Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer Slowness

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer Slowness

Unread postby loadmaster43 » May 18th, 2008, 10:44 am

Quite a while back I thought I had a problem with malware/spyware that seemed to be creating havoc with my PC. A staff member? helped me "fix" whatever was ailing the PC. All seemed well until recently, when it seems that I started noticing what I call "little hiccups." Things like unwanted or solicited spam messages, error messages with "No disc in drive" do you want to continue, etc. and the like. Can anyone lend some assistance. I may not have any problems, but I would like to be sure. I am still not very literate in "talking" PC language, so please be patient in helping me.
loadmaster43
Regular Member
 
Posts: 25
Joined: December 29th, 2007, 5:21 pm
Advertisement
Register to Remove

Re: Computer Slowness

Unread postby Elrond » May 29th, 2008, 2:41 pm

Hello , welcome to the forum.

Sorry about the delay in responding but we are being swamped with logs. :(

If you still need help, please download HJTInstall.exe from here and save it to your desktop
  • Double click on the HJTInstall.exe icon on your desktop
  • Click I Accept
  • HijackThis will open
  • Click on the Do a system scan and save a log file button.
  • It will scan and then the log will open in notepad.
  • Paste the log as a reply to this thread.
  • Don't use the Analyse This button - its findings are dangerous if misinterpreted.
Do NOT have HijackThis fix anything yet.

It would also help if you can give some details about your problem.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Computer Slowness

Unread postby loadmaster43 » May 30th, 2008, 9:05 pm

Hello,

Here is the log you requested. I hope I have performed the step correctly. Please exuse my delay as I had to replace my CPU since I first made the post. Specifically when I try and run Nikon VIew NX, my daughters thumb drive, or any other "Third Party" applications like the Nikon software I get the error message "no disk in drive, do you wish to continue, cancel or try again." It also gives a letter/number sequence. I either have to continually press either one of those buttons to remove the message. I hope this helps?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:53:01 PM, on 5/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\Program Files\McAfee\MBK\MBackMonitor.exe
H:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
H:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
h:\program files\common files\mcafee\mna\mcnasvc.exe
H:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
H:\PROGRA~1\McAfee\MSC\mcpromgr.exe
h:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
h:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
H:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
H:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
H:\Program Files\McAfee\MPF\MPFSrv.exe
H:\PROGRA~1\McAfee\MPS\mps.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\PSIService.exe
H:\Program Files\SiteAdvisor\6261\SAService.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
h:\PROGRA~1\mcafee.com\agent\mcagent.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
H:\Program Files\SiteAdvisor\6261\SiteAdv.exe
H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
H:\Program Files\Greetings Workshop\GWREMIND.EXE
H:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
H:\Program Files\McAfee\MPS\mpsevh.exe
H:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
H:\Program Files\palmOne\Hotsync.exe
H:\Program Files\internet explorer\iexplore.exe
H:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msnbc.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - H:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - H:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - H:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - H:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - h:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: COMCASTTOOLBAR - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - H:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - H:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SBAutoUpdate] "H:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "H:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McAfee Backup] H:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] H:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] H:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Greetings Workshop Reminders.lnk = H:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: Nikon Monitor.lnk = H:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = H:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = H:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://H:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - H:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - H:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - H:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - H:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBackMonitor - McAfee - H:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - H:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - H:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - H:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - h:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - H:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - H:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - h:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - h:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - H:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - H:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - H:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - H:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - H:\WINDOWS\system32\PSIService.exe
O23 - Service: SiteAdvisor Service - Unknown owner - H:\Program Files\SiteAdvisor\6261\SAService.exe
O24 - Desktop Component 0: (no name) - http://www-pao.ksc.nasa.gov/kscpao/imag ... 2750-t.jpg

--
End of file - 10153 bytes
loadmaster43
Regular Member
 
Posts: 25
Joined: December 29th, 2007, 5:21 pm

Re: Computer Slowness

Unread postby Elrond » May 31st, 2008, 3:19 pm

I'm Elrond and I'll be glad to help you with your computer problems.

As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.

Please only use this topic for your replies on this problem. Do not start another thread.
Please note that the fixes we will use are specific to your problems on this computer and should only be used for this problem on this computer.
These things need to be properly researched and a complete fix for many malware problems can take some time and be spread over a number of posts, so please be patient and try to see it through to the end.

Before we start: Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.
If you can do these things, everything should go smoothly.
  • Please note that you should have Administrator rights to perform the fixes. (XP accounts are Administrator by default) Also note that multiple identity PC’s (family PC’s) present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.



Please note that I will be off line for about 26 hours (sundown Friday until nightfall Saturday my local time) every week.


Ok that was the genral stuff that I always give before I start helping somebody who needs help.


I do not see anything really bad in the the HijackThis log. There are a few things that should be fixed but it is all in the housekeeping department. We will look a bit deeper to be sure that there is nothing hiding. This could well be a problem outside my expertise. If that is the case I will give you the addresses of a few good forums that specialize in non malware problems. Now to work.


Open "HijackThis". Click on "Open Misc.Tool Section".
Use the scroll bar on the right and scroll down to "Open Uninstall Manager". Click it.
On the right you will find "Save List". Click it.
The log that you just saved will appear.
Use "Copy" and "Paste" to add it to your next post.


Next download Deckard's System Scanner (DSS)
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply

Once complete, please post both DSS logs, you won't need to produce a new HijackThis log as DSS produces one for you.


Post the Uninstall Manager Log and the DSS logs in this thread. If there is anything that you are not sure of please stop and ask me. It is so much easier to explain something once again than to try to repair something that has gone wrong.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Computer Slowness

Unread postby loadmaster43 » May 31st, 2008, 9:54 pm

123 CopyDVD Gold
123Movies2IPOD
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
Adobe Acrobat 4.0
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
AMD Dual-Core Optimizer
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
Avery LabelPro 3.0
AviSynth 2.5
Capture NX
Comcast Toolbar
Cribbage Quest
DesignPro 5.0 Limited Edition
Direct Show Ogg Vorbis Filter (remove only)
Documents To Go
eBook Studio
ESET Online Scanner
FA Multiplication Division
Galapago
GdiplusUpgrade
Greetings Workshop
Handmark® Scrabble® for Palm OS
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Customer Participation Program 9.0
HP Image Zone 4.2
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPSSupply
InterActual Player
InterVideo WinDVD
iTunes
Java DB 10.2.2.0
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Development Kit 6 Update 3
Jewel Quest 2
Jewel Quest Solitaire
Jewel Quest Solitaire 2
JumpStart 3rd Grade 2001
JumpStart 4th Grade 2001
Learn2 Player (Uninstall Only)
Mahjong Quest 2
McAfee SecurityCenter
McAfee SiteAdvisor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MobiPocket Reader
MobiPocket Reader PC
Mozilla Firefox (2.0.0.14)
MSDict
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero 7 Essentials
Nikon Message Center
Nikon Transfer
overland
Palm
PalmSource Package Installer 1.5
Picture Control Utility
Pocket Quicken 2.0 for Palm OS
Pocket Quicken 2.5 for Palm OS
Quicken 2005
QuickTime
RealPlayer
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
RedStorm2
Rhapsody
Rhapsody Player Engine
Risk
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB947801)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Soltek Hardware Monitor
SpywareBlaster 4.0
Ultimate Dominoes
Update for Office 2007 (KB946691)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB943729)
ViewNX
Weather Services
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Safety Scanner
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Word Wizard
Zuma Deluxe

Deckard's System Scanner v20071014.68
Run by Frank on 2008-05-31 21:50:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
87: 2008-06-01 01:50:13 UTC - RP154 - Deckard's System Scanner Restore Point
86: 2008-06-01 00:09:41 UTC - RP153 - System Checkpoint
85: 2008-05-30 23:12:20 UTC - RP152 - Software Distribution Service 3.0
84: 2008-05-30 22:17:19 UTC - RP151 - System Checkpoint
83: 2008-05-26 22:54:38 UTC - RP150 - Installed RedStorm2


-- First Restore Point --
1: 2008-03-19 16:02:45 UTC - RP68 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Frank.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:25 PM, on 5/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\Program Files\McAfee\MBK\MBackMonitor.exe
H:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
H:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
h:\program files\common files\mcafee\mna\mcnasvc.exe
H:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
H:\PROGRA~1\McAfee\MSC\mcpromgr.exe
h:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
h:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
H:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
H:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
H:\Program Files\McAfee\MPF\MPFSrv.exe
H:\PROGRA~1\McAfee\MPS\mps.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\PSIService.exe
H:\Program Files\SiteAdvisor\6261\SAService.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\McAfee\MPS\mpsevh.exe
h:\PROGRA~1\mcafee.com\agent\mcagent.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
H:\Program Files\SiteAdvisor\6261\SiteAdv.exe
H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
H:\Program Files\palmOne\Hotsync.exe
H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
H:\Program Files\Greetings Workshop\GWREMIND.EXE
H:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
H:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
H:\Program Files\internet explorer\iexplore.exe
H:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
H:\Documents and Settings\Frank\Local Settings\Temporary Internet Files\Content.IE5\4NGJT1GI\dss[1].exe
H:\PROGRA~1\TRENDM~1\HIJACK~1\Frank.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msnbc.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - H:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - H:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - H:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - H:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - h:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: COMCASTTOOLBAR - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - H:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - H:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SBAutoUpdate] "H:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "H:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McAfee Backup] H:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] H:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] H:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Greetings Workshop Reminders.lnk = H:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: Nikon Monitor.lnk = H:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = H:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = H:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://H:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - H:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - H:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - H:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - H:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBackMonitor - McAfee - H:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - H:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - H:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - H:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - h:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - H:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - H:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - h:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - h:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - H:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - H:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - H:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - H:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - H:\WINDOWS\system32\PSIService.exe
O23 - Service: SiteAdvisor Service - Unknown owner - H:\Program Files\SiteAdvisor\6261\SAService.exe
O24 - Desktop Component 0: (no name) - http://www-pao.ksc.nasa.gov/kscpao/imag ... 2750-t.jpg

--
End of file - 10049 bytes

-- HijackThis Fixed Entries (H:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080115-213024-438 O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] H:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MCSTRM - h:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>

S3 TMPassthruMP - h:\windows\system32\drivers\tmpassthru.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - h:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "h:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 ProtexisLicensing - h:\windows\system32\psiservice.exe <Not Verified; ; PSIService>

S3 NMIndexingService - "h:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_105A&DEV_3574&SUBSYS_3574105A&REV_02\3&2411E6FE&0&38
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_105A&DEV_3574&SUBSYS_3574105A&REV_02\3&2411E6FE&0&38
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_31491106&REV_80\3&2411E6FE&0&78
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_31491106&REV_80\3&2411E6FE&0&78
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-05-31 11:47:03 284 --a------ H:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-05-26 01:00:17 358 --a------ H:\WINDOWS\Tasks\McQcTask.job
2008-05-15 01:00:03 350 --a------ H:\WINDOWS\Tasks\McDefragTask.job


-- Files created between 2008-04-30 and 2008-05-31 -----------------------------

2008-05-26 18:54:38 0 d-------- H:\Program Files\RedStorm2
2008-05-17 07:24:40 268 -r-h----- H:\Documents and Settings\Frank\Application Data\Chiller
2008-05-17 07:24:40 0 d-------- H:\Documents and Settings\All Users\Application Data\Repeat Routines
2008-05-17 07:24:40 20 ---h----- H:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
2008-05-17 07:24:40 268 -r-h----- H:\Documents and Settings\All Users\Application Data\Clean Electric Guitar
2008-05-17 07:23:55 0 d-------- H:\Documents and Settings\All Users\Application Data\Nikon
2008-05-17 07:23:31 268 -r-h----- H:\Documents and Settings\Frank\Application Data\Carbon
2008-05-17 07:23:31 0 d-------- H:\Documents and Settings\All Users\Application Data\Podcasting
2008-05-17 07:23:31 20 ---h----- H:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2008-05-17 07:23:31 268 -r-h----- H:\Documents and Settings\All Users\Application Data\Classic Thick
2008-05-16 21:53:37 268 -r-h----- H:\Documents and Settings\Frank\Application Data\Guides
2008-05-16 21:53:37 0 d-------- H:\Documents and Settings\All Users\Application Data\Helper Scripts
2008-05-16 21:53:37 268 -r-h----- H:\Documents and Settings\All Users\Application Data\Halftone
2008-05-16 21:49:22 0 d-------- H:\Program Files\Nikon
2008-05-16 21:48:12 0 d-------- H:\Documents and Settings\All Users\Application Data\Ultima_T15
2008-05-16 21:48:12 20 ---h----- H:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
2008-05-16 21:48:12 0 d-------- H:\Documents and Settings\All Users\Application Data\EnterNHelp
2008-05-16 21:46:46 0 d-------- H:\Program Files\Common Files\Nikon


-- Find3M Report ---------------------------------------------------------------

2008-05-31 21:44:05 0 d-------- H:\Documents and Settings\Frank\Application Data\ComcastToolbar
2008-05-31 20:20:22 0 d-------- H:\Program Files\SpywareBlaster
2008-05-31 19:55:21 0 d-------- H:\Program Files\Greetings Workshop
2008-05-31 18:39:22 0 d-------- H:\Program Files\palmOne
2008-05-26 21:05:10 98304 -----n--- H:\WINDOWS\system32\a_jumtmp.dll
2008-05-26 18:49:23 0 d-------- H:\Program Files\AMD
2008-05-26 18:48:19 0 d-------- H:\Program Files\SoltekHM
2008-05-26 15:02:54 0 d-------- H:\Program Files\SiteAdvisor
2008-05-25 16:20:16 0 d-------- H:\Program Files\Microsoft Silverlight
2008-05-18 11:51:54 0 d-------- H:\Documents and Settings\Frank\Application Data\SiteAdvisor
2008-05-17 20:53:53 0 d-------- H:\Documents and Settings\Frank\Application Data\Nikon
2008-05-17 14:53:46 23 --a----c- H:\WINDOWS\popcinfo.dat
2008-05-16 21:49:38 0 d--h----- H:\Program Files\InstallShield Installation Information
2008-05-16 21:46:46 0 d-------- H:\Program Files\Common Files
2008-05-08 20:05:33 0 d-------- H:\Documents and Settings\Frank\Application Data\U3
2008-04-24 21:37:56 0 d-------- H:\Program Files\Safari
2008-04-24 21:37:12 0 d-------- H:\Program Files\Apple Software Update
2008-04-22 16:58:00 0 d-------- H:\Program Files\Knowledge Adventure
2008-04-21 16:38:25 0 d-------- H:\Program Files\McAfee
2008-04-20 22:29:29 0 d-------- H:\Program Files\Chill
2008-04-12 13:47:29 0 d-------- H:\Program Files\sz8021
2008-04-12 12:41:28 0 d-------- H:\Documents and Settings\Frank\Application Data\School Zone Preferences
2008-04-12 09:13:39 0 d-------- H:\Documents and Settings\Frank\Application Data\McAfee
2008-04-05 12:13:36 0 d-------- H:\Documents and Settings\Frank\Application Data\Move Networks
2008-04-04 05:13:08 0 d-------- H:\Documents and Settings\Frank\Application Data\HPAppData
2008-04-03 20:15:28 0 d-------- H:\Program Files\iTunes
2008-04-03 20:15:15 0 d-------- H:\Program Files\iPod
2008-04-03 20:13:56 0 d-------- H:\Program Files\QuickTime
2008-03-29 17:30:12 147996 --a----c- H:\WINDOWS\hpoins21.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
03/02/2007 04:52 PM 1298024 -ra------ H:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
03/02/2007 04:52 PM 177768 -ra------ H:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [07/01/2004 06:23 AM H:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"SBAutoUpdate"="H:\Program Files\SpywareBlaster\sbautoupdate.exe" [02/28/2008 10:58 PM]
"SiteAdvisor"="H:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [12/04/2007 05:03 PM]
"HP Software Update"="H:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 09:34 PM]
"iTunesHelper"="H:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"McAfee Backup"="H:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [01/16/2007 01:59 PM]
"MBkLogOnHook"="H:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 11:22 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="H:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"WMPNSCFG"="H:\Program Files\Windows Media Player\WMPNSCFG.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=H:\Program Files\Picasa2\PicasaMediaDetector.exe

H:\Documents and Settings\Frank\Start Menu\Programs\Startup\
Greetings Workshop Reminders.lnk - H:\Program Files\Greetings Workshop\GWREMIND.EXE [9/4/1997]
Nikon Monitor.lnk - H:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [6/14/2007 7:39:18 PM]

H:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DataViz Inc Messenger.lnk - H:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [8/4/2005 9:43:13 PM]
HOTSYNCSHORTCUTNAME.lnk - H:\Program Files\palmOne\Hotsync.exe [6/9/2004 3:27:34 PM]
HP Digital Imaging Monitor.lnk - H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3/11/2007 9:26:24 PM]
HP Image Zone Fast Start.lnk - H:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [5/28/2004 11:06:36 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"H:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc




-- End of Deckard's System Scanner: finished at 2008-05-31 21:52:30 ------------

I trust that I performed this correctly?
loadmaster43
Regular Member
 
Posts: 25
Joined: December 29th, 2007, 5:21 pm

Re: Computer Slowness

Unread postby Elrond » June 1st, 2008, 4:17 pm

It is fine as far as it goes.
I do need to see the Extra.txt
To get the Extra log
  • Click Start > Run type "%userprofile%\desktop\dss.exe" /config click OK
  • This will bring up a pop up box.
    • Uncheck Main log.
    • Check Extra log
      • check the 5 boxes beneath it.
  • Hit the Scan button.
  • When the scan finishes the Extra.txt file will be minimised in Taskbar at the bottom of your screen.
  • Post it back here please.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application. (If using Windows Vista, be sure to "Run As Administrator")
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:

    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:

    • Make sure the "Perform Quick Acan" option is selected.
    • Then click on the Scan button.
  • The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Kaspersky Online Scan
With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
Please do an online scan with >Kaspersky Online Scanner<. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    o Scan using the following Anti-Virus database:
    + Extended (If available otherwise Standard)
    o Scan Options:
    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run.
  • Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As... button (see red arrow below)

    Image
  • In the Save as... prompt, select Desktop
  • In the File name box, name the file KasScan-ddmmyy (or similar)
  • In the Save as type prompt, select Text file (see below)

    Image
  • Copy and paste the report in your next post.
Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.


Run a new HijackThis scan and post it together with the Extra.txt from DSS, the log from MalwareBytes AntiMalware, and the log from the Kaspersky scan.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Computer Slowness

Unread postby loadmaster43 » June 1st, 2008, 6:28 pm

I tried to perform the task you posted to get the Extra Log, but windows cannot find it. What do I do now?
loadmaster43
Regular Member
 
Posts: 25
Joined: December 29th, 2007, 5:21 pm

Re: Computer Slowness

Unread postby Elrond » June 1st, 2008, 11:16 pm

Run the other two scans and give me those logs.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Computer Slowness

Unread postby loadmaster43 » June 2nd, 2008, 6:53 pm

KASPERSKY ONLINE SCANNER REPORT
Monday, June 02, 2008 6:48:15 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/06/2008
Kaspersky Anti-Virus database records: 821972
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 89654
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:09:47

Infected Object Name / Virus Name / Last Action
H:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
H:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
H:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
H:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{88D979AD-93E6-45B6-AE14-651A76C606FD}.log Object is locked skipped
H:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
H:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped
H:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
H:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0c9b62efabcd0ee08653e1685a3ec267_f812265b-1f78-450e-be85-466f92d53e75 Object is locked skipped
H:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\146e9db4848f7bf2647742719bef62c6_f812265b-1f78-450e-be85-466f92d53e75 Object is locked skipped
H:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\49048d33f3c97c667f6a2f0cfdf4aed2_f812265b-1f78-450e-be85-466f92d53e75 Object is locked skipped
H:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\acd65a76c288853e32b850044997c352_f812265b-1f78-450e-be85-466f92d53e75 Object is locked skipped
H:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cf99ee62cb43b40afb6efc60dab002fb_f812265b-1f78-450e-be85-466f92d53e75 Object is locked skipped
H:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dca4af19d4b7f59386ad5189621a060f_f812265b-1f78-450e-be85-466f92d53e75 Object is locked skipped
H:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e446fbf4af7b28e961ba7ee0faf2870e_f812265b-1f78-450e-be85-466f92d53e75 Object is locked skipped
H:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e7534616be2d712e43cddd03720484da_f812265b-1f78-450e-be85-466f92d53e75 Object is locked skipped
H:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\edc2b586b857d424d853018b19f40273_f812265b-1f78-450e-be85-466f92d53e75 Object is locked skipped
H:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f20395e7deb1980d18563bcd187ad62f_f812265b-1f78-450e-be85-466f92d53e75 Object is locked skipped
H:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
H:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
H:\Documents and Settings\Frank\Application Data\Intuit\Quicken\Log\qw.log Object is locked skipped
H:\Documents and Settings\Frank\Application Data\McAfee\MBK\ARBUSFILE.GDB Object is locked skipped
H:\Documents and Settings\Frank\Cookies\index.dat Object is locked skipped
H:\Documents and Settings\Frank\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.4a72a1de.ini.inuse Object is locked skipped
H:\Documents and Settings\Frank\Local Settings\Application Data\ApplicationHistory\McAfeeDataBackup.exe.1139f707.ini.inuse Object is locked skipped
H:\Documents and Settings\Frank\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
H:\Documents and Settings\Frank\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
H:\Documents and Settings\Frank\Local Settings\History\History.IE5\index.dat Object is locked skipped
H:\Documents and Settings\Frank\Local Settings\History\History.IE5\MSHist012008060220080603\index.dat Object is locked skipped
H:\Documents and Settings\Frank\Local Settings\Temp\fb_3588.lck Object is locked skipped
H:\Documents and Settings\Frank\Local Settings\Temp\~DF356D.tmp Object is locked skipped
H:\Documents and Settings\Frank\Local Settings\Temp\~DFCC19.tmp Object is locked skipped
H:\Documents and Settings\Frank\Local Settings\Temp\~DFDC8.tmp Object is locked skipped
H:\Documents and Settings\Frank\Local Settings\Temp\~DFE5B2.tmp Object is locked skipped
H:\Documents and Settings\Frank\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
H:\Documents and Settings\Frank\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
H:\Documents and Settings\Frank\NTUSER.DAT Object is locked skipped
H:\Documents and Settings\Frank\ntuser.dat.LOG Object is locked skipped
H:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
H:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
H:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
H:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
H:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
H:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
H:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
H:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
H:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
H:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\_restore{7FC0E9F5-0328-404C-9936-9861122FAE13}\RP155\change.log Object is locked skipped
H:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
H:\WINDOWS\SchedLgU.Txt Object is locked skipped
H:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
H:\WINDOWS\Sti_Trace.log Object is locked skipped
H:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
H:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
H:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
H:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
H:\WINDOWS\system32\config\default Object is locked skipped
H:\WINDOWS\system32\config\default.LOG Object is locked skipped
H:\WINDOWS\system32\config\Internet.evt Object is locked skipped
H:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
H:\WINDOWS\system32\config\OSession.evt Object is locked skipped
H:\WINDOWS\system32\config\SAM Object is locked skipped
H:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
H:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
H:\WINDOWS\system32\config\SECURITY Object is locked skipped
H:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
H:\WINDOWS\system32\config\software Object is locked skipped
H:\WINDOWS\system32\config\software.LOG Object is locked skipped
H:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
H:\WINDOWS\system32\config\system Object is locked skipped
H:\WINDOWS\system32\config\system.LOG Object is locked skipped
H:\WINDOWS\system32\h323log.txt Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
H:\WINDOWS\Temp\mcafee_m7MXkrJkfT4uFvk Object is locked skipped
H:\WINDOWS\Temp\mcafee_msRMBOSCvCHRAOr Object is locked skipped
H:\WINDOWS\Temp\mcmsc_ISVjTg08Gpv7waG Object is locked skipped
H:\WINDOWS\Temp\mcmsc_Jg5zgzUfUweT8Iz Object is locked skipped
H:\WINDOWS\Temp\mcmsc_jyd5cHP1aZDNM3c Object is locked skipped
H:\WINDOWS\Temp\mcmsc_sxkJgGlYzr7q1Uy Object is locked skipped
H:\WINDOWS\wiadebug.log Object is locked skipped
H:\WINDOWS\wiaservc.log Object is locked skipped
H:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Malwarebytes' Anti-Malware 1.14
Database version: 815

4:35:45 PM 6/2/2008
mbam-log-6-2-2008 (16-35-45).txt

Scan type: Quick Scan
Objects scanned: 43008
Time elapsed: 11 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:40 PM, on 6/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\Program Files\McAfee\MBK\MBackMonitor.exe
H:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
H:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
h:\program files\common files\mcafee\mna\mcnasvc.exe
H:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
H:\PROGRA~1\McAfee\MSC\mcpromgr.exe
h:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
h:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
H:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
H:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
H:\Program Files\McAfee\MPF\MPFSrv.exe
H:\PROGRA~1\McAfee\MPS\mps.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\PSIService.exe
H:\Program Files\SiteAdvisor\6261\SAService.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\McAfee\MPS\mpsevh.exe
h:\PROGRA~1\mcafee.com\agent\mcagent.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
H:\Program Files\SiteAdvisor\6261\SiteAdv.exe
H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
H:\Program Files\palmOne\Hotsync.exe
H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
H:\Program Files\Greetings Workshop\GWREMIND.EXE
H:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
H:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
H:\Program Files\internet explorer\iexplore.exe
H:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msnbc.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - H:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - H:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - H:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - H:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - h:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: COMCASTTOOLBAR - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - H:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - H:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SBAutoUpdate] "H:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "H:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McAfee Backup] H:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] H:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] H:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Greetings Workshop Reminders.lnk = H:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: Nikon Monitor.lnk = H:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = H:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = H:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://H:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - H:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - H:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - H:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - H:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBackMonitor - McAfee - H:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - H:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - H:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - H:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - h:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - H:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - H:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - h:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - h:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - H:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - H:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - H:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - H:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - H:\WINDOWS\system32\PSIService.exe
O23 - Service: SiteAdvisor Service - Unknown owner - H:\Program Files\SiteAdvisor\6261\SAService.exe
O24 - Desktop Component 0: (no name) - http://www-pao.ksc.nasa.gov/kscpao/imag ... 2750-t.jpg

--
End of file - 10104 bytes

Hope this helps.
loadmaster43
Regular Member
 
Posts: 25
Joined: December 29th, 2007, 5:21 pm

Re: Computer Slowness

Unread postby Elrond » June 3rd, 2008, 8:50 am

Good news there seems to be no malware present on your computer.

Now to do the houskeeping:

Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 6.
  • Go to http://java.sun.com/javase/downloads/index.jsp
  • Go to Java Runtime Environment (JRE) 6 Update 6 and click on Download button.
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u6-windows-i586-p.exe" and save the downloaded file to your desktop.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) SE Development Kit 6 Update 3
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer



Next open HijackThis and click "Do a System Scan Only" or "Scan". Put a check mark by the items that are listed below if they still exist.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O15 - Trusted Zone: http://*.mcafee.com

Close all open windows except HijackThis and then click the "Fix checked" button.

One question for you: Did you purposly add this file as your Desktop background? http://www-pao.ksc.nasa.gov/kscpao/imag ... 2750-t.jpg . It is from Nasa.

Please answer that question and run another HijackThis scan just to be sure that everything is OK.
I will then give you some sugestions for forums that can help you with your non Malware related problems as well as some godd advise with regard to keeping your computer clean in the future.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Computer Slowness

Unread postby loadmaster43 » June 3rd, 2008, 5:38 pm

I must have added the file you mentioned because I did have the picture as a background at one point. I would be willing to delete it if you think it appropriate. I no longer use that picture. Here is the latest log after performing the tasks you assigned.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:31:28 PM, on 6/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\Program Files\McAfee\MBK\MBackMonitor.exe
H:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
H:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
h:\program files\common files\mcafee\mna\mcnasvc.exe
H:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
H:\PROGRA~1\McAfee\MSC\mcpromgr.exe
h:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
h:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
H:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
H:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
H:\Program Files\McAfee\MPF\MPFSrv.exe
H:\PROGRA~1\McAfee\MPS\mps.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\PSIService.exe
H:\Program Files\SiteAdvisor\6261\SAService.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
h:\PROGRA~1\mcafee.com\agent\mcagent.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\SiteAdvisor\6261\SiteAdv.exe
H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
H:\Program Files\palmOne\Hotsync.exe
H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
H:\Program Files\Greetings Workshop\GWREMIND.EXE
H:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
H:\Program Files\McAfee\MPS\mpsevh.exe
H:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msnbc.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - H:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - H:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - H:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - H:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - h:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: COMCASTTOOLBAR - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - H:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - H:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SBAutoUpdate] "H:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "H:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McAfee Backup] H:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] H:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] H:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Greetings Workshop Reminders.lnk = H:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: Nikon Monitor.lnk = H:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = H:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = H:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://H:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - H:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - H:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - H:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - H:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBackMonitor - McAfee - H:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - H:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - H:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - H:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - h:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - H:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - H:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - h:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - h:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - H:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - H:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - H:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - H:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - H:\WINDOWS\system32\PSIService.exe
O23 - Service: SiteAdvisor Service - Unknown owner - H:\Program Files\SiteAdvisor\6261\SAService.exe
O24 - Desktop Component 0: (no name) - http://www-pao.ksc.nasa.gov/kscpao/imag ... 2750-t.jpg

--

End of file - 9678 bytes
loadmaster43
Regular Member
 
Posts: 25
Joined: December 29th, 2007, 5:21 pm

Re: Computer Slowness

Unread postby Elrond » June 4th, 2008, 3:54 am

:cheers: Your computer seem clean from malware.

First to get rid of that file:
This can be a bit confusing but if you follow the instructions exactly there should be no problem.
Go to start > control panel > Display (Display properties) > Desktop > Customize Desktop... > Web tab
Uncheck and delete everything you find in there. (except for "My current home page")


I am not an expert at non malware problems. I would suggest that you go to one of the forums below that specialize in more general computer problems. They have people that know more about your type of problem because it does not seem to be a malware problem.

Give a link to this thread for reference to helper that helps you.
http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=30818

Good Hardware and Software Help Forums
Computer Trouble here: http://forum.computertrouble.co.uk/index.php
or
TechSupportGuy here : http://forums.techguy.org/21-windows-nt-2000-xp/
or
VirtualDr here: http://discussions.virtualdr.com/forumdisplay.php?f=48
or
PCPitStop here : http://forums.pcpitstop.com/index.php?showforum=3
or
Computer Cops here:http://www.castlecops.com/ Registration on right edge close to top under login.

All may require you to register free before posting for help.


Please download OTCleanIt from http://download.bleepingcomputer.com/ol ... leanIt.exe
Click the OTCleanIt icon and then click the CleanUp button.
If you get any pop ups asking if it is OK let the program proceed. At the end the program will ask to let it reboot the computer. Let it do so.
Let me know if there were any problems with OT CleanIt


Your computer now seems to be clean. Therefore please

  1. Clean out Temporary Files etc.
    This program is for Vista, XP and Windows 2000 only
    Please download ATF Cleaner by Atribune.
    1. Double-click ATF-Cleaner.exe to run the program.
    2. Under Main choose: Select All. Then remove the check mark for cookies
    3. Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
    • Remove the check mark for Cookies
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt if asked .
    If you use Opera browser
    • Click Opera at the top and
    • choose: Select All.
    • Remove the check mark for Cookies
    • Click the Empty Selected button.
    It is a good idea to do this every few weeks as a lot of junk collects there over time.

  2. Set correct settings for files that should be hidden in Windows XP
    • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
    • If unchecked please checkHide protected operating system files (Recommended)
    • If necessary check "Display content of system folders"
    • If necessary Uncheck Hide file extensions for known file types.
    • Click OK

  3. Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program. If you want to help the developer of the program and get more information about what the programs that you see in Winpatrol please check out Winpatrol Plus. It does not need a new download.

  4. If you are using Internet Explorer v. 7 please read and follow the recommendations at this site. http://surfthenetsafely.com/ieseczone8.htm

  5. Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

  6. Update your Anti Virus Software - It is imperative that you update your Anti virus software at least a few times a week (Once a day is a good idea). If you do not update your anti virus software it will not be able to catch new variants that come out.

  7. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. Windows Firewall is not recommended.
    Be restrictive with granting access to the Internet. If you are unsure if the program really needs the access, test it by denying the access and see if this has any negative effects. If not, make the block permanent.

  8. Never run two Antivirus programs or two Firewalls at the same time. They can interfere with each other and cause problems.

  9. Visit Microsoft's Windows Update Site Frequently or better yet set computer for automatic updates.

  10. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

  11. Read and follow the suggestions given at this web site by Miekiemoes http://users.telenet.be/bluepatchy/miek ... ntion.html that will give you more information on some of the points above.

  12. Please check out Tony Klein's article "How did I get infected in the first place?"


Follow this list and your potential for being infected again will reduce dramatically.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Computer Slowness

Unread postby loadmaster43 » June 4th, 2008, 8:23 pm

:cheers: I want to thank you for all your help. You have been most kind and helpful. Without knowledgable people such as you, the rest of us would be lost. The tips and suggestions were great. Again thank you.

Frank D.
loadmaster43
Regular Member
 
Posts: 25
Joined: December 29th, 2007, 5:21 pm

Re: Computer Slowness

Unread postby Elrond » June 5th, 2008, 1:07 am

You are welcome. :)

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 501 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware