almost 7 hours combined for those softwares u recommended and pc just keep on getting freeze and then recovering like a sine wave and when i run DSS software i found out a new thing its description i am giving below
this system is shutting down. please save all work in progress and log off.any unsaved changes will be lost. this shutdown was initiated by MLC-55FD3763C96\a WHERE a IS MY USER NAME I GUESS its going to shutdown in 30 mins please help me figure it out whats all this

my malware log is

Malwarebytes' Anti-Malware 1.19
Database version: 926
Windows 5.1.2600 Service Pack 2

16:19:17 2008-07-06
mbam-log-7-6-2008 (16-19-17).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 99365
Time elapsed: 1 hour(s), 33 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#6
kunalmehra13

kunalmehra13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
this is my ot move it log

Explorer killed successfully
File/Folder C:\WINDOWS\iph.exe not found.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07a29e63-1cc3-11dd-807a-0008020e897e} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07a29e63-1cc3-11dd-807a-0008020e897e}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c1d09ba-0497-11dd-8025-0008020e897e} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c1d09ba-0497-11dd-8025-0008020e897e}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c1d09bb-0497-11dd-8025-0008020e897e} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c1d09bb-0497-11dd-8025-0008020e897e}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c1d09bc-0497-11dd-8025-0008020e897e} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c1d09bc-0497-11dd-8025-0008020e897e}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c1d09bd-0497-11dd-8025-0008020e897e} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c1d09bd-0497-11dd-8025-0008020e897e}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63962508-ed53-11dc-bcbb-0008020e897e} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63962508-ed53-11dc-bcbb-0008020e897e}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba738396-0f97-11dd-804f-0008020e897e} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba738396-0f97-11dd-804f-0008020e897e}\\ deleted successfully.
< EmptyTemp >
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07072008_002309
  • 0

#7
kunalmehra13

kunalmehra13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
this is my new hijack this log after removing iph.exe and buddy please look my previous post where i submitted atfcleaner log

Explorer killed successfully
File/Folder C:\WINDOWS\iph.exe not found.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07a29e63-1cc3-11dd-807a-0008020e897e} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07a29e63-1cc3-11dd-807a-0008020e897e}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c1d09ba-0497-11dd-8025-0008020e897e} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c1d09ba-0497-11dd-8025-0008020e897e}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c1d09bb-0497-11dd-8025-0008020e897e} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c1d09bb-0497-11dd-8025-0008020e897e}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c1d09bc-0497-11dd-8025-0008020e897e} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c1d09bc-0497-11dd-8025-0008020e897e}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c1d09bd-0497-11dd-8025-0008020e897e} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c1d09bd-0497-11dd-8025-0008020e897e}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63962508-ed53-11dc-bcbb-0008020e897e} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63962508-ed53-11dc-bcbb-0008020e897e}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba738396-0f97-11dd-804f-0008020e897e} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba738396-0f97-11dd-804f-0008020e897e}\\ deleted successfully.
< EmptyTemp >
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07072008_002309
  • 0

#8
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
seems you submitted the OTMoveIT log twice, could you run a new hijackthis log for me please
  • 0

#9
kunalmehra13

kunalmehra13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
this is the latest hijack this log file


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:47, on 2008-07-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%20Architectural%202/AcDcToday.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred Control) - file:///C:/Program%20Files/AutoCAD%20Architectural%202/InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%20Architectural%202/AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CE620D4-7CF0-43CF-B25A-1CE7CCF57433}: NameServer = 218.248.240.23 218.248.240.135
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5166 bytes
  • 0

#10
kunalmehra13

kunalmehra13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
hi andrewuk :) when i run DSS softwarewhich you told me previously to use i found out a new thing its description i am giving below
this system is shutting down. please save all work in progress and log off.any unsaved changes will be lost. this shutdown was initiated by MLC-55FD3763C96\a WHERE a IS MY USER NAME I GUESS its going to shutdown in 30 mins please help me figure it out whats all this as i have posted this before also but u didn't replied to it
  • 0

Advertisements


#11
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
i am still working on that description.

meanwhile, how is your machine running now?
  • 0

#12
kunalmehra13

kunalmehra13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
right now my machine is fine as i am not running any softwares but it just slows down if i run 2 softwares for instance if i run winamp and play pool game it just hang and freezes the game then after couple of mins it will be ok then again it freezes after some time and also if i use any software for long time it start freezing my pc even using firefox
  • 0

#13
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
ok, what i thought may have been causing the problem has gone, so lets try and run the DSS again:

  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open one Notepads main.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt in your next reply.

andrewuk

Edited by andrewuk, 06 July 2008 - 03:38 PM.

  • 0

#14
kunalmehra13

kunalmehra13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
my dss main log file is as follows


Deckard's System Scanner v20071014.68
Run by a on 2008-07-07 10:24:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as a.exe) ---------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25, on 2008-07-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\a\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\a.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%20Architectural%202/AcDcToday.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred Control) - file:///C:/Program%20Files/AutoCAD%20Architectural%202/InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%20Architectural%202/AcPreview.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 4736 bytes

-- Files created between 2008-06-07 and 2008-07-07 -----------------------------

2008-07-06 23:42:49 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2008-07-06 16:39:42 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-06 16:39:27 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-06 16:39:27 0 d-------- C:\Documents and Settings\a\Application Data\SUPERAntiSpyware.com
2008-07-06 16:39:05 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 14:04:43 0 d-------- C:\Documents and Settings\a\Application Data\Malwarebytes
2008-07-06 14:04:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-06 14:04:37 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-06 00:06:33 0 d-------- C:\Program Files\Trend Micro
2008-07-03 12:24:26 0 dr-h----- C:\Documents and Settings\a\Recent
2008-07-03 10:06:43 0 d-------- C:\Program Files\7-Zip
2008-06-26 21:08:10 0 d--hs---- C:\FOUND.005
2008-06-16 15:17:20 30 -rahs---- C:\WINDOWS\system.bat
2008-06-14 17:56:40 0 d--hs---- C:\FOUND.004


-- Find3M Report ---------------------------------------------------------------

2008-06-24 01:00:10 3879 --a------ C:\WINDOWS\mozver.dat
2008-06-06 00:43:18 0 d-------- C:\Program Files\Common Files\xing shared
2008-06-02 21:40:30 0 d-------- C:\Documents and Settings\a\Application Data\Azureus
2008-06-02 21:37:24 0 d-------- C:\Program Files\Azureus
2008-05-15 11:34:54 0 d-------- C:\Program Files\AVG
2008-05-06 23:38:34 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-04 20:40:12 10 --a------ C:\WINDOWS\popcinfo.dat
2008-05-03 14:16:52 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-22 02:10:36 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-04-12 12:13:20 16384 ---h----- C:\WINDOWS\$NtUninstallKB908519$


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\A system shutdown is in progress.]
A system shutdown is in progress.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"A system shutdown is in progress."= A system shutdown is in progress. [ ]

[HKEY_CLASSES_ROOT\CLSID\A system shutdown is in progress.]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"A system shutdown is in progress."= A system shutdown is in progress. [ ]
"ITBarLayout"= A system shutdown is in progress. [ ]
"ITBar7Layout"= A system shutdown is in progress. [ ]

[-HKEY_CLASSES_ROOT\CLSID\A system shutdown is in progress.]

[-HKEY_CLASSES_ROOT\CLSID\ITBarLayout]

[-HKEY_CLASSES_ROOT\CLSID\ITBar7Layout]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-06 00:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 19:26]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"A system shutdown is in progress."= A system shutdown is in progress. [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"A system shutdown is in progress."= A system shutdown is in progress. [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= A system shutdown is in progress. [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"A system shutdown is in progress."= - A system shutdown is in progress. [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^a^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^a^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^a^Start Menu^Programs^Startup^Metacafe.lnk]
backup=C:\WINDOWS\pss\Metacafe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^a^Start Menu^Programs^Startup^WordWeb.lnk]
backup=C:\WINDOWS\pss\WordWeb.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
D:\bhaiya\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aspnet_state"=3 (0x3)
"Spooler"=2 (0x2)
"ServiceLayer"=3 (0x3)
"RichVideo"=2 (0x2)
"ose"=3 (0x3)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"MDM"=2 (0x2)
"SCardSvr"=3 (0x3)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasAuto"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Netlogon"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"ImapiService"=3 (0x3)
"dmadmin"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"AppMgmt"=3 (0x3)




-- End of Deckard's System Scanner: finished at 2008-07-07 10:26:37 ------------
  • 0

#15
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi kunalmehra13

seems like we still need to find what is placing your machine in shutdown. this scan will take a while, but hopefully will show us what is going on.


Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
andrewuk
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP