Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Slow Computer.. thanks in advance!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Slow Computer.. thanks in advance!

Unread postby Paladin_1988 » January 21st, 2008, 1:19 pm

Greetings!

I'm new to the forum and quite impressed by the community here.

|| Background ||
I recently formatted my computer as a result of a virus/malware problem. I have since scanned and restored my backed-up data and brought my PC back up to speed in my data, updates and protection.

|| Current ||
My PC is slow at launching new processes and even new browser windows. Task Manager doesn't show anything suspicious, I scanned with Norton, Ad-Aware and Spy Doctor.. all showed nothing.

I did the recommended steps before posting my HJT log, A Squared did detect (beyond the usual tracking cookies) a "Trojan-Downloader.Win32.Agent.bkw".

So yeah.. heres my HJT Log

|| HJT Logfile ||

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:43:58 AM, on 24-Jan-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\a-squared Free\a2service.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
D:\Program Files\Spyware Doctor\svcntaux.exe
D:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\acer\epm\epm-dm.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MediaSource\Detector\CTDetect.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\a-squared Free\a2free.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"
O4 - HKLM\..\Run: [SDTray] "D:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Creative Detector] "D:\Program Files\MediaSource\Detector\CTDetect.exe" /R
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - D:\PROGRA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - D:\PROGRA~1\FLASHD~1\iebt.dll (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0431177000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0485742375
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE63B60B-82A8-4D01-9FF0-9268881D5D4F}: NameServer = 218.186.1.88,202.156.1.68
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 12117 bytes

Yup yup! Thanks so much pple!
(edit: updated my HJT Logfile to 24th/Jan)
Paladin_1988
Active Member
 
Posts: 13
Joined: January 21st, 2008, 6:49 am
Top
Advertisement
Register to Remove

Re: Slow Computer.. thanks in advance!

Unread postby silver » January 23rd, 2008, 11:17 pm

Hi Paladin_1988,

I can't see much wrong with your HijackThis log, we'll have a closer look and see if we can find anything.

It looks like you have used Autoruns by Sysinternals to disable some autostarting programs. I need to see what these are to verify if they are malware-related or not:
  • Please open Notepad by pressing Start->Run, typing in notepad and pressing OK
  • Then open Autoruns - do not re-enable anything yet!
  • Find the items you have disabled and for each item right-click it, select Copy and paste (CTRL-V) the details into Notepad
  • Then save the Notepad file to your Desktop and post the contents in your next response.



Then download Deckard's System Scanner (DSS)
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply

Once complete, please post the Autoruns information and both DSS logs, you won't need to produce a new HijackThis log as DSS produces one for you.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Top

Re: Slow Computer.. thanks in advance!

Unread postby Paladin_1988 » January 24th, 2008, 7:51 am

Greetings Silver!
Here's the stuff you requested for

|| Autoruns ||
cdoMicrosoft SharePoint Portal Server Object Model (Not verified) Microsoft Corporation c:\program files\common files\microsoft shared\web folders\pkmcdo.dll
0 File not found: About:Home
Web FoldersMicrosoft Web Folders (Not verified) Microsoft Corporation c:\program files\common files\microsoft shared\web folders\msonsext.dll
Symantec Drmc.jobSymantec Shared File (Not verified) Symantec Corporation c:\program files\common files\symantec shared\symdrmc.exe
Uniblue SpeedUpMyPC Nag.jobSpeedUpMyPC (Not verified) Uniblue Software d:\program files\uniblue\speedupmypc 3\speedupmypc.exe
Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys
i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys
lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys
MAPMEM c:\program files\checkit\diagnostics\mapmem.sys
PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys
PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys
PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys
PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys
PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys
WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys
apitrap.dllApitrap (Not verified) Symantec Corporation c:\windows\system32\apitrap.dll

|| DSS Main.txt ||

Deckard's System Scanner v20071014.68
Run by Ben on 2008-01-24 19:24:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-01-24 11:24:50 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Ben.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:52 PM, on 24-Jan-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\acer\epm\epm-dm.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MediaSource\Detector\CTDetect.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
D:\Program Files\a-squared Free\a2service.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
D:\Program Files\Spyware Doctor\svcntaux.exe
D:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Ben\Desktop\dss.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
D:\PROGRA~1\TRENDM~1\HIJACK~1\Ben.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"
O4 - HKLM\..\Run: [SDTray] "D:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Creative Detector] "D:\Program Files\MediaSource\Detector\CTDetect.exe" /R
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - D:\PROGRA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - D:\PROGRA~1\FLASHD~1\iebt.dll (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0431177000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0485742375
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE63B60B-82A8-4D01-9FF0-9268881D5D4F}: NameServer = 218.186.1.88,202.156.1.68
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 12021 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 GBDevice - c:\windows\system32\drivers\gbdevice.sys <Not Verified; Symantec Corporation; Norton GoBack>
R0 GoBack2K - c:\windows\system32\drivers\goback2k.sys <Not Verified; Symantec Corporation; Norton GoBack>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 BCMNTIO - c:\program files\checkit\diagnostics\bcmntio.sys
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 3.0.1.904>
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 3.0.1.904>
R2 EpmPsd (Acer EPM Power Scheme Driver) - c:\windows\system32\drivers\epm-psd.sys <Not Verified; Acer Value Labs, USA; Acer EPM Power Scheme Driver>
R2 EpmShd (Acer EPM System Hardware Driver) - c:\windows\system32\drivers\epm-shd.sys <Not Verified; Acer Value Labs, USA; Acer EPM System Hardware Driver>
R2 GBFSHook - c:\windows\system32\drivers\gbfshook.sys <Not Verified; Symantec Corporation; Norton GoBack>
R2 osaio - c:\windows\system32\drivers\osaio.sys <Not Verified; Avocent/OSA Technologies Inc.; Windows (R) Server 2003 DDK driver>
R2 osanbm - c:\windows\system32\drivers\osanbm.sys <Not Verified; Windows (R) 2000 DDK provider; OSA int15 Driver>
R3 DKbFltr (Dritek HotKey Keyboard Filter Driver) - c:\windows\system32\drivers\dkbfltr.sys <Not Verified; Dritek System Inc.; Dritek Keyboard Filter>
R3 FsHotKey - c:\windows\system32\drivers\fshotkey.sys <Not Verified; Farstone Inc.; fshotkey>

S3 QDFSDRV - c:\windows\system32\drivers\qdfsdrv.sys <Not Verified; Symantec Corporation; Norton CleanSweep>
S3 SDdriver - c:\windows\system32\drivers\sddriver.sys <Not Verified; Symantec Corporation; Norton Speed Disk>
S4 MAPMEM - c:\program files\checkit\diagnostics\mapmem.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 anbmService (Notebook Manager Service) - c:\acer\emanager\anbmserv.exe <Not Verified; OSA Technologies Inc.; Acer eManager for Notebook>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E977-E325-11CE-BFC1-08002BE10318}
Description: Generic CardBus Controller
Device ID: PCI\VEN_104C&DEV_8031&SUBSYS_00661025&REV_00\4&1D3F0FBB&0&08F0
Manufacturer: Microsoft
Name: Texas Instruments PCIxx21/x515 Cardbus Controller
PNP Device ID: PCI\VEN_104C&DEV_8031&SUBSYS_00661025&REV_00\4&1D3F0FBB&0&08F0
Service: pcmcia

Class GUID: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
Description: Texas Instruments OHCI Compliant IEEE 1394 Host Controller
Device ID: PCI\VEN_104C&DEV_8032&SUBSYS_00661025&REV_00\4&1D3F0FBB&0&0AF0
Manufacturer: Texas Instruments
Name: Texas Instruments OHCI Compliant IEEE 1394 Host Controller
PNP Device ID: PCI\VEN_104C&DEV_8032&SUBSYS_00661025&REV_00\4&1D3F0FBB&0&0AF0
Service: ohci1394

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_00661025&REV_04\3&B1BFB68&0&F3
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_00661025&REV_04\3&B1BFB68&0&F3
Service:

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: FarStone CDAWDM2001 SCSI Host Adapter
Device ID: ROOT\FARSTONE\0000
Manufacturer: Far Stone.
Name: FarStone CDAWDM2001 SCSI Host Adapter
PNP Device ID: ROOT\FARSTONE\0000
Service: CDAWDM


-- Scheduled Tasks -------------------------------------------------------------

2008-01-21 18:36:11 266 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-01-21 18:36:11 304 --a------ C:\WINDOWS\Tasks\Symantec Drmc.job
2008-01-20 02:54:24 496 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Ben.job
2008-01-19 07:01:09 388 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2007-12-24 and 2008-01-24 -----------------------------

2008-01-23 21:57:34 0 dr-h----- C:\Documents and Settings\Ben\Recent
2008-01-23 21:49:55 0 d-------- C:\Documents and Settings\Ben\Application Data\vlc
2008-01-23 01:13:28 0 d-------- C:\WINDOWS\system32\Adobe
2008-01-22 23:12:59 0 d-------- C:\Program Files\mIRC
2008-01-22 23:12:59 0 d-------- C:\Documents and Settings\Ben\Application Data\mIRC
2008-01-22 17:55:43 25088 -----n--- C:\WINDOWS\system32\CTSVCCTL.EXE <Not Verified; Creative Technology Ltd; Creative Service Control>
2008-01-22 17:55:43 44032 -----n--- C:\WINDOWS\system32\CTSVCCDA.EXE <Not Verified; Creative Technology Ltd; Creative Service for CDROM Access>
2008-01-22 17:52:29 0 d-------- C:\Program Files\Creative
2008-01-22 17:45:06 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-01-21 13:48:37 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe <Not Verified; Sysinternals - http://www.sysinternals.com; Page File Defragmenter>
2008-01-19 16:45:14 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-19 07:26:31 0 d-------- C:\Program Files\Common Files\DirectX
2008-01-19 07:25:50 0 d-------- C:\Documents and Settings\Ben\Application Data\FarStone
2008-01-19 07:23:45 5501 --a------ C:\WINDOWS\system32\rtclcmg32.dll
2008-01-19 07:20:01 0 d-------- C:\WINDOWS\system32\appmgmt
2008-01-18 02:10:41 0 d-------- C:\Documents and Settings\Ben\Application Data\Apple Computer
2008-01-18 02:08:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-18 02:08:06 0 d-------- C:\Program Files\Apple Software Update
2008-01-18 02:08:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-18 00:54:58 0 d-------- C:\WINDOWS\Sun
2008-01-18 00:54:58 0 d-------- C:\Documents and Settings\Ben\Application Data\Sun
2008-01-18 00:53:56 0 d-------- C:\Program Files\Java
2008-01-18 00:53:03 0 d-------- C:\Program Files\Common Files\Java
2008-01-18 00:41:34 0 d-------- C:\Documents and Settings\Ben\Application Data\Uniblue
2008-01-17 22:40:45 0 d-------- C:\Documents and Settings\Ben\Application Data\WinRAR
2008-01-17 22:30:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-17 22:29:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-17 00:47:33 24496 --a------ C:\Documents and Settings\Ben\Application Data\GDIPFONTCACHEV1.DAT
2008-01-17 00:11:03 0 d-------- C:\Documents and Settings\Ben\Contacts
2008-01-17 00:09:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-17 00:09:14 0 d-------- C:\Program Files\StuffPlug3
2008-01-17 00:06:13 0 d-------- C:\Documents and Settings\Ben\Application Data\Macromedia
2008-01-17 00:06:09 0 d-------- C:\Program Files\Messenger Plus! Live
2008-01-16 23:58:09 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-01-16 23:48:27 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-16 23:48:03 0 d-------- C:\Documents and Settings\Ben\Application Data\PC Tools
2008-01-16 23:27:13 0 d-------- C:\Documents and Settings\Ben\Application Data\Google
2008-01-16 23:27:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-01-16 23:24:30 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-16 23:24:02 0 d-------- C:\Program Files\Windows Live
2008-01-16 23:23:36 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-16 23:23:30 0 d-------- C:\Program Files\Google
2008-01-16 20:25:16 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-16 20:23:43 0 d-------- C:\WINDOWS\ShellNew
2008-01-16 20:18:57 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-16 12:11:19 0 d-------- C:\Program Files\MSXML 6.0
2008-01-16 12:08:22 0 d-------- C:\Program Files\Windows Media Connect 2
2008-01-16 12:06:47 0 d-------- C:\WINDOWS\system32\LogFiles
2008-01-16 12:06:47 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-16 11:41:45 0 d-------- C:\WINDOWS\network diagnostic
2008-01-16 11:35:13 0 d-------- C:\Program Files\MSBuild
2008-01-16 11:31:51 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-01-16 11:31:04 0 d-------- C:\Program Files\Reference Assemblies
2008-01-16 11:14:34 0 d--hs---- C:\WINDOWS\CSC
2008-01-16 10:27:03 0 d-------- C:\WINDOWS\RegisteredPackages
2008-01-16 09:35:03 0 d-------- C:\WINDOWS\system32\URTTemp
2008-01-16 09:18:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-01-16 07:02:15 0 d-------- C:\WINDOWS\system32\PreInstall
2008-01-16 07:02:14 0 d--h----- C:\WINDOWS\$hf_mig$
2008-01-16 05:06:49 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-01-16 05:05:26 0 d--hs---- C:\Documents and Settings\Ben\UserData
2008-01-16 01:15:18 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-01-16 01:13:30 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-01-16 01:13:14 0 d-------- C:\WINDOWS\Prefetch
2008-01-16 01:00:03 0 d-------- C:\WINDOWS\peernet
2008-01-16 01:00:01 0 d-------- C:\WINDOWS\provisioning
2008-01-16 00:55:55 0 d-------- C:\WINDOWS\ServicePackFiles
2008-01-16 00:49:12 0 d-------- C:\WINDOWS\EHome
2008-01-16 00:16:35 0 d-------- C:\Program Files\Norton Internet Security
2008-01-16 00:16:11 0 d-------- C:\Program Files\SymNetDrv
2008-01-15 23:45:58 0 d-------- C:\Program Files\Common Files\Smith Micro Shared
2008-01-15 23:45:56 0 d-------- C:\Program Files\CheckIt
2008-01-15 23:41:49 0 d-------- C:\Program Files\Norton SystemWorks
2008-01-15 23:41:09 0 d-------- C:\Documents and Settings\Ben\Application Data\Symantec
2008-01-15 23:41:01 0 d-------- C:\Program Files\Symantec
2008-01-15 23:40:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-15 23:40:43 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-15 21:28:25 0 d-------- C:\Documents and Settings\Ben\Application Data\AdobeUM
2008-01-15 21:27:27 0 d-------- C:\Documents and Settings\Ben\Application Data\Adobe
2008-01-15 21:27:26 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-15 21:27:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-01-15 21:25:11 0 d-------- C:\WINDOWS\Cache
2008-01-15 21:24:38 0 d-------- C:\Program Files\Acer Inc
2008-01-15 21:24:17 221258 --a------ C:\WINDOWS\system32\Epm-Po.dll <Not Verified; Acer Labs USA; EPM-PO Dynamic Link Library>
2008-01-15 21:24:17 78208 --a------ C:\WINDOWS\system32\drivers\epm-shd.sys <Not Verified; Acer Value Labs, USA; Acer EPM System Hardware Driver>
2008-01-15 21:24:17 4096 --a------ C:\WINDOWS\system32\drivers\epm-psd.sys <Not Verified; Acer Value Labs, USA; Acer EPM Power Scheme Driver>
2008-01-15 21:23:52 0 d-------- C:\Acer
2008-01-15 21:23:43 0 d-------- C:\WINDOWS\Downloaded Installations
2008-01-15 21:23:20 0 d-------- C:\Program Files\Launch Manager
2008-01-15 21:22:44 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-01-15 21:22:32 0 d-------- C:\Program Files\WIDCOMM
2008-01-15 21:21:54 0 d-------- C:\WINDOWS\tiinst
2008-01-15 21:20:35 1654784 --a------ C:\WINDOWS\system32\W29MLRES.DLL <Not Verified; Intel Corporation; Intel(R) PRO/Wireless 2915ABG Network Connection>
2008-01-15 21:16:20 0 d-------- C:\Program Files\Synaptics
2008-01-15 21:11:57 0 d-------- C:\Program Files\ATI Technologies
2008-01-15 21:01:51 0 d-------- C:\Program Files\Intel
2008-01-15 20:59:22 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-01-15 20:59:16 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-15 20:59:03 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-13 10:50:43 0 d-------- C:\Program Files\Common Files\ODBC
2008-01-13 10:50:39 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-01-13 10:50:38 0 dr------- C:\Program Files
2008-01-13 10:50:38 0 d-------- C:\Program Files\Common Files
2008-01-13 10:50:05 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-01-13 10:50:05 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-01-13 10:50:05 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-01-13 10:50:05 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-01-13 10:50:05 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-01-13 10:50:05 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-01-13 10:50:05 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-01-13 10:50:05 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-01-13 10:50:05 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-01-13 10:50:05 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-01-13 10:50:05 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-01-13 10:50:05 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-01-13 10:50:05 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-01-13 10:50:05 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-01-13 10:50:05 0 dr------- C:\Documents and Settings\All Users\Documents
2008-01-13 10:50:05 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-01-13 10:49:51 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-01-13 10:49:51 0 d-------- C:\WINDOWS\system32\CatRoot
2008-01-13 10:49:46 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-01-13 10:49:46 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-01-13 10:49:45 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-01-13 10:49:45 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-01-13 10:49:26 0 d-------- C:\Documents and Settings
2008-01-13 10:42:41 0 d-------- C:\WINDOWS
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\WinSxS
2008-01-13 10:42:41 0 dr------- C:\WINDOWS\Web
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\twain_32
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\wins
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\wbem
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\usmt
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\spool
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\ShellExt
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\Setup
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\ras
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\oobe
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\npp
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\mui
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\inetsrv
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\IME
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\icsxml
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\ias
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\export
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\drivers
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-01-13 10:42:41 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\dhcp
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\config
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\3076
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\2052
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\1054
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\1042
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\1041
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\1037
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\1033
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\1031
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\1028
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system32\1025
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\system
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\security
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\Resources
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\repair
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\mui
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\msapps
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\msagent
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\Media
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\java
2008-01-13 10:42:41 0 d--h----- C:\WINDOWS\inf
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\ime
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\Help
2008-01-13 10:42:41 0 dr--s---- C:\WINDOWS\Fonts
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\Driver Cache
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\Debug
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\Cursors
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\Connection Wizard
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\Config
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\AppPatch
2008-01-13 10:42:41 0 d-------- C:\WINDOWS\addins
2008-01-13 07:50:34 0 d--hs---- C:\WINDOWS\Installer
2008-01-13 07:50:30 0 d-------- C:\Documents and Settings\Ben\Application Data\Identities
2008-01-13 07:50:19 0 d--h----- C:\Documents and Settings\Ben\Templates
2008-01-13 07:50:19 0 dr------- C:\Documents and Settings\Ben\Start Menu
2008-01-13 07:50:19 0 dr-h----- C:\Documents and Settings\Ben\SendTo
2008-01-13 07:50:19 0 d--h----- C:\Documents and Settings\Ben\PrintHood
2008-01-13 07:50:19 2621440 --a------ C:\Documents and Settings\Ben\NTUSER.DAT
2008-01-13 07:50:19 0 d--h----- C:\Documents and Settings\Ben\NetHood
2008-01-13 07:50:19 0 dr------- C:\Documents and Settings\Ben\My Documents
2008-01-13 07:50:19 0 d--h----- C:\Documents and Settings\Ben\Local Settings
2008-01-13 07:50:19 0 dr------- C:\Documents and Settings\Ben\Favorites
2008-01-13 07:50:19 0 d-------- C:\Documents and Settings\Ben\Desktop
2008-01-13 07:50:19 0 d--hs---- C:\Documents and Settings\Ben\Cookies
2008-01-13 07:50:19 0 dr-h----- C:\Documents and Settings\Ben\Application Data
2008-01-13 07:49:24 0 d--hs---- C:\System Volume Information
2008-01-13 07:49:21 233472 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-01-13 07:49:21 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-01-13 07:49:21 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-01-13 07:49:21 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-01-13 07:49:21 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-01-13 07:49:20 233472 --a------ C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-01-13 07:49:20 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-01-13 07:49:20 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-01-13 07:49:20 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-01-13 07:49:20 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-01-13 07:46:16 0 d-------- C:\WINDOWS\system32\xircom
2008-01-13 07:46:16 0 d-------- C:\Program Files\microsoft frontpage
2008-01-13 07:46:03 233472 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-01-13 07:45:56 0 -rahs---- C:\MSDOS.SYS
2008-01-13 07:45:56 0 -rahs---- C:\IO.SYS
2008-01-13 07:45:56 0 --a------ C:\CONFIG.SYS
2008-01-13 07:45:56 0 --a------ C:\AUTOEXEC.BAT
2008-01-13 07:45:03 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-01-13 07:44:52 0 dr------- C:\WINDOWS\Offline Web Pages
2008-01-13 07:44:52 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-01-13 07:44:26 0 d-------- C:\WINDOWS\srchasst
2008-01-13 07:44:18 0 d-------- C:\WINDOWS\system32\Macromed
2008-01-13 07:44:18 0 d-------- C:\WINDOWS\system32\DirectX
2008-01-13 07:44:01 0 d-------- C:\Program Files\Movie Maker
2008-01-13 07:43:25 0 d-------- C:\WINDOWS\system32\Restore
2008-01-13 07:43:18 0 d-------- C:\WINDOWS\PCHEALTH
2008-01-13 07:43:10 0 d---s---- C:\WINDOWS\Tasks
2008-01-13 07:43:05 0 d-------- C:\Program Files\Common Files\MSSoap
2008-01-13 07:42:34 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-13 07:42:13 0 d-------- C:\WINDOWS\Registration
2008-01-13 07:42:05 0 d--h----- C:\Program Files\WindowsUpdate
2008-01-13 07:42:04 0 d-------- C:\Program Files\Online Services
2008-01-13 07:41:58 0 d-------- C:\Program Files\Messenger
2008-01-13 07:41:45 0 d-------- C:\Program Files\MSN Gaming Zone
2008-01-13 07:41:34 0 d-------- C:\Program Files\Windows NT
2008-01-13 07:41:19 0 d-------- C:\WINDOWS\system32\MsDtc
2008-01-13 07:41:15 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2008-01-13 10:50:05 62 --ahs---- C:\Documents and Settings\Ben\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [03-Aug-04 10:32 PM]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [03-Aug-04 10:32 PM]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [03-Aug-04 10:32 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08-Feb-05 09:05 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [08-Oct-04 02:44 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [08-Oct-04 02:43 PM]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [28-Mar-05 12:20 PM]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [28-Mar-05 06:04 PM]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [24-Mar-05 09:13 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08-Jan-07 05:03 PM]
"QD FastAndSafe"="" []
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [16-Jan-08 01:24 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25-Sep-07 01:11 AM]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [10-Jan-08 03:27 PM]
"vcdplayx"="C:\WINDOWS\vcdplayx.exe" [04-Jan-02 03:47 PM]
"@"="" []
"SDTray"="D:\Program Files\Spyware Doctor\SDTrayApp.exe" [02-Oct-07 04:27 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-Aug-04 12:56 AM]
"Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" [10-Sep-04 10:12 AM]
"Creative Detector"="D:\Program Files\MediaSource\Detector\CTDetect.exe" [02-Dec-04 06:23 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [25-May-04 3:38:42 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13-Feb-01 1:01:04 AM]
Norton GoBack.lnk - C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe [21-Dec-04 10:19:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\AUTORUN.EXE




-- End of Deckard's System Scanner: finished at 2008-01-24 19:27:50 ------------

|| DSS Extra.txt ||

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) M processor 1.73GHz
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 1021.99 MiB / 551.55 MiB
Pagefile Memory (total/avail): 3071.08 MiB / 2485.08 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1904.03 MiB

C: is Fixed (NTFS) - 20 GiB total, 4 GiB free.
D: is Fixed (NTFS) - 54.53 GiB total, 24.76 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - IC25N080ATMR04-0 - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 20 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 54.53 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Security v2005 (Symantec Corporation)
AV: Norton Internet Security v2005 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\\Program Files\\mIRC\\mirc.exe"="D:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ben\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SILVER-ARROW
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ben
LOGONSERVER=\\SILVER-ARROW
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;D:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Ben\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ben\LOCALS~1\Temp
USERDOMAIN=SILVER-ARROW
USERNAME=Ben
USERPROFILE=C:\Documents and Settings\Ben
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Ben (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
a-squared Free 3.1 --> "D:\Program Files\a-squared Free\unins000.exe"
Acer eManager for Notebook --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62}
Acer ePowerManagement --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x9
Acer GridVista --> C:\WINDOWS\UnInst32.exe GridV.UNI
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Advanced GIF Animator 2.22 --> "D:\Program Files\Advanced GIF Animator\unins000.exe"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
CC_ccProxyExt --> MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
ccCommon --> MsiExec.exe /I{D8F6834B-D5E7-4451-8681-B051ABD8561D}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
ccPxyCore --> MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}
CheckIt Diagnostics --> C:\PROGRA~1\CheckIt\DIAGNO~1\UNWISE.EXE C:\PROGRA~1\CheckIt\DIAGNO~1\INSTALL.LOG
Conexant AC-Link Audio --> CIAunwdm.exe
Counter-Strike: Condition Zero --> D:\CONDIT~1\UNWISE.EXE D:\CONDIT~1\INSTALL.LOG
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\setup.exe" -l0x9 /remove
Flash Decompiler --> "D:\Program Files\Flash Decompiler\unins000.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Launch Manager --> C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
mDriver --> MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSRedist --> MsiExec.exe /I{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton CleanSweep --> MsiExec.exe /I{634B01DF-A45B-4623-80E1-E15FF82A4979}
Norton GoBack 4.02 (Symantec Corporation) --> MsiExec.exe /I{1F76ACFA-22FE-49F6-BC05-F4EC835F48CC}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Internet Security 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Norton SystemWorks --> MsiExec.exe /I{9E23C48E-5483-4971-BA50-089F2FABCD66}
Norton SystemWorks 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{71E7B3F5-CFAF-4C1E-B494-528E28707937}.exe /X
Norton Utilities --> MsiExec.exe /I{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}
Norton WMI Update --> MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
NSW_DRM_COLLECTION --> MsiExec.exe /I{900B1884-2D6F-4a70-A3C7-C3F4DA873FDB}
PowerISO --> "D:\Program Files\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
Registry Mechanic 7.0 --> "D:\Program Files\Registry Mechanic\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spyware Doctor 5.1 --> D:\Program Files\Spyware Doctor\unins000.exe /LOG
StuffPlug 3 --> C:\Program Files\StuffPlug3\Uninstall.exe
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{3AE089E4-6EAA-4527-A013-648D8EAAB8D2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8E50332B-772C-4AEA-BF56-94DE6A1D5F10} /l1033
Uniblue RegistryBooster 2 --> "D:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Uniblue SpeedUpMyPC 3 --> "D:\Program Files\Uniblue\SpeedUpMyPC 3\unins000.exe"
VideoLAN VLC media player 0.8.6d --> D:\Program Files\VLC\uninstall.exe
VirtualDrive --> "D:\Program Files\VirtualDrive\Setup.exe"
WIDCOMM Bluetooth Software --> MsiExec.exe /X{90535871-81B9-4D99-8A13-A7EE97F2D7FE}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver --> D:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type1714 / Success
Event Submitted/Written: 01/24/2008 07:07:01 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1623 / Success
Event Submitted/Written: 01/23/2008 10:12:44 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1583 / Success
Event Submitted/Written: 01/22/2008 10:20:20 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1413 / Success
Event Submitted/Written: 01/22/2008 01:07:03 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1389 / Error
Event Submitted/Written: 01/22/2008 00:40:23 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ccapp.exe, version 103.5.10.3, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00011f52.
Processing media-specific event for [ccapp.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2263 / Warning
Event Submitted/Written: 01/24/2008 02:47:43 AM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type2259 / Warning
Event Submitted/Written: 01/23/2008 11:50:26 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type2195 / Error
Event Submitted/Written: 01/23/2008 03:42:52 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {F3A614DC-ABE0-11D2-A441-00C04F795683} did not register with DCOM within the required timeout.

Event Record #/Type2128 / Warning
Event Submitted/Written: 01/20/2008 09:32:44 PM / 01/20/2008 09:33:41 PM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type2120 / Warning
Event Submitted/Written: 01/20/2008 05:07:03 PM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.



-- End of Deckard's System Scanner: finished at 2008-01-24 19:27:50 ------------

I have also been noting a few quirks.. my firewall, Norton Internet Security, has been consistently detecting both inbound and outbound traffic mostly from my router (192.168.1.1) to my computer (192.168.1.50). These appear about a minute after I login. Funny thing is, the ports used are always random.

I've extracted some entries from norton's log. These were taken from the 21st Jan to 23rd Jan.

|| Firewall Log (extract) ||

21-Jan-08 12:35:59 PM
This one time, the user has chosen to "block" communications.
Inbound UDP packet.
Local address,service is (localhost,1044).
Remote address,service is (SILVER-ARROW(192.168.1.50),1044).
Process name is "N/A".

21-Jan-08 5:03:33 PM
This one time, the user has chosen to "block" communications.
Inbound UDP packet.
Local address,service is (localhost,1044).
Remote address,service is (SILVER-ARROW(192.168.1.50),1044).
Process name is "N/A".

21-Jan-08 5:04:40 PM
This one time, the user has chosen to "block" communications.
Inbound UDP packet.
Local address,service is (SILVER-ARROW(192.168.1.50),41746).
Remote address,service is (192.168.1.1,ssdp(1900)).
Process name is "N/A".

21-Jan-08 10:02:32 PM
This one time, the user has chosen to "block" communications.
Inbound TCP connection.
Local address,service is (SILVER-ARROW(192.168.1.50),2027).
Remote address,service is (59.189.154.105,1232).
Process name is "N/A".

21-Jan-08 10:02:36 PM
This one time, the user has chosen to "block" communications.
Inbound TCP connection.
Local address,service is (SILVER-ARROW(192.168.1.50),2040).
Remote address,service is (218.212.12.194,4615).
Process name is "N/A".

22-Jan-08 1:07:15 AM
This one time, the user has chosen to "block" communications.
Inbound UDP packet.
Local address,service is (SILVER-ARROW(192.168.1.50),39700).
Remote address,service is (192.168.1.1,ssdp(1900)).
Process name is "N/A".

22-Jan-08 2:05:56 PM
This one time, the user has chosen to "block" communications.
Inbound UDP packet.
Local address,service is (localhost,4513).
Remote address,service is (SILVER-ARROW(192.168.1.50),4513).
Process name is "N/A".

22-Jan-08 2:06:05 PM
This one time, the user has chosen to "block" communications.
Inbound UDP packet.
Local address,service is (SILVER-ARROW(192.168.1.50),58698).
Remote address,service is (192.168.1.1,ssdp(1900)).
Process name is "N/A".

23-Jan-08 10:12:20 AM
This one time, the user has chosen to "block" communications.
Inbound UDP packet.
Local address,service is (localhost,1039).
Remote address,service is (SILVER-ARROW(192.168.1.50),1039).
Process name is "N/A".

23-Jan-08 2:49:45 PM
This one time, the user has chosen to "block" communications.
Inbound TCP connection.
Local address,service is (SILVER-ARROW(192.168.1.50),40433).
Remote address,service is (210.72.227.170,32429).
Process name is "N/A".

23-Jan-08 4:49:17 PM
This one time, the user has chosen to "block" communications.
Inbound UDP packet.
Local address,service is (SILVER-ARROW(192.168.1.50),42737).
Remote address,service is (192.168.1.1,ssdp(1900)).
Process name is "N/A".

23-Jan-08 9:14:20 PM
This one time, the user has chosen to "block" communications.
Inbound UDP packet.
Local address,service is (SILVER-ARROW(192.168.1.50),44071).
Remote address,service is (192.168.1.1,ssdp(1900)).
Process name is "N/A".


Yup yup.. thanks so much for helping! :D

(note: I noticed that DSS turned System Restore back on, I have had bad experiences with System Restore and actually use Norton Goback for recovery purposes. Do let me know when I can disable System Restore again, its eating up disk space!!)
Paladin_1988
Active Member
 
Posts: 13
Joined: January 21st, 2008, 6:49 am
Top

Re: Slow Computer.. thanks in advance!

Unread postby silver » January 24th, 2008, 11:26 pm

Hi Paladin_1988,

Please leave System Restore on for now, if you wish to disable it please do so when we're finished although I'd recommend you keep it on - it's a valuable safety net, and you can adjust the amount of disk space it uses to suit.

I don't see anything in the firewall log to worry about.
  • The communications between 192.168.1.50 and localhost is your computer talking to itself
  • The UDP packets sent from your computer to your router's port 1900 is probably Windows Messenger
  • You have what looks like some inbound TCP communications from internet IPs blocked - this should only normally happen if you have ports forwarded through your router - is this the case?

Please open Start->Control Panel->Add/Remove Programs, look down the list for this and remove it:
Java(TM) 6 Update 3
These are out of date and now a security risk, you can get the latest update (version 6 update 4) from here

You have a program called Messenger Plus! Live installed. When installing it offers a choice either to Install the sponsor program or I refuse to give my support, don't install the sponsor. The sponsor program is malware so if you installed it we need to remove it. Even if you didn't install the sponsor program I recommend you remove this program anyway as the developer is spreading malware for profit - read more information about this here.
To remove the program open Start->Control Panel->Add/Remove Programs, find and remove Messenger Plus! Live

There is another program which contains the same malware called StuffPlug 3 - I strongly recommend you remove it for the same reasons.


Please download Deljob.exe and save it to your desktop.
Doubleclick Deljob.exe to start the program.
A file called logit.txt should appear on your Desktop and should open in Notepad, post the contents of this file in your next response.


Then, open HijackThis, choose Do a system scan only and place a checkmark next to the following line:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Then close all open windows apart from HijackThis, press Fix checked, OK the prompt and close HijackThis.


Next, please do an online scan with Kaspersky:
Open Kaspersky Online Scanner in Internet Explorer using this link:
http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
  • Click Accept and the web scanner will begin to load
  • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
  • You will be prompted to install an ActiveX component from Kaspersky, click Install
  • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT and then Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • The program will start to scan your system.
  • Once the scan is complete, click on the Save as Text button and save the file to your desktop
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.


Once complete, please post the NoLop report, the Kaspersky report and a new HijackThis log.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Top

Re: Slow Computer.. thanks in advance!

Unread postby Paladin_1988 » January 25th, 2008, 5:53 pm

Greetings once again!

Ehh you commented about various things, I'll go thru them one by one.

1) System Restore
Taking note that I am using Norton Goback, I understand that both System Restore and Goback perform exactly the same function (provide the ability to "reverse" time). Is there anything special regarding System Restore that I should know off?

What I dislike about System Restore is that it is very imprecise and does not provide options for advanced users. Restores have a tendency to fail when you need it most and many anti-viral removal procedures involve disabling System Restore because viruses can back themselves up inside the backup data.

Maybe its just me and my prejudices :p but I prefer Goback. You can restore your computer to a specific event, such as a creation or deletion of a specific file. Goback has rather verbose logging, and I dare say everything that changes within your computer is logged. And most importantly, Goback was there when I needed it. Somehow or another when the Windows system is corrupted, System Restore goes down with it.

2) Firewall - Localhost
Okay I actually studied abit of networking and therefore I should know this. So to paraphrase, what you are saying is that any communications between my own IP and "localhost" is safe?

3) Firewall - TCP Traffic
Yes I did forward ports for uTorrent to use. I don't think I got down to re-installing uTorrent yet..
Anyways, previously port forwarding did not give me any trouble or alerts.

I have disabled them since I'm not using them anyways. But I was wondering...
Does port forwarding have any security risk? I understand that so long as you trust the programme using the port, all should be fine.

4) Java
I have uninstalled and updated it to version 6 update 4. Thanks! I didn't even know it was outdated :p

5) Firewall - MSN traffic + Live Plus + Stuffplug 3
Okay this is abit touchy. If I am correct, these all ought to be related. Again previously my firewall gave me no trouble regarding 1900 ports. However taking note of what you said, they might be something "extra" this time around.

I read the article you linked to, and did some google-ing on my own.

I understand that the sponsor program for Plus Live is malware yes.. but is the actual Plus Live programe malware? I need a yes or no answer here.

As for SP3, I found nothing to warrant any suspicion. But again, is SP3 malware? Yes or No answer please.

Okay, next could you substantiate more as to why you feel that Plus Live or SP3 is unsafe? Reputatable 3rd party view to backup your own would be nice. Its not that I do not trust you, experience has taught me to always seek more than one opinion. So no hard feelings!

Alrighty.. at the end of all that.. to give benefit of the doubt, I uninstalled both programs anyway haha. Ultimately its the results I'm interested in. If the port 1900 alerts stop and my comp speeds up then what the heck! I could live without them.

6) Deljob
Here is the stuff you requested.

--------------------------------------------------------
No LOP jobs found
--------------------------------------------------------
Files remaining after cleaning

Norton AntiVirus - Scan my computer - Ben.job
Symantec Drmc.job
Uniblue SpeedUpMyPC Nag.job
Uniblue SpeedUpMyPC.job
--------------------------------------------------------
App data folders

Volume in drive C has no label.
Volume Serial Number is F8F4-2004

Directory of C:\Documents and Settings\Ben\Application Data

23-Jan-08 09:49 PM <DIR> .
23-Jan-08 09:49 PM <DIR> ..
18-Jan-08 08:52 PM <DIR> Adobe
15-Jan-08 09:28 PM <DIR> AdobeUM
18-Jan-08 02:10 AM <DIR> APPLEC~1 Apple Computer
19-Jan-08 07:25 AM <DIR> FarStone
16-Jan-08 11:27 PM <DIR> Google
13-Jan-08 07:50 AM <DIR> IDENTI~1 Identities
17-Jan-08 12:06 AM <DIR> MACROM~1 Macromedia
20-Jan-08 04:33 PM <DIR> MICROS~1 Microsoft
25-Jan-08 01:56 AM <DIR> mIRC
16-Jan-08 11:48 PM <DIR> PCTOOL~1 PC Tools
18-Jan-08 12:54 AM <DIR> Sun
16-Jan-08 08:01 PM <DIR> Symantec
19-Jan-08 07:01 AM <DIR> Uniblue
23-Jan-08 09:49 PM <DIR> vlc
17-Jan-08 10:40 PM <DIR> WinRAR
0 File(s) 0 bytes
17 Dir(s) 3,318,071,296 bytes free
Volume in drive C has no label.
Volume Serial Number is F8F4-2004

Directory of C:\Documents and Settings\All Users\Application Data

18-Jan-08 02:08 AM <DIR> .
18-Jan-08 02:08 AM <DIR> ..
15-Jan-08 09:27 PM <DIR> Adobe
18-Jan-08 02:08 AM <DIR> Apple
18-Jan-08 02:08 AM <DIR> APPLEC~1 Apple Computer
16-Jan-08 11:27 PM <DIR> Google
17-Jan-08 10:30 PM <DIR> Lavasoft
17-Jan-08 12:09 AM <DIR> MESSEN~1 Messenger Plus!
19-Jan-08 06:14 AM <DIR> MICROS~1 Microsoft
16-Jan-08 12:18 AM <DIR> Symantec
26-Jan-08 12:25 AM <DIR> TEMP
16-Jan-08 09:18 AM <DIR> WINDOW~1 Windows Genuine Advantage
16-Jan-08 11:43 PM <DIR> WLINST~1 WLInstaller
0 File(s) 0 bytes
13 Dir(s) 3,318,071,296 bytes free
--------------------------------------------------------

7) HijackThis
The BHO was removed succesfully.

8) Kaspersky
KASPERSKY ONLINE SCANNER REPORT
Saturday, January 26, 2008 5:38:30 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/01/2008
Kaspersky Anti-Virus database records: 532563


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 79478
Number of viruses found 1
Number of infected objects 4
Number of suspicious objects 0
Duration of the scan process 02:26:41

Infected Object Name Virus Name Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\Ben\LOCALS~1\Temp\mirc631.exe/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped

C:\Deckard\System Scanner\backup\DOCUME~1\Ben\LOCALS~1\Temp\mirc631.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped

C:\Deckard\System Scanner\backup\DOCUME~1\Ben\LOCALS~1\Temp\mirc631.exe NSIS: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-01-26_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\Ben\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Ben\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped

C:\Documents and Settings\Ben\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped

C:\Documents and Settings\Ben\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped

C:\Documents and Settings\Ben\Local Settings\Application Data\Microsoft\Messenger\Paladin_1988@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Documents and Settings\Ben\Local Settings\Application Data\Microsoft\Messenger\Paladin_1988@hotmail.com\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\Ben\Local Settings\Application Data\Microsoft\Messenger\Paladin_1988@hotmail.com\SharingMetadata\Working\database_D8F8_F441_F8F4_2004\dfsr.db Object is locked skipped

C:\Documents and Settings\Ben\Local Settings\Application Data\Microsoft\Messenger\Paladin_1988@hotmail.com\SharingMetadata\Working\database_D8F8_F441_F8F4_2004\fsr.log Object is locked skipped

C:\Documents and Settings\Ben\Local Settings\Application Data\Microsoft\Messenger\Paladin_1988@hotmail.com\SharingMetadata\Working\database_D8F8_F441_F8F4_2004\fsrtmp.log Object is locked skipped

C:\Documents and Settings\Ben\Local Settings\Application Data\Microsoft\Messenger\Paladin_1988@hotmail.com\SharingMetadata\Working\database_D8F8_F441_F8F4_2004\tmp.edb Object is locked skipped

C:\Documents and Settings\Ben\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Ben\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Ben\Local Settings\Application Data\Microsoft\Windows Live Contacts\Paladin_1988@hotmail.com\real\members.stg Object is locked skipped

C:\Documents and Settings\Ben\Local Settings\Application Data\Microsoft\Windows Live Contacts\Paladin_1988@hotmail.com\shadow\members.stg Object is locked skipped

C:\Documents and Settings\Ben\Local Settings\Application Data\Microsoft\Windows Media\11.0\WMSDKNSD.XML Object is locked skipped

C:\Documents and Settings\Ben\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Ben\Local Settings\Temp\~DF85A5.tmp Object is locked skipped

C:\Documents and Settings\Ben\Local Settings\Temp\~DF860D.tmp Object is locked skipped

C:\Documents and Settings\Ben\Local Settings\Temp\~DF9C65.tmp Object is locked skipped

C:\Documents and Settings\Ben\Local Settings\Temp\~DF9C8C.tmp Object is locked skipped

C:\Documents and Settings\Ben\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Ben\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Ben\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped

C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0068NAV~.TMP Object is locked skipped

C:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{C5BBD55B-2C38-4E71-8782-2C692578314D}\RP8\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\gobackio.bin Object is locked skipped

D:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{C5BBD55B-2C38-4E71-8782-2C692578314D}\RP8\change.log Object is locked skipped

Scan process completed.

9) HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:52:10 AM, on 26-Jan-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\acer\epm\epm-dm.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MediaSource\Detector\CTDetect.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
D:\Program Files\a-squared Free\a2service.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
D:\Program Files\Spyware Doctor\svcntaux.exe
D:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"
O4 - HKLM\..\Run: [SDTray] "D:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\Ben\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Creative Detector] "D:\Program Files\MediaSource\Detector\CTDetect.exe" /R
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - D:\PROGRA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - D:\PROGRA~1\FLASHD~1\iebt.dll (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0431177000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0485742375
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE63B60B-82A8-4D01-9FF0-9268881D5D4F}: NameServer = 218.186.1.88,202.156.1.68
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 12346 bytes
Paladin_1988
Active Member
 
Posts: 13
Joined: January 21st, 2008, 6:49 am
Top

Re: Slow Computer.. thanks in advance!

Unread postby silver » January 25th, 2008, 11:32 pm

Hi Paladin_1988,

Re the points raised:

System Restore:
I am not familiar with GoBack personally, from what you've said it sounds like a great program and certainly superior to System Restore. However, I'm not aware of any reliability issues with System Restore, and as both do a similar job, both will back-up malware files and registry entries in performing their work and I don't see how GoBack could be immune from this. But their purpose is not malware removal and an infected restore point (in either program) is better than no restore point at all.

The reason why I asked for it to remain on while we are cleaning is so that if something goes wrong while we are working together, there is a safety net in place which I can see is active from the reports posted to the forum, and which I know how to give instructions to use.

It is of course up to you which of these programs you wish to have running, and there isn't anything 'special' about System Restore - but at a cost of perhaps 1-2% of disk space on your system partition, you could have an extra safety net operating which is maintenance-free.

Localhost
Localhost is your own machine, so normally, communications between your own IP and localhost should be fine. It then comes down to which applications have access to the network, and I recommend you configure your firewall to only allow applications you choose to have any access to the network at all.

Port Forwarding
When you have no ports forwarded through your router, any unsolicited inbound traffic (communications initiated from the outside) will be dropped, so any malicious traffic has no opportunity to reach your computer. If you forward ports through your router, you are giving up part of that protection and allowing malicious inbound traffic on those selected ports to reach your computer. If there is an application listening on one of those ports, then any security flaws in that software can be used by exploited by remote attackers. It's far safer when you have no ports forwarded at all.

Messenger Plus:
Messenger Plus itself is not malware, only the accompanying sponsor program is malware.
However as I posted earlier, the developer of this program makes money by spreading malware, I'm sure you can see why I recommend to victims of malware to not use this software.
You don't have to take my word for it, here is a link to a post on the official support forum by the developer himself which tells you how to uninstall the adware:
http://www.msghelp.net/showthread.php?tid=21598

StuffPlug has been reported here as containing malware:
http://www.siteadvisor.com/sites/stuffplug.com
http://www.bleepingcomputer.com/uninsta ... ugins.html

SiteAdvisor reports the malware present in StuffPlug is swizzor, which is the same malware present in Messenger Plus! - hence the recommendation.
It's possible that the reports relate to an older version of StuffPlug, however the latest version is adware, you can see for yourself in the FAQ, on that basis alone I would recommend it's removal.

All the reports look good and I think your machine is clean :) some important final steps:

You should now delete DSS.exe and Deljob.exe from your Desktop. Also delete this folder:
C:\Deckard


If you are going to disable System Restore, please do so or follow these instructions:
Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and press OK
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
Press OK and Yes to confirm


Here are some tips to help you keep your computer clean:

Operating system vulnerabilities can easily be exploited by malware so please ensure your operating system is automatically kept up to date by using Windows Update:
Go to Start->Control Panel->Automatic Updates
Select Automatic and select a suitable schedule

You have good protection software installed however please ensure it is kept up to date. Check that your antivirus and antispyware programs are set to automatically update themselves daily, and that your firewall is the latest version.

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

Please take care when downloading programs. One of the easiest ways to be infected is to download freeware/shareware programs which come laden with malware - this includes allowing websites to install browser plug-ins orActiveX controls. Before downloading, it is crucial to check whether the source is reputable.
One way to check is to use McAfee SiteAdvisor. Copy the domain name into the space provided and SiteAdvisor will give you a report on the website which can help you decide if it is safe. They also have a toolbar for IE and Firefox which adds this functionality to your browser.

Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

Find out more about how to prevent infection in the future
http://forum.malwareremoval.com/viewtopic.php?p=33687

Please post back to let me know that you have read this, and if there are any further issues.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Top

Re: Slow Computer.. thanks in advance!

Unread postby Paladin_1988 » January 26th, 2008, 3:09 am

Heya!

Firstly thanks for taking the time and effort to explain everything! You explain things clearly and concisely!

|| Goback ||
Goback is certainly not immune from backing up malware or viruses, but because of its verbose logging, an advanced user who can pin point the exact time of infection can reverse the computer to that point. Goback can reverse your computer to a major event (startup, restart, app install) or to a specific event (file creation, deletion). So in effect you can "see" whether there are any malware or viruses present by checking the logs. This is opposed to System Restore that just reverses your computer to a certain spot.

I would recommend Goback over system restore.. pity its not free haha

|| Whats next? ||
Okay, I realised that the only real changes I have done is
1) A-squared removed a trojan
2) That BHO was removed
3) Plus Live and Stuffplug3 have been removed

I expected more things than that haha. So far my computer looks okay, I guess I'll post again tmr after a day's use to get a more accurate picture. I hoping my problems were from that BHO.. (can one BHO cause that much trouble?)
Because it would be great if reinstalling the 2 MSN add-ons doesnt cause trouble. They have never done so before..

In the meantime, thanks for your help! :mrgreen:
Paladin_1988
Active Member
 
Posts: 13
Joined: January 21st, 2008, 6:49 am
Top

Re: Slow Computer.. thanks in advance!

Unread postby silver » January 26th, 2008, 11:54 pm

You're welcome :)

You're correct we didn't make very many changes, but we were looking specifically for malware and not general performance improvements. The BHO was an orphaned entry and removal will have had no noticeable effect. If your machine is still not working as well as you think it should do, then I'd say the cause is not malware-related. If you would like further assistance, then I would recommend posting on a PC troubleshooting forum like PC Pitstop. PC Pitstop specializes in handling performance issues so you are certain to get expert assistance and a speedy resolution is very likely.

Regarding Messenger Plus! - if you really want to use this program it can be installed safely, just take extreme care during the installation process to choose I refuse to give my support, don't install the sponsor during the installation process. However as I've said previously, the developer receives money for creating new victims of malware, who in turn come to us for removal help - due to this I would like to urge you to avoid this software.

Stuffplug is adware and as such I don't recommend you use it at all. I'm not familiar with the program so I can't offer you any alternatives, but advertising networks are increasingly being used to spread malware so any adware program has the potential to cause serious problems.

If you have any further questions then please let me know.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Top

Re: Slow Computer.. thanks in advance!

Unread postby Paladin_1988 » January 27th, 2008, 6:36 am

Hey!

Thanks for the link! I guess thats about it then! Take care!
Paladin_1988
Active Member
 
Posts: 13
Joined: January 21st, 2008, 6:49 am
Top

Re: Slow Computer.. thanks in advance!

Unread postby silver » January 27th, 2008, 6:53 am

You take care as well :)



Since this issue appears to be resolved, this topic has been closed. Glad we could be of assistance.

If you wish it reopened, please send an email to admin at malwareremoval.com with a link to your thread.

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

You can help support this site from this link :
Donations For Malware Removal
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Top

Re: Slow Computer.. thanks in advance!

Unread postby ChrisRLG » January 27th, 2008, 7:13 pm

Re-opened on email request.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK
Top

Re: Slow Computer.. thanks in advance!

Unread postby Paladin_1988 » January 28th, 2008, 11:31 am

Hello again, sigh, I pretty certain there's more malware hidden somewhere in my machine.

1) Browser Hijack?
Web surfing on IE has been very sluggish, it has in fact gotten worse. Just opening up IE takes about 5 seconds. New windows take about 5 seconds too. EVEN closing an IE window takes about 3 seconds. I downloaded Firefox just for the heck of it and surprise! There's no lag in FF. So I'm pretty certain something has hijacked my IE application.

2) Norton Malware
Since yesterday, norton has been beeping alerts. Something about not being able to protect drive D, my secondary partition. Most worrying, is that Autorun has new Symantec entries that are unverified. A large firm like Symantec shouldn't be unknown to the Autorun team, and it appears that these startup files are core files to norton.

NPDriverNorton Protection Driver (Not verified) Symantec Corporation c:\windows\system32\drivers\npdriver.sys
QDFSDRVNorton Filter Driver (Not verified) Symantec Corporation c:\windows\system32\drivers\qdfsdrv.sys
SDdriverSDDRIVER (Not verified) Symantec Corporation c:\windows\system32\drivers\sddriver.sys
apitrap.dllApitrap (Not verified) Symantec Corporation c:\windows\system32\apitrap.dll

Also whenever I do an A-squared deep scan, norton detects a trojan. It seems to be either a generic one or one caught using heuristics as opposed to signatures. It has no label nor unique identifier. Its just a "trojan".
This is the file in question. "C:\DOCUME~1\Ben\LOCALS~1\Temp\a2archive\Patch.exe"
This has happened twice already, so its no fluke accident.

3) What now..
I've done all the scans at my disposal. Norton antivirus, A-squared, Spyware Doctor, Ad-Aware, Panda Anti Rootkit Scanner and RootkitRevealer. All of them say my system is clean, well I would disagree haha.

I have a hunch this has something to do with Botnets, the symptoms appear real similar.
Another idea I had was to try reinstalling IE7 to see if that helps.
But I decided to post here before taking any action that might trip defensive alarms on the malware's side..

Heres my HJT Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:14 PM, on 28-Jan-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\acer\epm\epm-dm.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
D:\Program Files\WinPatrol\winpatrol.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\vcdplayx.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MediaSource\Detector\CTDetect.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
D:\Program Files\a-squared Free\a2service.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
D:\Program Files\Spyware Doctor\svcntaux.exe
D:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ben\Desktop\System Tools\Autoruns\autoruns.exe
C:\Program Files\Common Files\Symantec Shared\ccLgView.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SDTray] "D:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] D:\Program Files\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Creative Detector] "D:\Program Files\MediaSource\Detector\CTDetect.exe" /R
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - D:\PROGRA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - D:\PROGRA~1\FLASHD~1\iebt.dll (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0431177000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0485742375
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE63B60B-82A8-4D01-9FF0-9268881D5D4F}: NameServer = 218.186.1.88,202.156.1.68
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 13017 bytes
Paladin_1988
Active Member
 
Posts: 13
Joined: January 21st, 2008, 6:49 am
Top

Re: Slow Computer.. thanks in advance!

Unread postby silver » January 29th, 2008, 6:42 am

Hi Paladin_1988

Since yesterday, norton has been beeping alerts. Something about not being able to protect drive D, my secondary partition.
I need to know exactly what Norton is reporting - please check the Event History or Log to find what the reports are concerning and post the details.

Regarding those Symantec files, I wouldn't be too concerned about what you have found as they all appear to be legitimate files and they may just not have digital signatures which results in the "unverified" status. However please upload them for checking using the instructions further down this post and we'll check them out.

Also whenever I do an A-squared deep scan, norton detects a trojan.
If the trojan is only detected when A-squared does a scan, it sounds like Norton is probably detecting a component of A-squared, and the file path appears to confirm it.

I have included the file in the following upload instructions, if it is still there it will be uploaded as well.

Please download Suspicious File Packer to your Desktop.
  • Right-click sfp.zip, choose Extract All... and extract sfp.exe to your Desktop
  • Double-click sfp.exe to start the program
  • Copy and Paste the following file list into the text box of the program:
    c:\windows\system32\drivers\npdriver.sys
    c:\windows\system32\drivers\qdfsdrv.sys
    c:\windows\system32\drivers\sddriver.sys
    c:\windows\system32\apitrap.dll
    C:\DOCUME~1\Ben\LOCALS~1\Temp\a2archive\Patch.exe
  • A file called requested-files[YYYY-MM-DD_MM_ss].cab will appear on your Desktop.
  • Now open this page in your browser
  • Press Browse and browse to the requested-files[YYYY-MM-DD_MM_ss].cab file on your Desktop, fill in the other fields as appropriate then press Send File

Your HijackThis log is clean and I think the browser issues are not likely to be malware-related. However we'll check out those files, and also let me know about what Norton is reporting.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Top

Re: Slow Computer.. thanks in advance!

Unread postby Paladin_1988 » January 29th, 2008, 7:42 am

Okay, the log entries show nothing. I did take a screenshot of the alert.

norton alert.JPG


It always happens right after bootup.
I have also uploaded the files as specified. However the last one could not be found, norton deleted it once it detected an infection.

Some updates, surfing using IE without add-ons cures the lag. Performance was normal. So i tried removing all my addons, but none of them can be uninstalled. Should I try reinstalling IE7?

Also, how does autoruns determine which files are supposed to be there? How definitive and trustworthy is autoruns?
You do not have the required permissions to view the files attached to this post.
Paladin_1988
Active Member
 
Posts: 13
Joined: January 21st, 2008, 6:49 am
Top

Re: Slow Computer.. thanks in advance!

Unread postby silver » January 30th, 2008, 12:08 am

The Norton error is likely to be related to the Recycle Bin on your D: drive.
Try disabling Norton protection for deleted files on that drive by immediately deleting files on that drive. These instructions may be useful:
Right-click Norton Protected Recycle Bin, select Properties, Global, Configure drives independently, Drive D:, Do not move files to the Recycle Bin.
Then press OK to confirm.
Empty your recycle bin and reboot to see if that resolves the problem.
Note: this will result in files being deleted immediately from that drive while this setting is in effect.

Also, how does autoruns determine which files are supposed to be there? How definitive and trustworthy is autoruns?
Autoruns is completely trustworthy, but you need to understand how to interpret it's results. The 'verified' or 'unverified' status of a file depends solely on whether the file has a digital signature, not whether it is an 'OK' file or whether it's supposed to be there.

A digital signature is cryptographic verification that the file has not been altered since it was signed, and it also confirms the origin of the file. If a file is signed you can be pretty sure it's not been modified and that it has in fact come from the organization named in the file properties.

The files you uploaded appear to be legitimate but have no digital signature, so they will appear as "Unverified" by Autoruns. I don't think you should have any concerns about these files.

If you wish to analyze your startups with Autoruns, I recommend you select Hide Signed Microsoft Entries and investigate the remaining entries. You can upload files you want to check to an online scanning service like VirusTotal. Generally speaking files signed by a reputable company should be OK - as long as you want their software on your system!

Should I try reinstalling IE7?
If you are comfortable doing this I think it's worth a try. I am however not an expert on troubleshooting IE7, so I would prefer to refer you on this issue to a troubleshooting forum like PC Pitstop which specializes in this type of problem.

Let me know how you got on with Norton and if there are any further issues.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Top
Advertisement
Register to Remove
Next
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 131 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index