Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Slow Computer

  1. 12-23-2006, 11:23 AM #1
    Jay
    Jay is offline Junior Member
    Join Date
    Dec 2006
    Posts
    8

    Slow Computer

    Okay the IE is extremely slow and when I exit IE the desktop icons go blank then reappear, and have to get out and reboot sometimes to get things working again. I have Spybot/Adaware and CC cleaner and run them alot and always check for updates. I ran WinPFIND and this is what it showed. I probably should of done hijack this but in my haste I sorta circumvented the system, sorry for this. But if you could take a look and let me know and if I need the HJT then I'll get it. Thanks.

    WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

    If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

    »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
    Internet Explorer Version: 7.0.5730.11

    »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

    Checking %SystemDrive% folder...
    PEC2 2/16/2005 9:53:30 AM 4194304 C:\FILE0154._DD

    Checking %ProgramFilesDir% folder...

    Checking %WinDir% folder...
    SAHAgent 10/4/2004 5:07:32 PM 110806 C:\WINDOWS\Default.sf0
    UPX! 8/29/2004 1:06:52 PM 332800 C:\WINDOWS\DOTEST.EXE
    UPX! 5/3/2005 11:44:44 AM 25157 C:\WINDOWS\RMAgentOutput.dll
    UPX! 8/29/2004 1:07:16 PM 91648 C:\WINDOWS\realtime.exe
    PEC2 5/19/2001 8:08:44 PM 6656 C:\WINDOWS\pcboot.exe
    qoologic 11/1/2004 726 AM 3101 C:\WINDOWS\atoock.dll
    abetterinternet.com 11/1/2004 726 AM 3101 C:\WINDOWS\atoock.dll
    buddy.exe 7/15/2005 10:05:06 PM 798 C:\WINDOWS\wininit.sd
    UPX! 11/7/2005 5:59:06 AM 170053 C:\WINDOWS\tsc.exe
    PECompact2 11/6/2005 12:56:54 PM 16351245 C:\WINDOWS\VPTNFILE.931
    qoologic 11/6/2005 12:56:54 PM 16351245 C:\WINDOWS\VPTNFILE.931
    SAHAgent 11/6/2005 12:56:54 PM 16351245 C:\WINDOWS\VPTNFILE.931
    aspack 8/22/2005 1:51:50 AM 545280 C:\WINDOWS\flashax.exe
    PECompact2 11/6/2005 12:56:54 PM 16351245 C:\WINDOWS\LPT$VPN.931
    qoologic 11/6/2005 12:56:54 PM 16351245 C:\WINDOWS\LPT$VPN.931
    SAHAgent 11/6/2005 12:56:54 PM 16351245 C:\WINDOWS\LPT$VPN.931
    UPX! 11/7/2005 6:14:28 AM 1044560 C:\WINDOWS\vsapi32.dll
    aspack 11/7/2005 6:14:28 AM 1044560 C:\WINDOWS\vsapi32.dll

    Checking %System% folder...
    UPX! 3/31/2003 7:00:06 AM 65536 C:\WINDOWS\SYSTEM32\localsplnet.dll
    PEC2 2/28/2006 12:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
    winsync 2/28/2006 12:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
    aspack 2/28/2006 12:00:00 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
    PEC2 10/18/2006 9:47:20 PM 8231936 C:\WINDOWS\SYSTEM32\wmploc.dll
    Umonitor 2/28/2006 12:00:00 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
    PTech 5/17/2006 11:23:38 AM 579888 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
    PECompact2 12/7/2006 3:13:46 PM 10716584 C:\WINDOWS\SYSTEM32\MRT.exe
    aspack 12/7/2006 3:13:46 PM 10716584 C:\WINDOWS\SYSTEM32\MRT.exe

    Checking %System%\Drivers folder and sub-folders...

    Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


    Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
    12/23/2006 7:28:06 AM S 2048 C:\WINDOWS\bootstat.dat
    12/13/2006 7:12:36 PM H 0 C:\WINDOWS\SYSTEM32\DRIVERS\UMDF\MsftWdf_user_01_0 0_00.Wdf
    12/23/2006 10:29:18 AM H 1024 C:\WINDOWS\SYSTEM32\config\system.LOG
    12/23/2006 10:30:26 AM H 1024 C:\WINDOWS\SYSTEM32\config\software.LOG
    12/23/2006 7:43:48 AM H 1024 C:\WINDOWS\SYSTEM32\config\default.LOG
    12/23/2006 7:28:08 AM H 1024 C:\WINDOWS\SYSTEM32\config\SAM.LOG
    12/23/2006 7:28:58 AM H 1024 C:\WINDOWS\SYSTEM32\config\SECURITY.LOG
    12/23/2006 8:29:32 AM H 1024 C:\WINDOWS\SYSTEM32\config\systemprofile\ntuser.da t.LOG
    12/22/2006 7:13:18 AM S 126 C:\WINDOWS\SYSTEM32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E 410D69E2C6F3E2DB75C7DB3
    12/22/2006 7:13:18 AM S 1039 C:\WINDOWS\SYSTEM32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\Content\CFC456E7E4 10D69E2C6F3E2DB75C7DB3
    10/27/2006 3:10:48 PM S 42340 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ie7.cat
    11/8/2006 12:24:16 AM S 11671 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923694.cat
    12/7/2006 8:30:20 PM S 9057 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923689.cat
    11/2/2006 11:54:58 AM S 34696 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WMFDist11.cat
    11/2/2006 12:13:58 PM S 27554 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\wmp11.cat
    11/3/2006 7:52:42 AM HS 85504 C:\WINDOWS\All Users\DRM\drmv2.lic
    11/19/2006 3:55:08 PM HS 14848 C:\WINDOWS\All Users\DRM\drmv2.sst
    11/1/2006 11:25:52 PM HS 48 C:\WINDOWS\All Users\DRM\v2ks.sec
    11/1/2006 11:25:52 PM HS 312 C:\WINDOWS\All Users\DRM\v2ks.bla
    12/18/2006 6:21:24 PM HS 723584 C:\WINDOWS\All Users\DRM\IndivBox.key
    11/3/2006 7:47:18 AM HS 4348 C:\WINDOWS\All Users\DRM\DRMv1.key
    12/18/2006 6:21:24 PM HS 11955 C:\WINDOWS\All Users\DRM\v2ksndv.bla
    11/3/2006 7:47:18 AM HS 4348 C:\WINDOWS\All Users\DRM\DRMv1.bak
    12/18/2006 6:21:28 PM HS 364544 C:\WINDOWS\All Users\DRM\drmstore.hds
    12/13/2006 7:14:36 PM HS 10289 C:\WINDOWS\All Users\DRM\v3ks.bla
    12/13/2006 7:14:36 PM HS 740 C:\WINDOWS\All Users\DRM\v3ks.sec
    12/13/2006 7:14:34 PM HS 0 C:\WINDOWS\All Users\DRM\Cache\Indiv01.tmp
    11/3/2006 7:47:16 AM HS 400 C:\WINDOWS\All Users\DRM\Cache\Indiv01.bla
    11/3/2006 7:47:16 AM HS 234176 C:\WINDOWS\All Users\DRM\Cache\Indiv01.key
    12/18/2006 6:21:24 PM HS 0 C:\WINDOWS\All Users\DRM\Cache\Indiv02.tmp
    12/18/2006 6:21:24 PM HS 11955 C:\WINDOWS\All Users\DRM\Cache\Indiv02.bla
    12/18/2006 6:21:24 PM HS 723584 C:\WINDOWS\All Users\DRM\Cache\Indiv02.key
    12/23/2006 7:28:18 AM H 6 C:\WINDOWS\Tasks\SA.DAT

    Checking for CPL files...
    Microsoft Corporation 2/28/2006 12:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl
    Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
    Microsoft Corporation 10/17/2006 1:05:48 PM 1817088 C:\WINDOWS\SYSTEM32\inetcpl.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
    Microsoft Corporation 2/28/2006 8:00:00 AM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
    Microsoft Corporation 2/28/2006 8:00:00 AM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
    Microsoft Corporation 10/17/2006 1:05:48 PM 1817088 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
    Microsoft Corporation 2/28/2006 12:00:00 PM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
    Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

    »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

    Checking files in %ALLUSERSPROFILE%\Startup folder...

    Checking files in %ALLUSERSPROFILE%\Application Data folder...
    10/22/2006 2:22:58 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

    Checking files in %USERPROFILE%\Startup folder...

    Checking files in %USERPROFILE%\Application Data folder...
    10/22/2006 2:22:58 PM HS 62 C:\Documents and Settings\MY COMPUTER\Application Data\desktop.ini
    7/3/2006 1:12:04 AM 1532 C:\Documents and Settings\MY COMPUTER\Application Data\dw.log
    12/17/2006 5:54:54 AM 78152 C:\Documents and Settings\MY COMPUTER\Application Data\GDIPFONTCACHEV1.DAT

    »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform]
    =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Shell Extensions\Approved]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Shell Extensions\Approved]

    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\IM MenuShellExt
    {F8984111-38B6-11D5-8725-0050DA2761C4} = C:\PROGRAM FILES\INCREDIMAIL\BIN\IMSHEXT.DLL
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Of fline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Op en With
    {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Op en With EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Sy mantec.Norton.Antivirus.IEContextMenu
    {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\PROGRA~1\NORTON~2\NORTON~1\NavShExt.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Wi nRAR
    =
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Wi nZip
    {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a 2a9545d-a0c2-42b4-9708-a0b2badd77c8}
    Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ContextMenuHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ContextMenuHandlers\Symantec.Norton.Antivirus.IEC ontextMenu
    {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\PROGRA~1\NORTON~2\NORTON~1\NavShExt.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ContextMenuHandlers\WinRAR
    =
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ContextMenuHandlers\WinZip
    {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\Sharing
    {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\WinRAR
    =
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\WinZip
    {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects]
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}
    = C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
    = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
    =
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
    &Tip of the Day = C:\WINDOWS\SYSTEM32\SHDOCVW.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    {90222687-F593-4738-B738-FBEE9C7B26DF} = Show Norton Toolbar : C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}
    MenuText = Uninstall BitDefender Online Scanner v8 :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
    ButtonText = AIM : C:\Program Files\Aim\Aim95_c5\aim.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583}
    MenuText = @xpsp3res.dll,-20001 :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
    ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
    Media Band = C:\WINDOWS\SYSTEM32\BROWSEUI.DLL
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
    =
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
    Favorites Band = %SystemRoot%\system32\shdocvw.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
    History Band = %SystemRoot%\system32\shdocvw.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
    Explorer Band = %SystemRoot%\system32\shdocvw.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
    {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
    {DE9C389F-3316-41A7-809B-AA305ED9D922} = :
    {F2CF5485-4E02-4F68-819C-B92DE9277049} = &Links : C:\WINDOWS\system32\ieframe.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    SystemTray "SysTray.Exe"
    ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    osCheck "C:\Program Files\Norton Internet Security\osCheck.exe"
    QuickTime Task "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]
    IMAIL Installed = 1
    MAPI Installed = 1
    MSFS Installed = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnceEx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    ctfmon.exe C:\WINDOWS\system32\ctfmon.exe

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServices]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Network

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\NonEnum
    {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DL L
    {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
    {0DF44EAA-FF21-4412-828E-260A8728E7F1} =


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Ratings

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Ratings\.Default

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Ratings\PICSRules

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Ratings\PICSRules\.Default
    NumSys 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\system
    dontdisplaylastusername 0
    legalnoticecaption
    legalnoticetext
    shutdownwithoutlogon 1
    undockwithoutlogon 1


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies]

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\Explorer
    NoDriveTypeAutoRun 145
    CDRAutoRun
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\Network

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\System


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
    PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
    CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
    WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll
    SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
    WPDShServiceObj {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,
    Shell = Explorer.exe
    System =

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
    Debugger = ntsd -d

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLs


    »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
    Scan completed on 12/23/2006 10:34:33 AM
    Reply With Quote Reply With Quote
  2. 12-23-2006, 03:24 PM #2
    jholland1964's Avatar
    jholland1964
    jholland1964 is offline Administrator
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    80
    Posts
    4,079
    PP will have to interpret this WPFind log. But please give us a HJT log also. I can tell more from the HJT log, usually.
    Judy
    Reply With Quote Reply With Quote
  3. 12-23-2006, 03:58 PM #3
    Jay
    Jay is offline Junior Member
    Join Date
    Dec 2006
    Posts
    8
    Here is the listing from the HJT.

    Logfile of HijackThis v1.99.1
    Scan saved at 3:54:54 PM, on 12/23/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\MY COMPUTER\Local Settings\Temp\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O4 - HKLM\..\Run: [SystemTray] "SysTray.Exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\Aim95_c5\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://69.65.108.158/Java/cfs40320.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/potf_x.cab
    O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/game...s/y/sdt1_x.cab
    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.originalicons.com/members/arrtv.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-36.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
    O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://206.222.17.186/images/PopupSh.ocx
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents...1/imloader.cab
    O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    Reply With Quote Reply With Quote
  4. 12-23-2006, 05:58 PM #4
    PhilliePhan's Avatar
    PhilliePhan
    PhilliePhan is offline High-Voltage Messiah
    Join Date
    Aug 2006
    Posts
    578

    Lightbulb

    Quote Originally Posted by jholland1964 View Post
    PP will have to interpret this WPFind log. But please give us a HJT log also. I can tell more from the HJT log, usually.
    Judy
    Hi Judy,

    Didn't have time to give full analysis what with the holiday weekend and all, but at quick glance it looks like possible a Rogue App as well as other baddies.

    These look like they bear further scrutiny. They don't look right to me - but again, I only just gave a verrry quick look.

    UPX! 8/29/2004 1:06:52 PM 332800 C:\WINDOWS\DOTEST.EXE
    PEC2 5/19/2001 8:08:44 PM 6656 C:\WINDOWS\pcboot.exe
    qoologic 11/1/2004 726 AM 3101 C:\WINDOWS\atoock.dll
    abetterinternet.com 11/1/2004 726 AM 3101 C:\WINDOWS\atoock.dll
    aspack 8/22/2005 1:51:50 AM 545280 C:\WINDOWS\flashax.exe



    -- What other cleaning has been done prior to posting here? Looks like Trend's Sysclean has been run, among others.


    Happy Christmas
    PP
    Philadelphia Phillies
    Reply With Quote Reply With Quote
  5. 12-23-2006, 08:21 PM #5
    jholland1964's Avatar
    jholland1964
    jholland1964 is offline Administrator
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    80
    Posts
    4,079
    Jay, you really need to go to this link READ ME Before Posting A Request For Assistance!
    Run ALL of PP's steps, IN THE ORDER Recommended and using the instructions he gives. Once you have completed all the steps then run a new HJT scan and post it, along with the AVG Anti-spy log here.
    Reply With Quote Reply With Quote
  6. 12-24-2006, 01:38 PM #6
    Jay
    Jay is offline Junior Member
    Join Date
    Dec 2006
    Posts
    8
    Okay I regrouped and ran everything that would run that is in the read this before you post (Sorry should of started there) anyway here is the HJT log that I just ran so it should be the one needed. If I missed something PLEASE excuse me and I'll try it again, it's been a real mad house and I apreciate your time looking and taking away from your season festivities. Thanks again.

    Logfile of HijackThis v1.99.1
    Scan saved at 1:33:13 PM, on 12/24/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\MY COMPUTER\Local Settings\Temp\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O4 - HKLM\..\Run: [SystemTray] "SysTray.Exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\Aim95_c5\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://69.65.108.158/Java/cfs40320.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/potf_x.cab
    O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/game...s/y/sdt1_x.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-36.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://206.222.17.186/images/PopupSh.ocx
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents...1/imloader.cab
    O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    Reply With Quote Reply With Quote
  7. 12-24-2006, 04:55 PM #7
    jholland1964's Avatar
    jholland1964
    jholland1964 is offline Administrator
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    80
    Posts
    4,079
    How about the AVG Anti-spy log? Know what you mean by madhouse! This is the "lull" before the storm here...
    Probably won't be back until the 26th after this so take your time.
    Reply With Quote Reply With Quote
  8. 12-25-2006, 09:30 AM #8
    Jay
    Jay is offline Junior Member
    Join Date
    Dec 2006
    Posts
    8
    Not sure on how to post the AVG results but here I go.
    G Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 9:26:28 AM 12/25/2006

    + Scan result:



    C:\System Volume Information\_restore{644B11F1-DD7F-489C-8F2C-04FFEE0095A0}\RP67\A0041174.dll -> Adware.MediaBack : No action taken.
    C:\System Volume Information\_restore{644B11F1-DD7F-489C-8F2C-04FFEE0095A0}\RP67\A0041175.exe -> Adware.VB : No action taken.
    C:\Documents and Settings\MY COMPUTER\Cookies\my_computer@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
    C:\System Volume Information\_restore{644B11F1-DD7F-489C-8F2C-04FFEE0095A0}\RP67\A0041176.dll -> Trojan.Crypt.t : No action taken.
    C:\System Volume Information\_restore{644B11F1-DD7F-489C-8F2C-04FFEE0095A0}\RP67\A0041177.dll -> Trojan.Crypt.t : No action taken.
    C:\System Volume Information\_restore{644B11F1-DD7F-489C-8F2C-04FFEE0095A0}\RP67\A0041178.dll -> Trojan.Crypt.t : No action taken.
    C:\System Volume Information\_restore{644B11F1-DD7F-489C-8F2C-04FFEE0095A0}\RP67\A0041179.dll -> Trojan.Crypt.t : No action taken.
    C:\System Volume Information\_restore{644B11F1-DD7F-489C-8F2C-04FFEE0095A0}\RP67\A0041180.exe -> Trojan.Crypt.t : No action taken.
    C:\System Volume Information\_restore{644B11F1-DD7F-489C-8F2C-04FFEE0095A0}\RP67\A0041173.exe -> Trojan.Small : No action taken.


    ::Report end
    Reply With Quote Reply With Quote
  9. 12-25-2006, 04:43 PM #9
    jholland1964's Avatar
    jholland1964
    jholland1964 is offline Administrator
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    80
    Posts
    4,079
    Clear your System Restore and run the AVG again.
    Reply With Quote Reply With Quote
  10. 12-25-2006, 06:33 PM #10
    Jay
    Jay is offline Junior Member
    Join Date
    Dec 2006
    Posts
    8
    The link for clearing the system restore isn't working, comes up unavailable. What do I do next? Not familiar how to do it. Sorry.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules