Virus help! comp barely moving!

2

Comments

  • TroganTrogan London, UK
    edited July 2008
    Hi,

    The deletions shouldn't have caused the computer to be laggy, because we only deleted infected files.

    What does the blue screen say exactly?
  • SweepeRSweepeR
    edited July 2008
    ill check it tom morning and copy it and post it.
  • TroganTrogan London, UK
    edited July 2008
    Hi Sweeper,

    Are you still there?

    Have you received an error message, such as "The system cannot log you on now because the domain domain_name is not available"? Please let me know.
  • SweepeRSweepeR
    edited July 2008
    Trogan wrote:
    Hi Sweeper,

    Are you still there?

    Have you received an error message, such as "The system cannot log you on now because the domain domain_name is not available"? Please let me know.

    lmao so sorry dude I thoguth i was waiting for your response haha i forgot I said i was goin to update u on that info for some reason I thought i posted it lol. I'll have it in about 2-3 hours.
  • SweepeRSweepeR
    edited July 2008
    ok i checked it and it says nothing past "it was shut down to prevent damages, check to see if there is a virus, unintslal any new programs recently isntalled, corruption or disc damage etc etc etc" but it also says "run CHKDSK /F to see if there is any viruses or corruption on the disc." thats about it it just repeats the same thing over for about 2 paragraphs worth of lenght.
  • SweepeRSweepeR
    edited July 2008
    btw My clock ALWAYS goes ahead 1 hour when i restart...why? this happened when this VIrus stuff went down. I dono if thats any help to you.
  • TroganTrogan London, UK
    edited July 2008
    Not sure what's going on with the clock.

    Download Deckard's System Scanner (dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.

    Making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

    "%userprofile%\desktop\dss.exe" /config

    When the DSS Configuration display opens click the "Check All" button (if the "Uncheck All" button shows, click that, then click "Check All"). Next, Under Main Log, uncheck the following:

    System Restore
    Temp Cleanup
    Process Modules

    Then under Options, place a check next to the following:

    Backup Registry Hives

    Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

    Once the scan has completed a textbox will appear - copy/paste those contents back here (main.txt). Also a second text file, extra.txt, will show as minimized in your Task Bar. Maximize/Open this, and copy/paste those contents back here along with the main.txt please. (The logs can also be found in the C:\Deckard\System Scanner folder)

    You can use extra posts here if needed for that.
  • SweepeRSweepeR
    edited July 2008
    when u told me to put a check next to backup registry hives the 2 other options above it have a check sohould I uncheck those so only Registry Hives has a check?
  • TroganTrogan London, UK
    edited July 2008
    All three boxes should be checked.
  • SweepeRSweepeR
    edited July 2008
    Deckard's System Scanner v20071014.68
    Run by Edwin T on 2008-07-16 00:51:35
    Computer is in Normal Mode.
    Backed up registry hives.

    -- HijackThis (run as Edwin T.exe)
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:52:44 AM, on 7/16/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
    C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\AOL\Loader\aolload.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Edwin T\desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\EDWINT~1.EXE
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [DiscWizardMonitor.exe] "C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe"
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe"
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204188025250
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    --
    End of file - 8058 bytes
    -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\)
    backup-20080711-013748-427 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    backup-20080711-013748-626 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    -- File Associations
    All associations okay.

    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
    R0 timounter (Acronis True Image Backup Archive Explorer) - c:\windows\system32\drivers\timntr.sys <Not Verified; Acronis; Acronis True Image>
    R2 tifsfilter (Acronis True Image FS Filter) - c:\windows\system32\drivers\tifsfilt.sys <Not Verified; Acronis; Acronis True Image>

    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
    R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
    S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
    S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe

    -- Device Manager: Disabled
    No disabled devices found.

    -- Scheduled Tasks
    2008-07-16 00:47:36 350 --a
    C:\WINDOWS\Tasks\At25.job
    2008-07-15 23:00:00 350 --a
    C:\WINDOWS\Tasks\At48.job
    2008-07-15 23:00:00 350 --a
    C:\WINDOWS\Tasks\At24.job
    2008-07-15 22:00:00 350 --a
    C:\WINDOWS\Tasks\At47.job
    2008-07-15 22:00:00 350 --a
    C:\WINDOWS\Tasks\At23.job
    2008-07-15 21:00:00 350 --a
    C:\WINDOWS\Tasks\At46.job
    2008-07-15 21:00:00 350 --a
    C:\WINDOWS\Tasks\At22.job
    2008-07-15 20:00:00 350 --a
    C:\WINDOWS\Tasks\At45.job
    2008-07-15 20:00:00 350 --a
    C:\WINDOWS\Tasks\At21.job
    2008-07-15 19:00:00 350 --a
    C:\WINDOWS\Tasks\At44.job
    2008-07-15 19:00:00 350 --a
    C:\WINDOWS\Tasks\At20.job
    2008-07-15 18:00:00 350 --a
    C:\WINDOWS\Tasks\At43.job
    2008-07-15 18:00:00 350 --a
    C:\WINDOWS\Tasks\At19.job
    2008-07-15 17:00:00 350 --a
    C:\WINDOWS\Tasks\At42.job
    2008-07-15 17:00:00 350 --a
    C:\WINDOWS\Tasks\At18.job
    2008-07-15 16:00:00 350 --a
    C:\WINDOWS\Tasks\At41.job
    2008-07-15 16:00:00 350 --a
    C:\WINDOWS\Tasks\At17.job
    2008-07-15 15:00:00 350 --a
    C:\WINDOWS\Tasks\At40.job
    2008-07-15 15:00:00 350 --a
    C:\WINDOWS\Tasks\At16.job
    2008-07-15 14:00:00 350 --a
    C:\WINDOWS\Tasks\At39.job
    2008-07-15 14:00:00 350 --a
    C:\WINDOWS\Tasks\At15.job
    2008-07-15 13:00:00 350 --a
    C:\WINDOWS\Tasks\At38.job
    2008-07-15 13:00:00 350 --a
    C:\WINDOWS\Tasks\At14.job
    2008-07-15 12:00:00 350 --a
    C:\WINDOWS\Tasks\At37.job
    2008-07-15 12:00:00 350 --a
    C:\WINDOWS\Tasks\At13.job
    2008-07-15 11:00:00 350 --a
    C:\WINDOWS\Tasks\At36.job
    2008-07-15 11:00:00 350 --a
    C:\WINDOWS\Tasks\At12.job
    2008-07-15 10:00:00 350 --a
    C:\WINDOWS\Tasks\At35.job
    2008-07-15 10:00:00 350 --a
    C:\WINDOWS\Tasks\At11.job
    2008-07-15 09:00:00 350 --a
    C:\WINDOWS\Tasks\At34.job
    2008-07-15 09:00:00 350 --a
    C:\WINDOWS\Tasks\At10.job
    2008-07-15 08:00:00 350 --a
    C:\WINDOWS\Tasks\At9.job
    2008-07-15 08:00:00 350 --a
    C:\WINDOWS\Tasks\At33.job
    2008-07-15 07:00:00 350 --a
    C:\WINDOWS\Tasks\At8.job
    2008-07-15 07:00:00 350 --a
    C:\WINDOWS\Tasks\At32.job
    2008-07-15 06:00:00 350 --a
    C:\WINDOWS\Tasks\At7.job
    2008-07-15 06:00:00 350 --a
    C:\WINDOWS\Tasks\At31.job
    2008-07-15 05:00:00 350 --a
    C:\WINDOWS\Tasks\At6.job
    2008-07-15 05:00:00 350 --a
    C:\WINDOWS\Tasks\At30.job
    2008-07-15 04:00:00 350 --a
    C:\WINDOWS\Tasks\At5.job
    2008-07-15 04:00:00 350 --a
    C:\WINDOWS\Tasks\At29.job
    2008-07-15 03:00:00 350 --a
    C:\WINDOWS\Tasks\At4.job
    2008-07-15 03:00:00 350 --a
    C:\WINDOWS\Tasks\At28.job
    2008-07-15 02:00:00 350 --a
    C:\WINDOWS\Tasks\At3.job
    2008-07-15 02:00:00 350 --a
    C:\WINDOWS\Tasks\At27.job
    2008-07-15 01:00:00 350 --a
    C:\WINDOWS\Tasks\At26.job
    2008-07-15 01:00:00 350 --a
    C:\WINDOWS\Tasks\At2.job
    2008-07-12 18:19:59 284 --a
    C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

    -- Files created between 2008-06-16 and 2008-07-16
    2008-07-12 18:36:10 0 d
    C:\Program Files\iPod
    2008-07-12 18:19:53 0 d
    C:\Program Files\Apple Software Update
    2008-07-11 00:26:08 0 d
    C:\Program Files\Common Files\Java
    2008-07-10 10:55:12 0 d
    C:\Documents and Settings\Edwin T\Application Data\Malwarebytes
    2008-07-10 10:55:07 0 d
    C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-10 10:55:06 0 d
    C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-08 19:34:09 0 d--hs---- C:\WINDOWS\CSC
    2008-07-08 17:47:07 0 d
    C:\Program Files\Trend Micro
    2008-07-08 13:53:53 0 d
    C:\Documents and Settings\Edwin T\Application Data\Ventrilo
    2008-07-08 13:53:33 0 d
    C:\Program Files\Ventrilo
    2008-07-08 13:52:32 0 d
    C:\Program Files\Common Files\Wise Installation Wizard
    2008-06-27 13:14:28 0 d
    C:\Documents and Settings\All Users\Application Data\ESET
    2008-06-27 09:34:38 0 d
    C:\Webroot
    2008-06-26 17:17:39 0 d
    C:\Documents and Settings\Edwin T\.housecall6.6
    2008-06-26 12:11:52 0 d
    C:\Program Files\AVG
    2008-06-26 12:11:52 0 d
    C:\Documents and Settings\All Users\Application Data\avg8
    2008-06-26 09:00:44 0 d
    C:\Documents and Settings\NetworkService\Application Data\Macromedia
    2008-06-26 09:00:43 0 d
    C:\Documents and Settings\NetworkService\Application Data\Adobe
    2008-06-26 09:00:19 0 dr
    C:\Documents and Settings\NetworkService\Favorites

    -- Find3M Report
    2008-07-14 16:56:27 0 d
    C:\Documents and Settings\Edwin T\Application Data\LimeWire
    2008-07-13 03:37:10 0 d
    C:\Program Files\iTunes
    2008-07-13 03:33:26 0 d
    C:\Program Files\QuickTime
    2008-07-11 00:28:16 0 d
    C:\Program Files\Java
    2008-07-11 00:26:08 0 d
    C:\Program Files\Common Files
    2008-07-10 22:30:36 0 d
    C:\Documents and Settings\Edwin T\Application Data\ICAClient
    2008-07-08 13:49:43 0 d
    C:\Program Files\World of Warcraft
    2008-06-27 07:25:37 0 d
    C:\Program Files\LimeWire

    -- Registry Dump
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SkyTel"="SkyTel.EXE" [05/16/2006 03:04 AM C:\WINDOWS\SkyTel.exe]
    "RTHDCPL"="RTHDCPL.EXE" [06/27/2006 11:54 PM C:\WINDOWS\RTHDCPL.EXE]
    "Alcmtr"="ALCMTR.EXE" [05/03/2005 03:43 AM C:\WINDOWS\ALCMTR.EXE]
    "DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [04/19/2007 10:24 PM]
    "AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [04/19/2007 10:38 PM]
    "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [04/19/2007 10:29 PM]
    "NvCplDaemon"="RUNDLL32.exe" [08/04/2004 01:56 AM C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [08/23/2006 06:03 PM C:\WINDOWS\system32\nwiz.exe]
    "itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [11/21/2006 06:08 PM]
    "IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [08/31/2007 01:01 PM]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 01:47 AM]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/09/2007 06:53 PM]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/17/2008 05:16 PM]
    "NvMediaCenter"="RunDLL32.exe" [08/04/2004 01:56 AM C:\WINDOWS\system32\rundll32.exe]
    "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
    "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [03/13/2008 04:48 PM]
    "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50 AM]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]
    "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 09:56 PM]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Aim6"="" []
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [03/12/2007 01:49 PM]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 relog_ap
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX5400]
    "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\MSMSGS.EXE" /background


    -- End of Deckard's System Scanner: finished at 2008-07-16 00:53:54
  • SweepeRSweepeR
    edited July 2008
    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    -- System Information
    Microsoft Windows XP Professional (build 2600) SP 2.0
    Architecture: X86; Language: English
    CPU 0: Intel(R) Pentium(R) D CPU 3.00GHz
    CPU 1: Intel(R) Pentium(R) D CPU 3.00GHz
    Percentage of Memory in Use: 26%
    Physical Memory (total/avail): 2047.23 MiB / 1498.14 MiB
    Pagefile Memory (total/avail): 3943.11 MiB / 3522.4 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1940.55 MiB
    A: is Removable (No Media)
    C: is Fixed (NTFS) - 298.08 GiB total, 169.44 GiB free.
    D: is CDROM (No Media)
    E: is CDROM (No Media)
    F: is Fixed (NTFS) - 172.29 GiB total, 36.24 GiB free.
    G: is Fixed (FAT32) - 14 GiB total, 2.15 GiB free.
    [URL="file://\\.\PHYSICALDRIVE1"]\\.\PHYSICALDRIVE1[/URL] - ST3200822A - 186.31 GiB - 2 partitions
    \PARTITION0 (bootable) - Installable File System - 172.29 GiB - F:
    \PARTITION1 - Extended w/Extended Int 13 - 14.02 GiB - G:
    [URL="file://\\.\PHYSICALDRIVE0"]\\.\PHYSICALDRIVE0[/URL] - ST3320620AS - 298.09 GiB - 1 partition
    \PARTITION0 (bootable) - Installable File System - 298.08 GiB - C:

    -- Security Center
    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.
    AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)
    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
    "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
    "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
    "C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\\Documents and Settings\\Edwin T\\Desktop\\Downloads\\WoW-BurningCrusade-Trial-enUS-Installer-downloader.exe"="C:\\Documents and Settings\\Edwin T\\Desktop\\Downloads\\WoW-BurningCrusade-Trial-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

    -- Environment Variables
    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Edwin T\Application Data
    CLASSPATH=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=EDWIN
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Edwin T
    LOGONSERVER=\\EDWIN
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ahead\Lib\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0604
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\EDWINT~1\LOCALS~1\Temp
    TMP=C:\DOCUME~1\EDWINT~1\LOCALS~1\Temp
    USERDOMAIN=EDWIN
    USERNAME=Edwin T
    USERPROFILE=C:\Documents and Settings\Edwin T
    windir=C:\WINDOWS

    -- User Profiles
    Edwin T (admin)

    -- Add/Remove Programs
    --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    --> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    --> C:\WINDOWS\UNRecode.exe /UNINSTALL
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21B6F79B-2286-4BB0-B1E3-BA6B9498D110}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
    Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
    AIM 6 --> C:\Program Files\AIM6\uninst.exe
    Apple Mobile Device Support --> MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
    Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
    ArcSoft PhotoImpression --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C5D7191-140A-11D6-B5A0-0050DA208A93}\SETUP.EXE" -l0x9 -uninst
    Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
    Armored Fist 3 Demo --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NovaLogic\Armored Fist 3 Demo\Uninst.isu"
    Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
    Comanche 4 Demo --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NovaLogic\Comanche 4 Demo\Uninst.isu"
    Delta Force Land Warrior Demo --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NovaLogic\Delta Force Land Warrior Demo\Uninst.isu"
    EPSON Copy Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG
    EPSON EIC CX5400 --> C:\Program Files\epson\epic\cx5400_e\uninstall.exe
    EPSON Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22901BB7-2C57-409E-AF2F-56FFFEA41116}\setup.exe" -l0x9 MyUninstall
    EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
    EPSON Scan --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\SETUP.EXE" -l0x9 UNINSTALL
    EPSON Smart Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x9 Uninstall
    ESET NOD32 Antivirus --> MsiExec.exe /I{86A6E235-C08F-4A14-B14C-793C7D8844A0}
    F-16 Demo --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NovaLogic\F-16 Demo\Uninst.isu"
    getPlus(R)_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
    High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe"
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    iTunes --> MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
    Java(TM) 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    K-Lite Codec Pack 3.8.0 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
    LimeWire PRO 4.17.3 --> "C:\Program Files\LimeWire\uninstall.exe"
    Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
    Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
    Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
    Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
    Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
    Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
    Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
    Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
    Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mozilla Firefox (2.0.0.15) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
    MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
    Nero 7 Ultra Edition --> MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1033}
    neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
    NVIDIA WDM Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\setup.exe"
    Opera 9.26 --> MsiExec.exe /X{FB706A00-C234-4716-AB1F-27DCB192C664}
    PC Wizard 2008.1.84 --> "C:\Program Files\PC Wizard 2008\unins000.exe"
    QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
    RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
    Safari --> MsiExec.exe /X{0CD7D421-C850-4271-8533-0269A3D39FAA}
    ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
    Seagate DiscWizard --> MsiExec.exe /X{81A60A13-224D-4637-8203-3EAC03B121A4}
    Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
    Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
    Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
    Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
    Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
    Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
    Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
    Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
    Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
    Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}
    VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
    Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
    VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
    Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
    Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
    WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
    World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

    -- Application Event Log
    Event Record #/Type837 / Error
    Event Submitted/Written: 07/13/2008 05:28:14 PM
    Event ID/Source: 2001 / Microsoft Office 12
    Event Description:
    Rejected Safe Mode action : Microsoft Office Outlook.
    Event Record #/Type829 / Warning
    Event Submitted/Written: 07/13/2008 03:34:18 AM
    Event ID/Source: 1001 / MsiInstaller
    Event Description:
    Detection of product '{EF6C4600-306D-4F6A-A119-C2A877D25B4A}', feature 'iTunes' failed during request for component '{E8A1D3E2-F5D3-4B24-AB93-52F7E602A235}'
    Event Record #/Type828 / Warning
    Event Submitted/Written: 07/13/2008 03:34:18 AM
    Event ID/Source: 1004 / MsiInstaller
    Event Description:
    Detection of product '{EF6C4600-306D-4F6A-A119-C2A877D25B4A}', feature 'iTunes', component '{5D37BFC3-C304-42CA-AB05-49F530EF64EC}' failed. The resource 'C:\Program Files\iTunes\ITDetector.ocx' does not exist.
    Event Record #/Type796 / Error
    Event Submitted/Written: 07/10/2008 10:20:16 PM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application winamp.exe, version 5.5.2.1800, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
    Event Record #/Type795 / Error
    Event Submitted/Written: 07/11/2008 01:53:54 AM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application wmplayer.exe, version 10.0.0.3646, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    -- Security Event Log
    No Errors/Warnings found.

    -- System Event Log
    Event Record #/Type5620 / Error
    Event Submitted/Written: 07/16/2008 00:47:36 AM
    Event ID/Source: 7901 / Schedule
    Event Description:
    The At25.job command failed to start due to the following error:
    %%2147942405
    Event Record #/Type5616 / Error
    Event Submitted/Written: 07/15/2008 11:00:00 PM
    Event ID/Source: 7901 / Schedule
    Event Description:
    The At48.job command failed to start due to the following error:
    %%2147942405
    Event Record #/Type5615 / Error
    Event Submitted/Written: 07/15/2008 11:00:00 PM
    Event ID/Source: 7901 / Schedule
    Event Description:
    The At24.job command failed to start due to the following error:
    %%2147942405
    Event Record #/Type5614 / Error
    Event Submitted/Written: 07/15/2008 10:00:00 PM
    Event ID/Source: 7901 / Schedule
    Event Description:
    The At47.job command failed to start due to the following error:
    %%2147942405
    Event Record #/Type5613 / Error
    Event Submitted/Written: 07/15/2008 10:00:00 PM
    Event ID/Source: 7901 / Schedule
    Event Description:
    The At23.job command failed to start due to the following error:
    %%2147942405

    -- End of Deckard's System Scanner: finished at 2008-07-16 00:53:54
  • TroganTrogan London, UK
    edited July 2008
    I can't see any problems with in there.

    Please visit this webpage for download links, and instructions for running ComboFix:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix


    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    Once installed, you should see a blue screen prompt that says:

    The Recovery Console was successfully installed.

    Please continue as follows:
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    2. Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New HijackThis log.
  • SweepeRSweepeR
    edited July 2008
    Hey ill be running this in a few hours to complete it but I noticed something, running Opera for example as my browser i ahev ZERO problems, running IE i have SO MUCH LAG its rediculous. I dono if IE might be a cause.
  • SweepeRSweepeR
    edited July 2008
    hey i wont be able to get this report in until sunday or monday. jsut a heads up. thx.
  • TroganTrogan London, UK
    edited July 2008
    OK!
  • SweepeRSweepeR
    edited July 2008
    ComboFix 08-07-21.2 - Edwin T 2008-07-22 15:31:01.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1474 [GMT -7:00]
    Running from: C:\Documents and Settings\Edwin T\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Edwin T\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    * Created a new restore point
    .
    ((((((((((((((((((((((((( Files Created from 2008-06-22 to 2008-07-22 )))))))))))))))))))))))))))))))
    .
    2008-07-15 17:52 . 2008-07-15 17:52 <DIR> d
    C:\Deckard
    2008-07-12 18:36 . 2008-07-12 18:36 <DIR> d
    C:\Program Files\iPod
    2008-07-12 18:19 . 2008-07-12 18:19 <DIR> d
    C:\Program Files\Apple Software Update
    2008-07-11 00:31 . 2008-06-10 02:32 73,728 --a
    C:\WINDOWS\system32\javacpl.cpl
    2008-07-11 00:26 . 2008-07-11 00:26 <DIR> d
    C:\Program Files\Common Files\Java
    2008-07-10 10:55 . 2008-07-10 10:55 <DIR> d
    C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-10 10:55 . 2008-07-10 10:55 <DIR> d
    C:\Documents and Settings\Edwin T\Application Data\Malwarebytes
    2008-07-10 10:55 . 2008-07-10 10:55 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-10 10:55 . 2008-07-07 17:35 34,296 --a
    C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-07-10 10:55 . 2008-07-07 17:35 17,144 --a
    C:\WINDOWS\system32\drivers\mbam.sys
    2008-07-08 17:47 . 2008-07-08 17:47 <DIR> d
    C:\Program Files\Trend Micro
    2008-07-08 13:53 . 2008-07-08 13:53 <DIR> d
    C:\Program Files\Ventrilo
    2008-07-08 13:53 . 2008-07-08 13:54 <DIR> d
    C:\Documents and Settings\Edwin T\Application Data\Ventrilo
    2008-07-08 13:52 . 2008-07-08 13:52 <DIR> d
    C:\Program Files\Common Files\Wise Installation Wizard
    2008-06-27 13:14 . 2008-06-27 13:14 <DIR> d
    C:\Program Files\ESET
    2008-06-27 13:14 . 2008-06-27 13:14 <DIR> d
    C:\Documents and Settings\All Users\Application Data\ESET
    2008-06-27 09:34 . 2008-06-27 09:34 <DIR> d
    C:\Webroot
    2008-06-26 17:17 . 2008-06-26 17:22 <DIR> d
    C:\Documents and Settings\Edwin T\.housecall6.6
    2008-06-26 12:11 . 2008-06-26 12:11 <DIR> d
    C:\Program Files\AVG
    2008-06-26 12:11 . 2008-06-27 12:46 <DIR> d
    C:\Documents and Settings\All Users\Application Data\avg8
    2008-06-26 09:28 . 2008-06-26 09:28 0 --a
    C:\WINDOWS\system32\7a827Ytv.exe.a_a
    2008-06-24 23:33 . 2008-06-24 23:33 0 --a
    C:\WINDOWS\system32\o845LW6B.exe.a_a
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-17 08:50
    d
    w C:\Program Files\Opera
    2008-07-15 22:04
    d
    w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-07-14 23:56
    d
    w C:\Documents and Settings\Edwin T\Application Data\LimeWire
    2008-07-13 10:37
    d
    w C:\Program Files\iTunes
    2008-07-13 10:33
    d
    w C:\Program Files\QuickTime
    2008-07-11 07:28
    d
    w C:\Program Files\Java
    2008-07-11 05:30
    d
    w C:\Documents and Settings\Edwin T\Application Data\ICAClient
    2008-07-10 16:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
    2008-07-08 20:49
    d
    w C:\Program Files\World of Warcraft
    2008-06-27 14:25
    d
    w C:\Program Files\LimeWire
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-13 13:10 272,128
    w C:\WINDOWS\system32\drivers\bthport.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-19 22:24 1169744]
    "AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-19 22:38 1945688]
    "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-19 22:29 149024]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-23 18:03 7618560]
    "itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 18:08 813912]
    "IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 13:01 1037736]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-17 17:16 185896]
    "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
    "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
    "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 21:56 5367664]
    "SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2006-06-27 23:54 16248320 C:\WINDOWS\RTHDCPL.EXE]
    "nwiz"="nwiz.exe" [2006-08-23 18:03 1519616 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="NvMCTray.dll" [2006-08-23 18:03 86016 C:\WINDOWS\system32\nvmctray.dll]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12"= yv12vfw.dll
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX5400]
    --a
    2003-05-26 20:00 99840 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2G1.EXE
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a
    2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Ares\\Ares.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\AIM6\\aim6.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Documents and Settings\\Edwin T\\Desktop\\Downloads\\WoW-BurningCrusade-Trial-enUS-Installer-downloader.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-07-17 05:08:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-07-22 16:00:00 C:\WINDOWS\Tasks\At10.job"
    - C:\WINDOWS\system32\o845LW6B.exe
    "2008-07-22 17:00:00 C:\WINDOWS\Tasks\At11.job"
    - C:\WINDOWS\system32\o845LW6B.exe
    "2008-07-22 18:00:00 C:\WINDOWS\Tasks\At12.job"
    - C:\WINDOWS\system32\o845LW6B.exe
    "2008-07-22 19:00:00 C:\WINDOWS\Tasks\At13.job"
    - C:\WINDOWS\system32\o845LW6B.exe
    "2008-07-22 20:00:00 C:\WINDOWS\Tasks\At14.job"
    - C:\WINDOWS\system32\o845LW6B.exe
    "2008-07-22 21:00:00 C:\WINDOWS\Tasks\At15.job"
    - C:\WINDOWS\system32\o845LW6B.exe
    "2008-07-22 22:00:00 C:\WINDOWS\Tasks\At16.job"
    - C:\WINDOWS\system32\o845LW6B.exe
    "2008-07-21 23:00:00 C:\WINDOWS\Tasks\At17.job"
    - C:\WINDOWS\system32\o845LW6B.exe
    "2008-07-22 00:00:00 C:\WINDOWS\Tasks\At18.job"
    - C:\WINDOWS\system32\o845LW6B.exe
    "2008-07-22 01:00:00 C:\WINDOWS\Tasks\At19.job"
    - C:\WINDOWS\system32\o845LW6B.exe
    "2008-07-22 08:00:00 C:\WINDOWS\Tasks\At2.job"
    - C:\WINDOWS\system32\o845LW6B.exe
    "2008-07-22 02:00:00 C:\WINDOWS\Tasks\At20.job"
    - C:\WINDOWS\system32\o845LW6B.exe
    "2008-07-22 03:00:00 C:\WINDOWS\Tasks\At21.job"
    - C:\WINDOWS\system32\o845LW6B.exe
    "2008-07-22 04:00:00 C:\WINDOWS\Tasks\At22.job"
    - C:\WINDOWS\system32\o845LW6B.exe
    "2008-07-22 05:00:00 C:\WINDOWS\Tasks\At23.job"
    - C:\WINDOWS\system32\o845LW6B.exe
    "2008-07-22 06:00:00 C:\WINDOWS\Tasks\At24.job"
    - C:\WINDOWS\system32\o845LW6B.exe
    "2008-07-22 07:47:00 C:\WINDOWS\Tasks\At25.job"
    - C:\WINDOWS\system32\7a827Ytv.exe
    "2008-07-22 08:00:00 C:\WINDOWS\Tasks\At26.job"
    - C:\WINDOWS\system32\7a827Ytv.exe
    "2008-07-22 09:00:00 C:\WINDOWS\Tasks\At27.job"
    - C:\WINDOWS\system32\7a827Ytv.exe
    "2008-07-22 10:00:00 C:\WINDOWS\Tasks\At28.job"
    - C:\WINDOWS\system32\7a827Ytv.exe
    "2008-07-22 11:00:00 C:\WINDOWS\Tasks\At29.job"
    - C:\WINDOWS\system32\7a827Ytv.exe
    "2008-07-22 09:00:00 C:\WINDOWS\Tasks\At3.job"
    - C:\WINDOWS\system32\o845LW6B.exe
    "2008-07-22 12:00:00 C:\WINDOWS\Tasks\At30.job"
    - C:\WINDOWS\system32\7a827Ytv.exe
    "2008-07-22 13:00:00 C:\WINDOWS\Tasks\At31.job"
    - C:\WINDOWS\system32\7a827Ytv.exe
    "2008-07-22 14:00:00 C:\WINDOWS\Tasks\At32.job"
    - C:\WINDOWS\system32\7a827Ytv.exe
    "2008-07-22 15:00:00 C:\WINDOWS\Tasks\At33.job"
    - C:\WINDOWS\system32\7a827Ytv.exe
    "2008-07-22 16:00:00 C:\WINDOWS\Tasks\At34.job"
    - C:\WINDOWS\system32\7a827Ytv.exe
    "2008-07-22 17:00:00 C:\WINDOWS\Tasks\At35.job"
    - C:\WINDOWS\system32\7a827Ytv.exe
    "2008-07-22 18:00:00 C:\WINDOWS\Tasks\At36.job"
    - C:\WINDOWS\system32\7a827Ytv.exe
    "2008-07-22 19:00:00 C:\WINDOWS\Tasks\At37.job"
    - C:\WINDOWS\system32\7a827Ytv.exe
    "2008-07-22 20:00:00 C:\WINDOWS\Tasks\At38.job"
    - C:\WINDOWS\system32\7a827Ytv.exe
    "2008-07-22 21:00:00 C:\WINDOWS\Tasks\At39.job"
    - C:\WINDOWS\system32\7a827Ytv.exe
    "2008-07-22 10:00:00 C:\WINDOWS\Tasks\At4.job"
    - C:\WINDOWS\system32\o845LW6B.exe
    "2008-07-22 22:00:00 C:\WINDOWS\Tasks\At40.job"
    - C:\WINDOWS\system32\7a827Ytv.exe
    "2008-07-21 23:00:00 C:\WINDOWS\Tasks\At41.job"
    - C:\WINDOWS\system32\7a827Ytv.exe
    "2008-07-22 00:00:00 C:\WINDOWS\Tasks\At42.job"
    - C:\WINDOWS\system32\7a827Ytv.exe
    "2008-07-22 01:00:00 C:\WINDOWS\Tasks\At43.job"
    - C:\WINDOWS\system32\7a827Ytv.exe
    "2008-07-22 02:00:00 C:\WINDOWS\Tasks\At44.job"
    - C:\WINDOWS\system32\7a827Ytv.exe
    "2008-07-22 03:00:00 C:\WINDOWS\Tasks\At45.job"
    - C:\WINDOWS\system32\7a827Ytv.exe
    "2008-07-22 04:00:00 C:\WINDOWS\Tasks\At46.job"
    - C:\WINDOWS\system32\7a827Ytv.exe
    "2008-07-22 05:00:00 C:\WINDOWS\Tasks\At47.job"
    - C:\WINDOWS\system32\7a827Ytv.exe
    "2008-07-22 06:00:00 C:\WINDOWS\Tasks\At48.job"
    - C:\WINDOWS\system32\7a827Ytv.exe
    "2008-07-22 11:00:00 C:\WINDOWS\Tasks\At5.job"
    - C:\WINDOWS\system32\o845LW6B.exe
    "2008-07-22 12:00:00 C:\WINDOWS\Tasks\At6.job"
    - C:\WINDOWS\system32\o845LW6B.exe
    "2008-07-22 13:00:00 C:\WINDOWS\Tasks\At7.job"
    - C:\WINDOWS\system32\o845LW6B.exe
    "2008-07-22 14:00:00 C:\WINDOWS\Tasks\At8.job"
    - C:\WINDOWS\system32\o845LW6B.exe
    "2008-07-22 15:00:00 C:\WINDOWS\Tasks\At9.job"
    - C:\WINDOWS\system32\o845LW6B.exe
    .
    - - - - ORPHANS REMOVED - - - -
    HKCU-Run-Aim6 - (no file)
    Notify-WgaLogon - (no file)

    .
    Supplementary Scan
    .
    R1 -: HKCU-Internet Settings,ProxyOverride = *.local
    O16 -: DirectAnimation Java Classes - [URL]file://C:\WINDOWS\Java\classes\dajava.cab[/URL]
    C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
    O16 -: Microsoft XML Parser for Java - [URL]file://C:\WINDOWS\Java\classes\xmldso.cab[/URL]
    C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

    **************************************************************************
    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-22 15:42:44
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    Other Running Processes
    .
    C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Webroot\Spy Sweeper\ssu.exe
    .
    **************************************************************************
    .
    Completion time: 2008-07-22 15:51:03 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-07-22 22:50:52
    ComboFix2.txt 2007-12-21 09:11:24
    ComboFix3.txt 2007-12-18 18:14:46
    Pre-Run: 182,552,535,040 bytes free
    Post-Run: 184,246,128,640 bytes free
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    253 --- E O F --- 2008-07-15 22:04:14
  • SweepeRSweepeR
    edited July 2008
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:00:12 PM, on 7/22/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
    C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [DiscWizardMonitor.exe] "C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe"
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe"
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204188025250
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    --
    End of file - 7974 bytes
  • TroganTrogan London, UK
    edited July 2008
    Hi,

    Please do the following...

    1. Make sure you can view hidden files and folders:
    • Click Start.
    • Open My Computer.
    • Select the Tools menu and click Folder Options.
    • Select the View Tab.
    • Under the Hidden files and folders heading select Show hidden files and folders.
    • Click OK.

    2. Find and delete the following files in RED

    C:\WINDOWS\system32\7a827Ytv.exe.a_a
    C:\WINDOWS\system32\o845LW6B.exe.a_a

    Note: the ".a_a" extention may not show.

    Please let me know what problems are still present.
  • SweepeRSweepeR
    edited July 2008
    i deleted those 2 files but evre since i ran the stupid combofix my comp shuts down into tha tblue screen saying 'dumping physical memory delete w/e u last installed etc etc etc crap" its driving me crazy. I lost 6 pages of work I had on here cuz of it. then when i restart it gives me the option to restart in XP or load in recovery consol eor some **** like that so I am pretty sure that combo fix with the recovery system crap i had to d/l and put into combo fix is whats causing this issue.
  • SweepeRSweepeR
    edited July 2008
    ok for some reason the places that i use to log in with PW and username they clear out and i have to retype it but it happens once. so i dono if someones hackin into my computer n tryin to get my info cuz i have to retype it or what. cuz yest randomly i had a ! mark inside at riangle saying my computer is having conflicts with the network and someone else.
  • TroganTrogan London, UK
    edited July 2008
    Hi,
    ok for some reason the places that i use to log in with PW and username they clear out and i have to retype it but it happens once. so i dono if someones hackin into my computer n tryin to get my info cuz i have to retype it or what. cuz yest randomly i had a ! mark inside at riangle saying my computer is having conflicts with the network and someone else.
    Looking at the logs shows no signs of malware. I believe this can happen if you haven't visited a website for a certain period. It is highly unlikely that someone is "hacking" your accounts.

    Regarding what you said earlier...
    ok i tried the boot with my main HD and it still gives that blue error screen. but for some reasong im still running off my main HD desktop and files etc not my slaves. whats the issue there?
    Is it correcting in saying you are booting from the Operating System on your second drive but it is using the Operating System on the main drive for your user profile?

    Since the main hard drive is causing problems that seem unrelated to malware, it is worth trying to do a repair install not a Format. This will not delete your data, but you will have to download all the updates from Microsoft. Let me know if you would like to do this.
  • SweepeRSweepeR
    edited July 2008
    Trogan wrote:
    Hi,
    Looking at the logs shows no signs of malware. I believe this can happen if you haven't visited a website for a certain period. It is highly unlikely that someone is "hacking" your accounts.

    Regarding what you said earlier...
    Is it correcting in saying you are booting from the Operating System on your second drive but it is using the Operating System on the main drive for your user profile?

    Since the main hard drive is causing problems that seem unrelated to malware, it is worth trying to do a repair install not a Format. This will not delete your data, but you will have to download all the updates from Microsoft. Let me know if you would like to do this.


    I didnt understand ur question....(the one in bold i just put).

    So the repair wont delete anything but all i will need to do is reinstall updates? which updates do u mean? I think its a good idea to go ahead and try that i guess.
  • TroganTrogan London, UK
    edited July 2008
    You will need a Windows XP CD...

    Follow these instructions
    http://www.michaelstevenstech.com/XPrepairinstall.htm
  • SweepeRSweepeR
    edited July 2008
    ok i have been using my comp the past few days to see how its going and its doing a lot better so to say but that blue screen still comes up durng the computer is running sayiing dumping physical memory or w/e check new hardware or programs recently installed. it happened ever since that combofix was ran wiht that recovery tool that we had to drag into it. thast the oony problem at hte moment.
  • Your-Amish-DaddyYour-Amish-Daddy The heart of Texas
    edited July 2008
    That bluescreen is the OS telling you something is wrong. Try posting what that screen says for once.
  • SweepeRSweepeR
    edited August 2008
    yea i know its telling me something is wrong thats obvious. ill post it the second i see it comes up.
  • VekaVeka Finland
    edited September 2008
    This topic is now closed due to inactivity. If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.

    If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

    If you are not the user who started this thread, you must start your own Thread instead :)
  • SweepeRSweepeR
    edited September 2008
    ok is there a way we can get this issue rsolved regarding why the computer out of no where goes into the blue screen?

    It says has to dump physical memory than counts from 1 to w/e amount it goes up to and it says TOOLS somethign something error. Ill write it down next time it happens but its the same thing ive been saying for a while now.
  • SweepeRSweepeR
    edited September 2008
    btw I deleted one of my anti virus porgrams and i went ot install kaspersky yesturday and it said remove AVG before installing. i checked there is no AVG i even checked with Mic Instlal clean up. doesnt exist. wtf is this about?
  • SweepeRSweepeR
    edited September 2008
    ok here is the error I got,

    An attempt was made to write to read only memory.

    technical info, Stop: 0x000000BE, (0xB5D12A65, 0x16087121, 0xF78A2DE8, 0x00000000A

    RTKHDAud.sys
    Address D5d12A65
    base at B5B3C000
    Date Stamp: 44a23cee

    Dumping physical Memory..... (it starts to count from 1 to up at this point)
Sign In or Register to comment.