Computer Hope
Software => Computer viruses and spyware => Topic started by: Sean0514 on July 06, 2008, 01:57:14 PM
-
HI...
My Computer is a HP pavillion 513n with Windows XP service pack 3. well my computer just recently started to run slow like the computer useage bounces back and fourth from 75%-100% constently. and my commit charge will range from 350M-450M out of 1246M. it started doing this when i got a protection thing from my isp Time Warner. it is called CA internet protection. i got this because i accidently fell for spyware and downloaded WinSpywareProtect. now my computer is completly free of viruses but now it runs slow. it takes a long time to open a program and then a long time toanything in that program. and it takes 5-10 min to restart the computer. what can i do to fix this problem? if you need to know more about my computer or other pics just ask but also tell me how to find out that info for u, i am not very good with computers.
these are my prosesses and performance, when it is being fast it is worse that that right now. \/
(http://i64.photobucket.com/albums/h184/guitarist0514/cpu.jpg)
(http://i64.photobucket.com/albums/h184/guitarist0514/cpu2.jpg)
(http://i64.photobucket.com/albums/h184/guitarist0514/cpu3.jpg)
Thanks
-
Try going to to Start --> Run --> msconfig and press Enter
Head over to the Startup tab and untick anything you don't need on startup.
(note: anything you untick and still be used without having to tick it again.)
Run the Disk Defragmenter a few.
(Star --> All Programs --> Accessories --> System Tools --> Defragmenter.)
I suggest downloading CCleaner (http://www.computerhope.com/forum/index.php/topic,57879.0.html).
You can tick whatever you want but make sure that System --> Temporary Files is ticked and then run the cleaner.
Also with CCleaner, scan the registry and remove the keys it finds a few times.
Post back with the results.
-
Difficult to tell but it looks like you have Windows Defender running. Perhaps it is conflicting with the program that you received from your ISP. Try disabling Windows Defender and post back.
-
HI...
My Computer is a HP pavill.......
Thanks
Guitar pro nice choice :)
-
HI...
My Computer is a HP pavill.......
Thanks
Guitar pro nice choice :)
?
-
ok i ran ccleaner and i did nothing...i ran disk cleanup...i cant run defrag because lasttime i tried to it took so long i will defrag tonite but i analysed it and this is what i got \/
(http://i64.photobucket.com/albums/h184/guitarist0514/com4.jpg)
i dont think this is causeing the slowness tho because my com has never been this slow before.
oh and the 5% free space shouldent mean anything because back when my computer was fast i had even less space than that.
-
I would try defragmenting but you should keep at least 10% free.
If this is a recent problem, I would try using System Restore and restoring to a date before the problem occurred.
Any recent downloads/installs lately?
-
yea this all started after i installed my CA internet security from TIme Warner
-
Can you uninstall it and see what happens?
-
Difficult to tell but it looks like you have Windows Defender running. Perhaps it is conflicting with the program that you received from your ISP. Try disabling Windows Defender and post back.
Did you do this?
-
yes i did do that it did nothing. i believe the problem is that my something in my prosesses is making my cpu slow down. my cpu useage is 100%
-
Can you uninstall it and see what happens?
It wouldn't hurt to post a HijackThis log as well.
-
a what ???
-
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
Scan the computer and post the log here.
Don't fix anything yet.
-
Here you go
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:50 PM, on 7/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LxrAutorun] C:\Documents and Settings\Owner\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214675863734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214675775171
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 9892 bytes
-
Is CA a trial or is it paid for?
What did you do to get rid of the virus you spoke of?
-
it is paid for it came with time warner my isp. i got rid of WinSpywareProtect. i accedently downloaded it back when i did not have CA but i got CA and got rid of WinSpywareProtect.now my cpu is slow as balls. >:(
-
Post a log from MBAM please.
Download Malwarebytes' Anti-Malware from here (http://www.besttechie.net/tools/mbam-setup.exe) or here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
-
Malwarebytes' Anti-Malware 1.19
Database version: 899
Windows 5.1.2600 Service Pack 3
9:47:28 PM 7/6/2008
mbam-log-7-6-2008 (21-46-23).txt
Scan type: Quick Scan
Objects scanned: 42628
Time elapsed: 27 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\labelcommand.labelcommand (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\labelcommand.labelcommand.1 (Trojan.BHO) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\BASE (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\DELETED (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\SAVED (Rogue.Multiple) -> No action taken.
Files Infected:
C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\Winspywareprotect.exe (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080702150346251.log (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080702154424812.log (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080702163754703.log (Rogue.Multiple) -> No action taken.
-
Everything says No action taken. Did you remove them after you copied the log?
Download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) to your Desktop.
Note: You must be logged onto an account with administrator privileges.
Vista users Right click DSS and Run as Administrator.
- Close all applications and windows.
- Double-click on dss.exe to run it, and follow the prompts.
- When the scan is complete, two text files will open.
- main.txt <- this one will be maximized
- extra.txt <- this one will be minimized
- Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply.
-
main
Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-06 22:04:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
23: 2008-07-07 02:04:40 UTC - RP389 - Deckard's System Scanner Restore Point
22: 2008-07-06 23:14:24 UTC - RP388 - Removed Windows Defender
21: 2008-07-05 18:34:54 UTC - RP387 - Removed Risk II
20: 2008-07-05 18:30:31 UTC - RP386 - Removed Power Tab Editor 1.7
19: 2008-07-05 18:29:41 UTC - RP385 - Configured The Sims Deluxe Edition
-- First Restore Point --
1: 2008-06-29 07:00:35 UTC - RP367 - BricoPack Automatic Restore Point
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 510 MiB (512 MiB recommended).
System Drive C: has 2.54 GiB (less than 15%) free.
-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:59 PM, on 7/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Q0DKPS5N\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LxrAutorun] C:\Documents and Settings\Owner\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214675863734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214675775171
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 9983 bytes
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 drvmcdb - c:\windows\system32\drivers\drvmcdb.sys <Not Verified; VERITAS Software, Inc.; >
R1 sscdbhk5 - c:\windows\system32\drivers\sscdbhk5.sys <Not Verified; VERITAS Software, Inc.; >
R1 ssrtln - c:\windows\system32\drivers\ssrtln.sys <Not Verified; VERITAS Software, Inc.; >
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 drvnddm - c:\windows\system32\drivers\drvnddm.sys <Not Verified; VERITAS Software, Inc.; >
R2 LxrSII1d (Secure II Driver) - c:\windows\system32\drivers\lxrsii1d.sys
R2 tfsnboio - c:\windows\system32\dla\tfsnboio.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsncofs - c:\windows\system32\dla\tfsncofs.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsndrct - c:\windows\system32\dla\tfsndrct.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsndres - c:\windows\system32\dla\tfsndres.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnifs - c:\windows\system32\dla\tfsnifs.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnopio - c:\windows\system32\dla\tfsnopio.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnpool - c:\windows\system32\dla\tfsnpool.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnudf - c:\windows\system32\dla\tfsnudf.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnudfa - c:\windows\system32\dla\tfsnudfa.sys <Not Verified; VERITAS Software, Inc.; >
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
S3 StMp3Rec (Player Recovery Device Control Driver) - c:\windows\system32\drivers\stmp3rec.sys <Not Verified; Generic; Generic MP3 Player>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 LxrSII1s (Lexar Secure II) - lxrsii1s.exe
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
S2 AOL ACS (AOL Connectivity Service) - "c:\program files\common files\aol\acs\aolacsd.exe" (file missing)
-
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-07-02 20:29:35 456 --a------ C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Owner at 5 00 AM.job
-- Files created between 2008-06-06 and 2008-07-06 -----------------------------
2008-07-06 22:04:03 0 d-------- C:\WINDOWS\CAVTemp
2008-07-06 21:09:30 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-06 21:09:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-06 21:09:09 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-06 20:30:54 0 d-------- C:\Program Files\Trend Micro
2008-07-06 17:21:31 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-07-06 16:22:20 0 d-------- C:\Program Files\CCleaner
2008-07-05 14:13:01 0 d-------- C:\Documents and Settings\NetworkService\My Documents
2008-07-02 21:22:08 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-07-02 21:17:12 0 d-------- C:\Program Files\LimeWire
2008-07-02 19:21:36 0 d-------- C:\Program Files\Common Files\Scanner
2008-07-02 19:21:02 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-07-02 19:20:59 0 d-------- C:\Program Files\CA
2008-07-02 18:25:28 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-02 18:24:01 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-02 15:37:36 0 d-------- C:\Documents and Settings\Owner\Application Data\FrostWire
2008-07-02 15:37:15 0 d-------- C:\Program Files\FrostWire
2008-07-02 15:03:53 0 d-------- C:\Program Files\LabelCommand
2008-07-01 22:49:11 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-01 22:49:10 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-07-01 22:49:09 0 d-------- C:\Program Files\ffdshow
2008-07-01 22:46:45 0 d-------- C:\Program Files\TVersity
2008-07-01 21:22:41 7602176 --a------ C:\Documents and Settings\Owner\ntuser.dat
2008-06-30 00:09:29 0 d-------- C:\Documents and Settings\Owner\Application Data\acccore
2008-06-30 00:06:59 0 d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-06-30 00:06:28 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-06-30 00:05:23 0 d-------- C:\Program Files\AIM6
2008-06-29 03:14:36 0 d-------- C:\Program Files\Thoosje Sidebar V2.3
2008-06-29 02:59:23 0 d-------- C:\WINDOWS\BricoPacks
2008-06-28 21:44:14 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-28 21:09:56 0 d-------- C:\WINDOWS\Prefetch
2008-06-28 20:01:37 0 d-------- C:\WINDOWS\system32\scripting
2008-06-28 20:01:30 0 d-------- C:\WINDOWS\l2schemas
2008-06-28 20:01:29 0 d-------- C:\WINDOWS\system32\en
2008-06-28 19:49:45 0 d-------- C:\WINDOWS\network diagnostic
2008-06-28 13:59:47 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
-- Find3M Report ---------------------------------------------------------------
2008-07-05 14:35:19 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-02 18:24:01 0 d-------- C:\Program Files\Common Files
2008-06-30 00:07:12 0 d-------- C:\Program Files\Viewpoint
2008-06-30 00:06:01 0 d-------- C:\Program Files\Common Files\AOL
2008-06-29 11:57:07 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-29 11:39:30 0 d-------- C:\Program Files\Movie Maker
2008-06-29 11:39:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-28 20:02:16 0 d-------- C:\Program Files\Messenger
2008-06-28 19:54:18 0 d-------- C:\Program Files\Windows NT
2008-06-28 13:44:36 0 d-------- C:\Program Files\Java
2008-06-25 10:32:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8FB8EB3-183B-4598-924D-86F0E5E37085}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 07:04 PM]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [05/03/2002 08:06 PM C:\WINDOWS\system32\nwiz.exe]
"KBD"="C:\HP\KBD\KBD.EXE" [07/07/2001 12:56 AM]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [05/09/2002 11:01 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [07/16/2002 11:03 AM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [12/19/2001 02:39 AM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [11/02/2004 09:03 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [11/02/2004 08:59 AM]
"PS2"="C:\WINDOWS\system32\ps2.exe" [06/14/2002 07:39 PM]
"LTMSG"="LTMSG.exe" [07/14/2003 10:52 AM C:\WINDOWS\ltmsg.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 01:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"NWEReboot"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07/10/2006 07:57 PM]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [08/16/2007 10:19 PM]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [07/02/2008 07:22 PM]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [08/20/2007 01:36 PM]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [07/02/2008 07:25 PM]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [07/02/2008 07:25 PM]
"@"="" []
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [07/02/2008 07:25 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"LxrAutorun"="C:\Documents and Settings\Owner\Local Settings\Application Data\Lexar Media\LxrAutorun.exe" [11/09/2006 12:00 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [06/19/2008 01:51 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 05/18/2007 01:30 PM 79368 C:\WINDOWS\system32\UmxWNP.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"C:\Program Files\America Online 9.0\AOL.EXE" -b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1158980299\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8dcacce8-c22c-11dc-9cf9-00402b3edfbd}]
AutoRun\command- G:\setupSNK.exe
-- End of Deckard's System Scanner: finished at 2008-07-06 22:25:24 ------------
-
extra
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: Intel(R) Celeron(R) CPU 1.80GHz
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 509.98 MiB / 161.31 MiB
Pagefile Memory (total/avail): 1246.22 MiB / 779.21 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1829.46 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 50.86 GiB total, 2.54 GiB free.
D: is Fixed (FAT32) - 5.02 GiB total, 1.18 GiB free.
F: is CDROM (UDF)
\\.\PHYSICALDRIVE0 - ST360020A - 55.9 GiB - 2 partitions
\PARTITION0 - Unknown - 5.03 GiB - D:
\PARTITION1 (bootable) - Installable File System - 50.86 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SEANS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\SEANS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program files\PC-Doctor for Windows XP\WINDSAPI;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0103
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=SEANS
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Owner (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {09DA4F91-2A09-4232-AB8C-6BC740096DE3}
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
CA Internet Security Suite --> "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u
Camera Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1B3874F-3057-11D6-B2EA-0050BA18806B}\Setup.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Detto IntelliMover Demo --> MsiExec.exe /X{E62C706B-1352-4DCA-B4D4-81C24750B70F}
DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
ffdshow [rev 1723] [2007-12-24] --> "C:\Program Files\ffdshow\unins000.exe"
Guitar Pro 5.0 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Instant Support --> C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Memories Disc --> MsiExec.exe /X{FF384BDE-429B-45AD-A0C6-E593393D9D1C}
hp toolkit --> c:\Windows\HPTK\unhptkit.exe
Inactive HP Printer Drivers (Remove only) --> RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 prntunin.inf
Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
iPod for Windows 2005-11-17 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8338BA06-E527-491B-9400-F51708FEE695} /l1033
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{872653C6-5DDC-488B-B7C2-CF9E4D9335E5} /l1033
J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
KBD --> C:\HP\KBD\KBD.EXE uninstalled
Kublox --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {F7A4D9BE-D989-45B9-BB49-2C0EA34B9991}
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LimeWire PRO 4.18.2 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
PC-Doctor for Windows --> C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\PC-DOC~1\INSTALL.LOG
PigPen --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {B279B0DA-6F60-4FBD-9847-0C9AB79A3674}
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RecordNow Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type6807 / Success
Event Submitted/Written: 07/06/2008 04:27:07 PM
Event ID/Source: 88 / UmxAgent
Event Description:
explorer.exe started
Event Record #/Type6806 / Success
Event Submitted/Written: 07/06/2008 04:27:07 PM
Event ID/Source: 88 / UmxAgent
Event Description:
explorer.exe started
Event Record #/Type6805 / Success
Event Submitted/Written: 07/06/2008 04:27:07 PM
Event ID/Source: 88 / UmxAgent
Event Description:
explorer.exe started
Event Record #/Type6804 / Success
Event Submitted/Written: 07/06/2008 04:27:07 PM
Event ID/Source: 88 / UmxAgent
Event Description:
Shell is started at session 0
Event Record #/Type6803 / Success
Event Submitted/Written: 07/06/2008 04:27:07 PM
Event ID/Source: 88 / UmxAgent
Event Description:
explorer.exe started
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type36922 / Warning
Event Submitted/Written: 07/06/2008 09:59:48 PM
Event ID/Source: 8004 / MRxSmb
Event Description:
A request has been submitted to promote the computer to backup when it is already a
master browser.
Event Record #/Type36921 / Warning
Event Submitted/Written: 07/06/2008 09:59:18 PM
Event ID/Source: 8004 / MRxSmb
Event Description:
A request has been submitted to promote the computer to backup when it is already a
master browser.
Event Record #/Type36920 / Warning
Event Submitted/Written: 07/06/2008 09:55:18 PM
Event ID/Source: 8004 / MRxSmb
Event Description:
A request has been submitted to promote the computer to backup when it is already a
master browser.
Event Record #/Type36919 / Error
Event Submitted/Written: 07/06/2008 09:21:42 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer LIVINGROOM
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B7A8107F-30A1-436.
The master browser is stopping or an election is being forced.
Event Record #/Type36917 / Error
Event Submitted/Written: 07/06/2008 07:54:23 PM
Event ID/Source: 4321 / NetBT
Event Description:
The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.0.195.
The machine with the IP address 192.168.0.198 did not allow the name to be claimed by
this machine.
-- End of Deckard's System Scanner: finished at 2008-07-06 22:25:24 ------------
-
While nice to have, Thoosje Sidebar and Briopacks are a huge resource drain as well. I would suggest uninstalling them to see if it helps.
You need to finish uninstalling all of Norton/Symantec. Go to add/remove programs and uninstall:
LiveReg (Symantec Corporation)
----------
Your Java is out of date.
Older versions have vulnerabilities that malicious sites can use to infect your system.
Install the new version Sun Java Runtime Environment (http://majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html)
Remove the old version(s)
- Go to add/remove programs and uninstall:
- J2SE Runtime Environment 5.0 Update 7
- Java(TM) 6 Update 5
- Next Download JavaRa (http://prm753.bchea.org/JavaRa.zip) and unzip the file to your Desktop.
- Open JavaRA.exe and choose Remove Older Versions
- Once complete exit JavaRA and delete the program.
- Run CCleaner.
.
----------
Everything in the MBAM log says No action taken. Did you remove them after you copied the log?
How is everything now?
-
how do i uninstall Thoosje Sidebar and Briopacks it is not in add/remove programs
-
Download Combofix by sUBs from one of the below links.
- Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
- Link #2 (http://subs.geekstogo.com/ComboFix.exe)
Important! Combofix.exe MUST be saved to and ran from the Desktop.
- Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
- Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
- Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
- If yours is not listed and you don't know how to disable it, please ask.
- Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
- Double click combofix.exe & follow the prompts.
- Choose Yes to accept the Disclaimers.
- When finished, it will produce a log for you.
- Post that log in your next reply.
Warning: Do not mouseclick Combofix's window while it is running. That may cause it to stall
- If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
- Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.
If needed, see this Combofix tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) with screenshots that will detail more thoroughly the downloading and running of Combofix.
----------
Next post add
Combofix log
-
wait before that dont i uninstall Thoosje Sidebar and Briopacks it is not in add/remove programs. how do i uninstall it
-
We're going to use Combofix to uninstall it.
-
how do i shut off CA antivirus CA anti-spyware and CA anti spam
-
Don't worry about the AV unless it stops Combofix from running, then let me know.
CA Personal Firewall
Navigate to the system tray on the bottom right hand corner and look for the CA sign.
* Right click it-> hover (mouse-over) over CA Personal Firewall menue option. A sub-menu will popup.
* Please chose "Disable CA Personal Firewall"
* Unfortunately the system tray icon does not change, so if you want to double-check whether or not you successfully disabled the Firewall, do the above steps again and look for "Enable CA Personal Firewall." If this is the case, then you successfully disabled the CA Personal Firewall Guard.
-
JavaRa 1.08 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Mon Jul 07 00:01:20 2008
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0
Found and removed: Software\JavaSoft\Java2D\1.5.0_07
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\JavaPlugin.150_07
------------------------------------
Finished reporting.
-
ComboFix 08-07-05.1 - Owner 2008-07-07 0:18:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.152 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-06-07 to 2008-07-07 )))))))))))))))))))))))))))))))
.
2008-07-06 23:43 . 2008-07-06 23:42 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-07-06 22:33 . 2008-07-06 22:33 <DIR> d-------- C:\WINDOWS\LastGood
2008-07-06 22:04 . 2008-07-06 22:07 <DIR> d-------- C:\WINDOWS\CAVTemp
2008-07-06 22:03 . 2008-07-06 22:03 <DIR> d-------- C:\Deckard
2008-07-06 21:09 . 2008-07-06 21:09 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-06 21:09 . 2008-07-06 21:09 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-06 21:09 . 2008-07-06 21:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-06 21:09 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-06 21:09 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-06 20:30 . 2008-07-06 20:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-06 16:22 . 2008-07-06 16:22 <DIR> d-------- C:\Program Files\CCleaner
2008-07-03 14:44 . 2008-07-06 14:48 65,058 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2008-07-03 14:44 . 2008-07-06 14:48 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2008-07-03 14:44 . 2008-07-06 14:48 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2008-07-03 14:44 . 2008-07-06 14:48 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2008-07-03 14:44 . 2008-07-06 14:48 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2008-07-03 14:44 . 2008-07-06 14:48 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2008-07-03 14:44 . 2008-07-06 14:48 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2008-07-03 14:44 . 2008-07-06 14:48 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2008-07-02 21:22 . 2008-07-03 23:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-07-02 21:17 . 2008-07-02 22:39 <DIR> d-------- C:\Program Files\LimeWire
2008-07-02 19:25 . 2008-07-02 19:25 880,560 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2008-07-02 19:25 . 2008-07-02 19:25 108,368 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2008-07-02 19:22 . 2007-08-20 13:37 99,592 --a------ C:\WINDOWS\system32\isafeif.dll
2008-07-02 19:22 . 2007-08-20 13:26 79,424 --a------ C:\WINDOWS\system32\vetredir.dll
2008-07-02 19:22 . 2007-08-20 13:37 75,016 --a------ C:\WINDOWS\system32\isafprod.dll
2008-07-02 19:22 . 2007-08-20 13:38 32,264 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-07-02 19:22 . 2007-08-20 13:38 26,376 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2008-07-02 19:22 . 2007-08-20 13:38 21,512 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-07-02 19:22 . 2007-08-20 13:38 21,128 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2008-07-02 19:21 . 2008-07-02 19:21 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-07-02 19:21 . 2008-07-02 19:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-07-02 19:20 . 2008-07-02 19:21 <DIR> d-------- C:\Program Files\CA
2008-07-02 18:25 . 2008-07-02 19:46 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-02 18:24 . 2008-07-02 18:24 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-07-02 18:24 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-07-02 15:37 . 2008-07-05 14:24 <DIR> d-------- C:\Program Files\FrostWire
2008-07-02 15:37 . 2008-07-02 17:46 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\FrostWire
2008-07-02 15:03 . 2008-07-03 05:45 <DIR> d-------- C:\Program Files\LabelCommand
2008-07-01 22:49 . 2008-07-01 22:49 <DIR> d-------- C:\Program Files\ffdshow
2008-07-01 22:49 . 2007-11-29 12:52 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-07-01 22:49 . 2007-12-24 13:47 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-01 22:49 . 2007-12-03 16:34 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm
2008-07-01 22:49 . 2007-11-29 12:52 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-07-01 22:46 . 2008-07-01 22:46 <DIR> d-------- C:\Program Files\TVersity
2008-06-30 00:09 . 2008-06-30 00:09 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\acccore
2008-06-30 00:06 . 2008-06-30 00:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-06-30 00:06 . 2008-06-30 00:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-06-30 00:05 . 2008-06-30 00:08 <DIR> d-------- C:\Program Files\AIM6
2008-06-30 00:04 . 2008-06-30 00:24 1,230 --ah----- C:\IPH.PH
2008-06-29 03:14 . 2008-06-29 11:39 <DIR> d-------- C:\Program Files\Thoosje Sidebar V2.3
2008-06-29 03:06 . 2008-06-29 03:06 2,359,350 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-06-29 02:59 . 2008-06-29 02:59 <DIR> d-------- C:\WINDOWS\BricoPacks
2008-06-28 21:44 . 2008-06-28 21:44 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-28 20:01 . 2008-06-28 20:01 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-28 20:01 . 2008-06-28 20:01 <DIR> d-------- C:\WINDOWS\system32\en
2008-06-28 20:01 . 2008-06-28 20:01 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-28 19:19 . 2008-04-13 20:12 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-06-28 19:18 . 2008-04-13 20:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
2008-06-28 14:35 . 2008-04-23 00:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-28 14:35 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-28 14:35 . 2007-03-08 01:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-28 14:35 . 2008-04-23 00:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-28 14:35 . 2008-04-23 00:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-28 14:35 . 2008-06-13 07:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-28 14:35 . 2008-04-23 00:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-28 14:35 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-28 14:35 . 2008-04-23 00:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-28 14:35 . 2008-04-23 00:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-28 14:35 . 2008-04-22 03:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-28 14:11 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-28 13:59 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-06-28 13:59 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-06-28 13:59 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-06-28 13:59 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-06-28 13:44 . 2008-07-06 23:42 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-19 12:13 . 2008-06-19 12:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-19 12:13 . 2008-06-19 12:13 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 04:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-07 03:56 --------- d-----w C:\Program Files\Java
2008-07-05 18:35 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-30 04:07 --------- d-----w C:\Program Files\Viewpoint
2008-06-30 04:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-30 04:06 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-29 15:57 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-29 15:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42 11,264 ------w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ------w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ------w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ------w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ------w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ------w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
.
-
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2008-07-06 23:42 34816 --a------ C:\Program Files\Java\jre6\bin\jp2ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2008-07-06 23:43 73728 --a------ C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LxrAutorun"="C:\Documents and Settings\Owner\Local Settings\Application Data\Lexar Media\LxrAutorun.exe" [2006-11-09 12:00 24576]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-06-19 13:51 50528]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-07 00:56 61440]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-05-09 11:01 155648]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2002-07-16 11:03 106549]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2001-12-19 02:39 212992]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 09:03 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 08:59 126976]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-06-14 19:39 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-10 19:57 155648]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-16 22:19 177416]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-07-02 19:22 14088]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 13:36 230664]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-02 19:25 1193224]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-02 19:25 173320]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-02 19:25 259336]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-07-06 23:42 136600]
"nwiz"="nwiz.exe" [2002-05-03 20:06 364544 C:\WINDOWS\system32\nwiz.exe]
"LTMSG"="LTMSG.exe" [2003-07-14 10:52 40960 C:\WINDOWS\ltmsg.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 13:30 79368 C:\WINDOWS\system32\UmxWNP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-10-18 11:58 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-07-10 19:57 155648 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-09-22 23:00 26112 C:\Program Files\Real\RealPlayer\realplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys [2007-10-18 10:24]
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2007-05-18 13:30]
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2007-05-18 13:30]
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2007-10-18 14:21]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-07-06 23:42]
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys [2007-10-18 10:24]
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2007-11-02 12:09]
R2 LxrSII1d;Secure II Driver;C:\WINDOWS\system32\Drivers\LxrSII1d.sys [2006-12-14 10:37]
R2 UmxAgent;HIPS Event Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 10:24]
R2 UmxCfg;HIPS Configuration Interpreter;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 10:24]
R2 UmxPol;HIPS Policy Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2007-05-18 13:30]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2007-09-13 15:15]
R3 PPCtlPriv;PPCtlPriv;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-08-16 21:10]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2008-04-13 20:12]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2008-04-13 20:12]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2008-04-13 20:12]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2008-04-13 20:12]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8dcacce8-c22c-11dc-9cf9-00402b3edfbd}]
\Shell\AutoRun\command - G:\setupSNK.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - JAVAQUICKSTARTERSERVICE
.
Contents of the 'Scheduled Tasks' folder
"2008-07-03 00:29:35 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Owner at 5 00 AM.job"
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
.
- - - - ORPHANS REMOVED - - - -
BHO-{A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
WebBrowser-{A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKLM-Run-Windows Media Connect 2 - C:\Program Files\Windows Media Connect 2\WMCCFG.exe
HKLM-Run-NWEReboot - (no file)
Notify-NavLogon - (no file)
MSConfigStartUp-AOL Fast Start - C:\Program Files\America Online 9.0\AOL.EXE
MSConfigStartUp-AOLDialer - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
MSConfigStartUp-HostManager - C:\Program Files\Common Files\AOL\1158980299\ee\AOLSoftware.exe
MSConfigStartUp-NeroFilterCheck - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-Yahoo! Pager - C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 00:26:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-07 0:35:01
ComboFix-quarantined-files.txt 2008-07-07 04:34:46
Pre-Run: 2,576,900,096 bytes free
Post-Run: 2,639,933,440 bytes free
276 --- E O F --- 2008-07-02 01:52:02
-
Delete these files/folders, as follows:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
- Click Start , then Run
- Type notepad.exe in the Run Box.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
KillAll::
Folder::
C:\Program Files\Thoosje Sidebar V2.3
C:\WINDOWS\BricoPacks
File::
C:\WINDOWS\BricoPack Wallpaper.bmp
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze
----------
Next:
Go to Start > Control Panel > Internet Options
In the General tab, Temporary Internet Files, click:Delete Files
When prompted, check:Delete all offline content
You can also check: Delete Cookies (You will have to re-enter passwords at websites that require them.)
Click OK
Then, go to Start > Run and enter: cleanmgr
Select the drive to clean: C:\
Check the following boxes and then press OK to remove:- Temporary Files
- Temporary Internet Files
- RecycleBin
Agree to the prompt to perform the action...
.
----------
How is everything now?
-
how long should comgbo fix run for i let it run for an hour and it still wasnt finished
-
It should take under 20 minutes.
Go to C:\combofix.txt and see if there is a log there.
-
again i waited an 45 min and combofix still did not finish...there is no log anywhere...do i have to shut off my anti-virus, firewall.etc....is there any other way we can do this
-
Delete the copy of combofix from the desktop and download then rename the new version as described below.
Download and rename Combofix by sUBs from one of the below links.
(Try all three if necessary)
Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://subs.geekstogo.com/ComboFix.exe)
Combofix MUST be saved to the desktop.
STOP all of your antivirus, antispyware, and other protection monitoring programs
Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Close all other browser windows.
Now right click on the combofix.exe icon on your Desktop and select Rename. Rename it to cf.exe This may help Combofix to run where certain malware attempts to block the original file name from running.
Now click Start, select Run.. and Copy and Paste the below exactly as written into the Run box.
"%userprofile%\desktop\cf.exe" /killall
Example:
(http://i154.photobucket.com/albums/s258/evilfantasy69/runcf.png)
Click the OK button and Combofix will begin to run and do the following.
- It will terminate some running processes.
- It will set your clock to a 24 hour setting (will be restored to normal when finished running properly)
- It will disconnect your PC from the internet. The connection is automatically restored before Combofix completes its run. If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
- If malware is found, Combofix will reboot your PC automatically when finished with the scan. When your PC restarts and after you log back in, Combofix will finish running and create a log. Do not interrupt this process.
- Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall.
- Do not attempt to use the internet or run anything else while it is running as you will most likely interfere with what it needs to do.
When finished, it will produce a log (C:\combofix.txt) for you.
When finished, it will produce a log file located at C:\ComboFix.txt
Post the contents of that log in your next reply.
-
hey lets start over from the begining...combo fix was <edit> up my computer. so i did a system restore so lets start from ther very beging my computer is still slow so what check to see if any thing is wrong with my computer
-
Watch the language this is a family site.
Go HERE (http://www.computerhope.com/forum/index.php/topic,46313.msg290095.html#msg290095) run the scans and post the logs when complete.
-
from what i noticed on your hjt log a while back, you seem to have viewpoint. GO to ad/remove programs and uninstall anything that says viewpoint. Viewpoint is malware that basically tells servers to send spam and pop-ups to your computer(i think)
-
from what i noticed on your hjt log a while back, you seem to have viewpoint. GO to ad/remove programs and uninstall anything that says viewpoint. Viewpoint is malware that basically tells servers to send spam and pop-ups to your computer(i think)
Please stay out of malware threads while the malware specialist is working with the OP.
Advice offered at the wrong time (even well intentioned advice) could seriously harm someone's computer, undo lots of hard work or cause additional work. Rest assured that if you see something, the malware specialist will also.
-
paudashlake Viewpoint is NOT malware.
Viewpoint Media Player/Manager/Toolbar is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".
More importantly if you had read the log correctly then you would notice the user is an AOL user. Removing Viewpoint will do no good as it will just come right back. Therefore I never had them remove it to start with.
-
sorry about the swearing....here are those scan logs
[recovering disk space -- attachment deleted by admin]
-
here are the ccleaner and javara logs......the first ccleaner is from the very begining and the last ccleaner is from after java ra
[recovering disk space -- attachment deleted by admin]
-
i dont know which programs i can delete i dont want to mess up my computer....so is a pic of my add/remove programs...
[recovering disk space -- attachment deleted by admin]
-
Open Hijackthis and select Do a system scan only.
Place a check mark next to the following entries: (if there)
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O9 - Extra button: Mojicon Dispenser - {3B3628FF-E084-47ef-8797-FA36FC2571EA} - C:\Program Files\Mojicon\Mojicon\mojiwin.exe (file missing)
O20 - Winlogon Notify: RelevantKnowledge - C:\Program Files\RelevantKnowledge\rlls.dll (file missing)
Important: Close all windows except for Hijackthis and then click Fix checked.
Exit Hijackthis and run CCleaner.
----------
Download Dr.Web CureIt! (http://ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe) & save it to your desktop.
- Double-click on cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
- Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
- Once the short scan has finished, Click Options > Change settings
- Choose the "Scan tab" and UNcheck "Heuristic analysis"
- Back at the main window, click "Custom Scan", then "Select drives" (a red dot will show which drives have been chosen).
- Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
- When done, a message will be displayed at the bottom advising if any viruses were found.
- Click "Yes to all" if it asks if you want to cure/move the file.
- When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
- Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
- Save the DrWeb.csv report to your desktop.
- Exit Dr.Web Cureit when done.
- Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
You can use Notepad to open the DrWeb.cvs report by right clicking it and selecting Open with > Notepad
----------
Create An Uninstall List- Start HijackThis
- Click on the Open the Misc Tools section
- Click on the Open Uninstall Manager button.
- Click on the Save list button and specify where you would like to save this file and click Save.
- When you press Save button a notepad will open with the contents of that file.
- Copy and paste that list in your reply.
.
----------
Now run a new Hijackthis scan and post the log.
----------
Next post add
Dr. Web log
Uninstall List
New Hijackthis log
-
here r those tests
[recovering disk space -- attachment deleted by admin]
-
Go to add/remove programs and uninstall:
Java(TM) 6 Update 5
Java(TM) 6 Update 6
Viewpoint Media Player
Do you know what these relate to in add/remove programs?
146180
181949
----------
Download Combofix by sUBs from one of the below links.
- Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
- Link #2 (http://subs.geekstogo.com/ComboFix.exe)
Important! Combofix.exe MUST be saved to and ran from the Desktop.
- Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
- Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
- Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
- If yours is not listed and you don't know how to disable it, please ask.
- Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
- Double click combofix.exe & follow the prompts.
- Choose Yes to accept the Disclaimers.
- When finished, it will produce a log for you.
- Post that log in your next reply.
Warning: Do not mouseclick Combofix's window while it is running. That may cause it to stall
- If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
- Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.
If needed, see this Combofix tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) with screenshots that will detail more thoroughly the downloading and running of Combofix.
----------
Next post add
Combofix log
-
146180
181949
i dont know what these are
Java(TM) 6 Update 5
and it wont let me delete this. an error message says: error applying transforms. verify that the specified transform paths are valid.
[recovering disk space -- attachment deleted by admin]
-
Download JavaRa (http://www.majorgeeks.com/JavaRa_d5967.html)
- Unzip the file and open the JavaRa.exe
- Click Remove Older Versions
- JavaRa will search for and remove any outdated version of Java and remove any that are found.
- Exit JavaRa.
- Delete the JavaRa .zip .exe and .html files from the Desktop.
.
----------
Thats only a partial CF log.
Go to Start > Run then type c:\combofix.txt and click OK.
Copy and paste the entire log back here.
-
it said it could not find that file.......combofix messes with my computer... it froze at the log writing stage...i let it sit for 20 min...so i closed it it....should i run it again..it says dont run any programs during log stage but i have AIM start when i turn my compurter on.....didi that make it freeze...or was i just impatient...and should i run it again?
here is the javara log...
[recovering disk space -- attachment deleted by admin]
-
Lets do this instead.
Uninstall Combofix.
Go to Start > Run and type combofix /u then click OK.
Note the space between combofix and /u
----------
Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune and save it to your Desktop.
Alternate Download link (http://www.majorgeeks.com/ATF_Cleaner_d4949.html)
Windows Vista users: ATF-Cleaner must be Run as an Administrator (http://vistasupport.mvps.org/run_as_administrator.htm)
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
- Windows Temp
- Current User Temp
- All Users Temp
- Temporary Internet Files
- Prefetch
- Java Cache
- Recycle bin
The rest are optional - if you want it to remove everything check Select All
Now click Empty Selected
When you get the Done Cleaning message, click OK
Firefox users click Firefox on the menu bar
Click on Select All, then click Empty
Note: If you want to keep your saved Passwords click No on the prompt.
Opera users click Opera on the menu bar
Click on Select All, then click Empty
Note: If you want to keep your saved Passwords click No on the prompt
Important: Restart the computer before continuing.
----------
Use the Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html)
You must use Internet Explorer.
This scan can take some time to complete so please be patient.
- Click Accept.
- Answer Yes, when prompted to install an ActiveX component.
- The program will then begin downloading the latest definition files.
- Once the files have been downloaded click on NEXT
- Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
- Extended
- Scan Options:
- Scan Archives[
- Scan Mail Bases
- Click OK & have it scan My Computer
When the scan is done, in the Scan is complete window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As...
(http://i154.photobucket.com/albums/s258/evilfantasy69/kscancomplete.jpg)
- Next, in the Save as prompt, Save in area, select: Desktop.
- In the File name area, use KScan, or something similar.
- In Save as type: click the drop arrow and select: Text file [*.txt]
- Then, click: Save
(http://i154.photobucket.com/albums/s258/evilfantasy69/Kas-Savetxt.gif)
Copy and paste the Kaspersky Online Scanner Report in your next reply.
After Kaspersky is done run a new Hijackthis scan and post that log also.[/list]
-
i will do this test tonite and post the log tomorrow... but my clock is stuck in 24-hour mode and my date is in the year/month/day mode how do i fix them
-
Thats an indication that Combofix didn't complete it's procedure. I don't know why it wouldn't complete unless the messenger did somehow interfere with it. Be sure to uninstall combofix.
To change military time to standard time
Go to Start > Control Panel > Regional and Language Options
Click the Customize button
Select the Time tab
In the Time Format area use the down arrow to select: h:mm:ss tt
Click Apply
Click OK
Click Apply
Click OK
Restart the computer.
-
would you please help me to learn more about computer,,,,,,, :P :P
-
I want to study more about computer,, i think you may help me..........
-
Hello jenevie duro. Welcome to CH.
What exactly are you trying to learn, and if I may ask what is your native language?
-
Continued here. http://www.computerhope.com/forum/index.php/topic,64604.new.html#new
Closed.
Sean0514 if you need this topic reopened then please send me a PM.