Jump to content
Sign in to follow this  
speedjunkie

explorer.exe help(Moved to HJT forum)

Recommended Posts

Well, I finally registered here hoping for some help. My 'puter has had an ongoing intermittent issue with the explorer.exe file. Normally on startup it's fine, but after 1/2 to 1 hour, the application is pinging off the chart! I've run AVG, AdAware, Spybot, Disk MD, and Optimizer 2 with no success. I just pulled a HijackThis download. I hope this reveals something. I'm also hoping I'm attaching this correctly. Any and all help would be MUCH appreciated! Thanks in advance!!

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:43:45 AM, on 5/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://centralkansas.cox.net/cci/home

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://centralkansas.cox.net/cci/home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://centralkansas.cox.net/cci/home

O14 - IERESET.INF: MS_START_PAGE_URL=http://centralkansas.cox.net/cci/home

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...w.viewpoint.com

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/ghostfrenzy/sis/axhost.cab

O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

 

--

End of file - 8060 bytes

Share this post


Link to post
Share on other sites

Hi and welcome

 

 

Not finding anything in your log so we need to dig a little bit deeper.

 

 

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

[*]Close all applications and windows.

[*]Double-click on dss.exe to run it, and follow the prompts.

[*]When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized

Use Save As to save both Notepad files to your Desktop and post them in your next reply.

Note:A copy of these files can be found in you root drive, usually C:\Deckard\System Scanner\

 

Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

 

 

Reply back with your DSS log

Share this post


Link to post
Share on other sites

Sorry about posting in the wrong area. Here's the DSS logs.

 

Main:

Deckard's System Scanner v20071014.68

Run by Mike on 2008-05-01 14:13:42

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- System Restore --------------------------------------------------------------

 

Successfully created a Deckard's System Scanner Restore Point.

 

 

-- Last 5 Restore Point(s) --

6: 2008-05-01 19:14:10 UTC - RP579 - Deckard's System Scanner Restore Point

5: 2008-04-29 00:55:35 UTC - RP578 - System Checkpoint

4: 2008-04-14 01:33:22 UTC - RP577 - Software Distribution Service 3.0

3: 2008-04-14 00:50:38 UTC - RP576 - System Checkpoint

2: 2008-04-11 16:17:11 UTC - RP575 - System Checkpoint

 

 

-- First Restore Point --

1: 2008-04-10 14:22:58 UTC - RP574 - Installed Java 6 Update 5

 

 

Backed up registry hives.

Performed disk cleanup.

 

 

 

-- HijackThis (run as Mike.exe) ------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:21:41 PM, on 5/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Mike\Desktop\dss.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\Mike.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://centralkansas.cox.net/cci/home

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://centralkansas.cox.net/cci/home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://centralkansas.cox.net/cci/home

O14 - IERESET.INF: MS_START_PAGE_URL=http://centralkansas.cox.net/cci/home

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...w.viewpoint.com

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/ghostfrenzy/sis/axhost.cab

O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

 

--

End of file - 8043 bytes

 

-- File Associations -----------------------------------------------------------

 

All associations okay.

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

 

S3 AL_ADSFilter (AL_ADSFilter - (Aluria Filter Driver)) - c:\windows\system32\drivers\al_adsfilter.sys (file missing)

S3 cmuda (C-Media WDM Audio Interface) - c:\windows\system32\drivers\cmuda.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>

S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>

S3 JL2005C (Dual Mode Camera) - c:\windows\system32\drivers\jl2005c.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

 

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe

 

 

-- Device Manager: Disabled ----------------------------------------------------

 

No disabled devices found.

 

 

-- Scheduled Tasks -------------------------------------------------------------

 

2008-03-31 14:48:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2008-02-27 21:56:10 342 --a------ C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#hp psc 2400 series#1138416599.job

 

 

-- Files created between 2008-04-01 and 2008-05-01 -----------------------------

 

2008-05-01 08:43:19 0 d-------- C:\Program Files\Trend Micro

2008-04-09 23:02:50 0 d-------- C:\Program Files\QuickTime

 

 

-- Find3M Report ---------------------------------------------------------------

 

2008-05-01 08:33:17 0 d-------- C:\Documents and Settings\Mike\Application Data\AVG7

2008-04-29 21:29:17 0 d-------- C:\Program Files\Microsoft Silverlight

2008-04-10 10:05:45 0 d-------- C:\Program Files\iTunes

2008-04-10 10:05:34 0 d-------- C:\Program Files\iPod

2008-04-10 09:24:14 0 d-------- C:\Program Files\Java

2008-03-31 08:15:21 0 d-------- C:\Program Files\Common Files

2008-03-31 08:15:21 0 d-------- C:\Program Files\Common Files\eSellerate

2008-03-31 08:15:13 0 d-------- C:\Program Files\iPod To Computer Transfer

2008-03-30 17:23:32 0 d-------- C:\Program Files\Bonjour

2008-03-30 17:21:50 0 d-------- C:\Program Files\Apple Software Update

2008-03-30 17:21:22 0 d-------- C:\Program Files\Common Files\Apple

2008-03-30 17:07:42 0 d-------- C:\Documents and Settings\Mike\Application Data\Apple Computer

2008-03-25 19:40:05 548 --a------ C:\WINDOWS\eReg.dat

2008-03-25 00:28:45 0 d-------- C:\Program Files\PCPitstop

2008-03-15 12:11:33 0 d-------- C:\Program Files\JumpStart World

2008-03-15 11:54:31 0 d--h----- C:\Program Files\InstallShield Installation Information

2008-03-05 11:16:47 0 d-------- C:\Program Files\Common Files\Adobe

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Cmaudio"="cmicnfg.cpl" []

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/01/2006 05:22 PM]

"nwiz"="nwiz.exe" [06/01/2006 05:22 PM C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [06/01/2006 05:22 PM]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/15/2008 08:25 PM]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 04:40 PM]

"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

 

C:\Documents and Settings\Mike\Start Menu\Programs\Startup\

PowerReg Scheduler.exe [7/29/2007 9:28:49 PM]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe [6/2/2006 5:29:26 AM]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk

backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk

backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]

RunDll32 cmicnfg.cpl,CMICtrlWnd

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]

dxdllreg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

"C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

SOUNDMAN.EXE

 

 

 

 

-- Hosts -----------------------------------------------------------------------

 

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

 

8025 more entries in hosts file.

 

 

-- End of Deckard's System Scanner: finished at 2008-05-01 14:33:02 ------------

 

Extra:

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

 

-- System Information ----------------------------------------------------------

 

Microsoft Windows XP Home Edition (build 2600) SP 2.0

Architecture: X86; Language: English

 

CPU 0: AMD Athlon XP 2000+

Percentage of Memory in Use: 27%

Physical Memory (total/avail): 2047.49 MiB / 1481.29 MiB

Pagefile Memory (total/avail): 2666.23 MiB / 2232.73 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1935.86 MiB

 

A: is Removable (No Media)

C: is Fixed (NTFS) - 37.26 GiB total, 15.17 GiB free.

D: is CDROM (No Media)

E: is CDROM (No Media)

H: is Removable (No Media)

 

\\.\PHYSICALDRIVE0 - WDC WD400JB-00ENA0 - 37.27 GiB - 1 partition

\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:

 

\\.\PHYSICALDRIVE1 - HP psc 2410 USB Device

 

 

 

-- Security Center -------------------------------------------------------------

 

AUOptions is scheduled to auto-install.

Windows Internal Firewall is enabled.

 

FirstRunDisabled is set.

 

AV: Authentium Antivirus v4.305 (Authentium) Disabled

AV: AVG 7.5.524 v7.5.524 (Grisoft)

 

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

 

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\backed up data\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"="C:\\backed up data\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe:*:Enabled:EasyShare"

"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"="C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe:*:Enabled:Microsoft Flight Simulator"

"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"

"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"

"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"

"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"

"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe:*:Enabled:EasyShare"

"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"

"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"

"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"

"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"

"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

 

 

-- Environment Variables -------------------------------------------------------

 

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Mike\Application Data

CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=MIKE-W

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Mike

LOGONSERVER=\\MIKE-W

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 6 Stepping 2, AuthenticAMD

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0602

ProgramFiles=C:\Program Files

PROMPT=$P$G

QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\Mike\LOCALS~1\Temp

TMP=C:\DOCUME~1\Mike\LOCALS~1\Temp

USERDOMAIN=MIKE-W

USERNAME=Mike

USERPROFILE=C:\Documents and Settings\Mike

windir=C:\WINDOWS

 

 

-- User Profiles ---------------------------------------------------------------

 

Mike (admin)

 

 

-- Add/Remove Programs ---------------------------------------------------------

 

--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL

--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL

--> C:\WINDOWS\UNRecode.exe /UNINSTALL

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG

Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}

Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}

Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}

ArcSoft Camera Suite 2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14FB1C47-B0F2-4DB6-B9C0-1A817862F9A3}\setup.exe" -l0x9

AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL

Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}

C-Media WDM Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe

Canon Camera Support Core Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{26BDE7D8-93F0-4A07-AD47-1707DB417941} /l1033

Canon Camera Window for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}

Canon MovieEdit Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DE286975-ACF1-45B8-9EF7-34E162B2C817}

Canon PhotoRecord --> MsiExec.exe /X{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}

Canon RAW Image Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}

Canon RemoteCapture Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}

Canon Utilities PhotoStitch 3.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}

Canon Utilities ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}

CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}

CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}

Comanche 4 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NovaLogic\Comanche 4\Uninst.isu"

CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}

Delta Force - Black Hawk Down --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NovaLogic\Delta Force Black Hawk Down\Uninst.isu"

ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}

ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}

ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}

ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}

ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}

ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}

ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}

ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}

ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}

ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}

essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}

essvcpt --> MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}

Garmin City Navigator North America 2008 --> MsiExec.exe /X{AA1542E6-D54D-4AB3-97E1-28DB4CEB4B90}

Garmin WebUpdater --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2FD94FBC-07AE-475C-B522-BFE899B9048E}\setup.exe" -l0x9

Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly

HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}

HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}

Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"

HP Photo & Imaging 3.1 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat

HP PSC & OfficeJet 3.0 --> "C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat

HP Software Update --> MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}

iPod for Windows 2005-10-12 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033

iPod To Computer Transfer 3.1 --> "C:\Program Files\iPod To Computer Transfer\unins000.exe"

iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}

J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}

J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}

Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

JumpStart Advanced 1st Grade --> C:\Program Files\Common Files\Knowledge Adventure\Uninstall\UnJSA1G.exe

JumpStart Art Club --> C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSArtClubUn.exe

JumpStart Music --> C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSMusicUn.exe

kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}

kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}

kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}

kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}

kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}

kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}

kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}

kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}

Kids Cam Show and Share Creativity Center --> C:\PROGRA~1\KIDSCA~1\Setup.exe /remove /q0

Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140010_2cb122a\Setup.exe /APR-REMOVE

KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}

MapSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}\Setup.exe" -l0x9 AddRemove

MapSource - City Navigator North America v6 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{38B38A94-44D7-4BA0-818C-53C40C964D97} /l1033

Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}

Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"

Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office 2000 Small Business --> MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}

Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}

Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Microsoft Works 2000 --> MsiExec.exe /I{56364334-9530-11D2-BFFC-00C04FA329AA}

Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Mike\Application Data\Move Networks\ie_bin\Uninst.exe

Nero 7 Essentials --> MsiExec.exe /I{3C814DE3-7174-4148-A3E2-43FFC4F21033}

Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}

NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI

OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}

OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}

OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}

PC Pitstop Disk MD 2.0 --> "C:\Program Files\PCPitstop\Disk MD\unins000.exe"

PC Pitstop Driver Alert 1.0 --> "C:\Program Files\PCPitstop\Driver Alert\unins000.exe"

PC Pitstop Optimize2 2.0 --> "C:\Program Files\PCPitstop\Optimize2\unins000.exe"

QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}

Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly

SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}

SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}

SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}

SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}

SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}

Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"

staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}

Superbike 2001 --> C:\WINDOWS\ISUNINST.EXE -x -f"C:\Program Files\EA Sports\Superbike 2001\Uninst.isu" -c"C:\Program Files\EA Sports\Superbike 2001\CUninst.dll"

System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe

Uninstall Dual Mode Camera --> "C:\Program Files\JL2005C\unins000.exe"

Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k

Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u

VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}

Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"

Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"

WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

 

 

-- Application Event Log -------------------------------------------------------

 

Event Record #/Type705 / Warning

Event Submitted/Written: 04/13/2008 08:37:37 PM

Event ID/Source: 40 / WinMgmt

Event Description:

WMI ADAP was unable to create the object Win32_PerfRawData_ASPNET_2050727_ASPNETAppsv2050727 for Performance Library ASP.NET_2.0.50727 because error 0x80041001 was returned

 

Event Record #/Type704 / Warning

Event Submitted/Written: 04/13/2008 08:37:37 PM

Event ID/Source: 35 / WinMgmt

Event Description:

WMI ADAP was unable to load the ASP.NET_2.0.50727 performance library because it returned invalid data: 0x0

 

Event Record #/Type703 / Warning

Event Submitted/Written: 04/13/2008 08:37:37 PM

Event ID/Source: 40 / WinMgmt

Event Description:

WMI ADAP was unable to create the object Win32_PerfRawData_ASPNET_ASPNETApplications for Performance Library ASP.NET because error 0x80041001 was returned

 

Event Record #/Type702 / Warning

Event Submitted/Written: 04/13/2008 08:37:37 PM

Event ID/Source: 35 / WinMgmt

Event Description:

WMI ADAP was unable to load the ASP.NET performance library because it returned invalid data: 0x0

 

Event Record #/Type685 / Warning

Event Submitted/Written: 04/13/2008 08:36:04 PM

Event ID/Source: 1020 / ASP.NET 2.0.50727.0

Event Description:

Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

 

 

 

-- Security Event Log ----------------------------------------------------------

 

No Errors/Warnings found.

 

 

-- System Event Log ------------------------------------------------------------

 

Event Record #/Type4425 / Error

Event Submitted/Written: 04/30/2008 02:00:49 PM

Event ID/Source: 7000 / Service Control Manager

Event Description:

The AVG7 Update Service service failed to start due to the following error:

%%1053

 

Event Record #/Type4424 / Error

Event Submitted/Written: 04/30/2008 02:00:49 PM

Event ID/Source: 7009 / Service Control Manager

Event Description:

Timeout (30000 milliseconds) waiting for the AVG7 Update Service service to connect.

 

Event Record #/Type4389 / Warning

Event Submitted/Written: 04/29/2008 03:20:11 PM

Event ID/Source: 256 / PlugPlayManager

Event Description:

Timed out sending notification of device interface change to window of "SAS window"

 

Event Record #/Type4388 / Warning

Event Submitted/Written: 04/29/2008 03:20:11 PM

Event ID/Source: 1003 / Dhcp

Event Description:

Your computer was not able to renew its address from the network (from the

DHCP Server) for the Network Card with network address 0020ED5E2EFB. The following

error occurred:

%%1223.

Your computer will continue to try and obtain an address on its own from

the network address (DHCP) server.

 

Event Record #/Type4253 / Error

Event Submitted/Written: 04/25/2008 05:16:49 PM

Event ID/Source: 7000 / Service Control Manager

Event Description:

The AVG7 Update Service service failed to start due to the following error:

%%1053

 

 

 

-- End of Deckard's System Scanner: finished at 2008-05-01 14:33:02 ------------

Share this post


Link to post
Share on other sites

Welcome back

 

My 'puter has had an ongoing intermittent issue with the explorer.exe file. Normally on startup it's fine, but after 1/2 to 1 hour, the application is pinging off the chart

Almost sounds as if something onboard is trying to update.

Reason I say this, your logs are coming back in good shape so far.

 

 

We'll dig deeper.

 

 

 

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.

Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

 

* Open Spybot Search & Destroy.

* In the Mode menu click "Advanced mode" if not already selected.

* Choose "Yes" at the Warning prompt.

* Expand the "Tools" menu.

* Click "Resident".

* Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.

* In the File menu click "Exit" to exit Spybot Search & Destroy.

 

 

 

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

This will change from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

Additional info: http://vil.nai.com/vil/content/v_137262.htm

A side note about AIM Messenger, AOL user's and Viewpoint Manager. Viewpoint is one of the graphic engines that AOL uses and it is bundled with the application. If you continue to use AIM Messenger, it would likely be reinstalled. Or if you recieve some of the AOL E-cards it may ask you to download and run this program to view and run the graphics in E-cards.

Your call

Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:

 

Viewpoint

Viewpoint Manager

Viewpoint Media Player

 

 

c:\program files\viewpoint <--delete this folder if you uninstalled.

 

 

 

Download the HostsXpert 3.7 - Hosts File Manager.

http://funkytoad.com/download/HostXpert.zip

* Unzip HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert

* Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home

* Click "Make Hosts Writable?" in the upper right corner (If available).

* Click Restore Microsoft's Hosts file and then click OK.

* Click the X to exit the program.

* Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

 

 

 

 

NEXT**

 

Go to Start > Control Panel > Internet Options

In the General tab, Temporary Internet Files, click:Delete Files

When prompted, check:Delete all offline content

You can also check: Delete Cookies (You will have to re-enter passwords at websites that require them.)

Click OK

 

Then, go to Start >Run and enter: cleanmgr

Select the drive to clean: C:\

Check the following boxes and then press OK to remove:

Temporary Files

Temporary Internet Files

RecycleBin

Agree to the prompt to perform the action...

 

 

Please download ATF Cleaner by Atribune From Here and save it to your Desktop.

Follow the instructions for the browser you use.

Read the instructions about the cookies. Delete what you do not need.

 

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Java Cache

The rest are optional - if you want to remove the lot, check "Select All".

Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program as a quick way to tidy those up as well.

When you have finished, click on the Exit button in the Main menu.

 

 

 

Please download Malwarebytes' Anti-Malware to your desktop

 

Additional Link

 

* Double-click mbam-setup.exe and follow the prompts to install the program.

* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform quick scan, then click Scan.

* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.

* You can also access the log by doing the following:

 

o Click on the Malwarebytes' Anti-Malware icon to launch the program.

o Click on the Logs tab.

o Click on the log at the bottom of those listed to highlight it.

o Click Open.

 

In your next reply, please post:

 

Malwarebytes' Anti-Malware log

new HijackThis log taken after the above scan has run

 

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Share this post


Link to post
Share on other sites

Ok, I'm running IE7, so it didn't prompt me to delete offline content. I did however delete everything in the options except for the Form Data tab. Malware was zero. So, here's the 2 logfiles you requested.

 

Malwarebytes' Anti-Malware 1.11

Database version: 707

 

Scan type: Quick Scan

Objects scanned: 33029

Time elapsed: 9 minute(s), 3 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:10:51 PM, on 5/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://centralkansas.cox.net/cci/home

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://centralkansas.cox.net/cci/home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://centralkansas.cox.net/cci/home

O14 - IERESET.INF: MS_START_PAGE_URL=http://centralkansas.cox.net/cci/home

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...w.viewpoint.com

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/ghostfrenzy/sis/axhost.cab

O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 7561 bytes

Share this post


Link to post
Share on other sites

Welcome back

 

Everything is coming back clean.

I need one more scan to confirm this.

 

 

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

 

The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

 

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

 

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

(Description: CMedia audio card system tray applet. Not necessary. Removing this entry will free up a small amount of system resources.)

 

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

(Description: Nvidia system tray applet. Not necessary. Removing this entry will free up a small amount of system resources.)

 

O4 - Startup: PowerReg Scheduler.exe

(Description: PowerREGISTER from Leadertech. Registration reminder as used by Iomega, Hasbro & Microprose - amongst others. Unnecessary. Removing this entry will free up a small amount of system resources. )

 

Now reboot your machine to set the registry

 

 

 

*Note

It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.

Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

 

Click Yes, when prompted to install its ActiveX component.

(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)

Or use Firefox with IE-Tab plugin

https://addons.mozilla.org/en-US/firefox/addon/1419

The program launches and downloads the latest definition files.

  • Once the files are downloaded click on Next
  • Click on Scan Settings and configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:Scan Archives

      Scan Mail Bases

  • Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.

There is no option to clean/disinfect, however, we need to analyze the information on the report.

Posted Image

 

Posted Image

 

 

To obtain the report:

Click on: Save Report As (above - red blinking arrow)

Next, in the Save as prompt, Save in area, select: Desktop

In the File name area, use KScan, or something similar

In Save as type, click the drop arrow and select: Text file [*.txt]

Then, click: Save

Please post the Kaspersky Online Scanner Report in your reply.

 

 

In your next reply post:

Kaspersky log

New HJT log taken after the above scans have run

 

Let me know if there has been any improvements.

 

You may need several replies to post the requested logs, otherwise they might get cut off.

Edited by Juliet

Share this post


Link to post
Share on other sites

No improvement at all. Explorer.exe file usage running from 2% to 98% and everywhere in between. Here's the Kaspersky log. Nothing major.

 

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Thursday, May 01, 2008 9:45:19 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 2/05/2008

Kaspersky Anti-Virus database records: 735152

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

A:\

C:\

D:\

E:\

H:\

 

Scan Statistics:

Total number of scanned objects: 51594

Number of viruses found: 0

Number of infected objects: 0

Number of suspicious objects: 0

Duration of the scan process: 01:07:21

 

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Mike\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Mike\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Mike\Local Settings\Temp\~DFDAD3.tmp Object is locked skipped

C:\Documents and Settings\Mike\Local Settings\Temp\~DFDADE.tmp Object is locked skipped

C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Mike\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Mike\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Kodak\Kodak EasyShare Software\bin\Catalog\EasyShare.me Object is locked skipped

C:\Program Files\Kodak\Kodak EasyShare Software\bin\Catalog\EasyShare.mm Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{2E1C0A96-6A6F-4258-B6BE-05830CF2056D}\RP579\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

 

Scan process completed.

Share this post


Link to post
Share on other sites

And the HJT log.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:46:13 PM, on 5/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://centralkansas.cox.net/cci/home

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://centralkansas.cox.net/cci/home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://centralkansas.cox.net/cci/home

O14 - IERESET.INF: MS_START_PAGE_URL=http://centralkansas.cox.net/cci/home

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...w.viewpoint.com

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/ghostfrenzy/sis/axhost.cab

O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 7530 bytes

Share this post


Link to post
Share on other sites

Please run a GMER Rootkit scan:

 

Download GMER's application from here and place it on your desktop:

http://www.gmer.net/gmer.zip

 

Unzip it and start the GMER.exe

Click the Rootkit tab and click the Scan button.

 

Once done, click the Copy button.

This will copy the results to your clipboard.

Paste the results in your next reply.

 

Warning! Do not select the "Show all" checkbox during the scan.

 

If you're having problems with running GMER.exe, try it in safe mode.

This tools works in safe mode. Other rootkitrevealers don't.

Share this post


Link to post
Share on other sites

At this moment, things are working better. Of course, I've only had the computer fired up for about 10 minutes too. But, here's the scan.

 

GMER 1.0.14.14205 - http://www.gmer.net

Rootkit scan 2008-05-02 21:33:37

Windows 5.1.2600 Service Pack 2

 

 

---- Devices - GMER 1.0.14 ----

 

AttachedDevice \FileSystem\Ntfs \Ntfs avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)

AttachedDevice \FileSystem\Fastfat \Fat avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)

 

Device \Driver\Tcpip \Device\Ip avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

Device \Driver\Tcpip \Device\Tcp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

Device \Driver\Tcpip \Device\Udp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

Device \Driver\Tcpip \Device\RawIp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

 

---- EOF - GMER 1.0.14 ----

Share this post


Link to post
Share on other sites

I think if you did a PIT test, and posted the results we could see several things that would help in a diagnosis

You can run a test at PCPitStop. Please register (it's free, don't worry) with PCPitStop and run the full tests http://www.pcpitstop.com/pcpitstop/default.asp

This is an excellent diagnostics scan that may help in determining problems not related to malware. When the tests are complete, a results page will pop up. Click "Share these results with TechExpress" on the left-hand side. Then copy the URL provided and post it here for me to review.

A tutorial here

http://www.pcpitstop.com/techexpress/howto1.asp

Share this post


Link to post
Share on other sites

Also let's do this

 

Please download Process Explorer by Sysinternals and save it to your desktop:

 

 

1. Start the program by double-clicking on procexp.exe.

2. Click View on the top menu bar, and make sure Show Lower Pane is selected.

3. Again under the View menu, point to Lower Pane View, and select Dlls.

4. Now, in the upper left pane, click on the process explorer.exe.

5. When information appears in the lower pane, click File -> Save as.

6. Save explorer.exe.txt to the desktop.

 

After doing that, take a look at the processes running under explorer.exe then take a look at CPU. Take note of the process that has the highest CPU.

Share this post


Link to post
Share on other sites

Windows Explorer is the highest usage of the CPU. Pinging from about 30-90%. Here's the file.

 

 

Process PID CPU Description Company Name

System Idle Process 0 32.84

Interrupts n/a Hardware Interrupts

DPCs n/a Deferred Procedure Calls

System 4 11.94

smss.exe 552 Windows NT Session Manager Microsoft Corporation

csrss.exe 616 Client Server Runtime Process Microsoft Corporation

winlogon.exe 660 Windows NT Logon Application Microsoft Corporation

services.exe 704 1.49 Services and Controller app Microsoft Corporation

svchost.exe 868 Generic Host Process for Win32 Services Microsoft Corporation

wmiprvse.exe 3244 WMI Microsoft Corporation

svchost.exe 948 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1040 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1092 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1128 Generic Host Process for Win32 Services Microsoft Corporation

spoolsv.exe 1428 Spooler SubSystem App Microsoft Corporation

AppleMobileDeviceService.exe 1568 Apple Mobile Device Service Apple, Inc.

avgamsvr.exe 1580 AVG Alert Manager GRISOFT, s.r.o.

avgupsvc.exe 1604 AVG Update Service GRISOFT, s.r.o.

avgemc.exe 1616 AVG E-Mail Scanner GRISOFT, s.r.o.

mDNSResponder.exe 1728 Bonjour Service Apple Inc.

svchost.exe 1832 Generic Host Process for Win32 Services Microsoft Corporation

nvsvc32.exe 328 NVIDIA Driver Helper Service, Version 91.31 NVIDIA Corporation

svchost.exe 532 Generic Host Process for Win32 Services Microsoft Corporation

wmpnetwk.exe 1856 Windows Media Player Network Sharing Service Microsoft Corporation

alg.exe 1672 Application Layer Gateway Service Microsoft Corporation

lsass.exe 716 LSA Shell (Export Version) Microsoft Corporation

explorer.exe 520 52.24 Windows Explorer Microsoft Corporation

avgcc.exe 2056 AVG Control Center GRISOFT, s.r.o.

ctfmon.exe 2112 CTF Loader Microsoft Corporation

wmpnscfg.exe 2132 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation

msmsgs.exe 2144 Windows Messenger Microsoft Corporation

EasyShare.exe 2276 KODAK EasyShare Software

iexplore.exe 192 Internet Explorer Microsoft Corporation

procexp.exe 3248 1.49 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

 

Process: explorer.exe Pid: 520

 

Name Description Company Name Version

AcGenral.DLL Windows Compatibility DLL Microsoft Corporation 5.01.2600.2180

AcroIEHelper.dll Adobe PDF Helper for Internet Explorer Adobe Systems Incorporated 8.00.0000.0456

AcroIEHelper.dll Adobe PDF Helper for Internet Explorer Adobe Systems Incorporated 8.00.0000.0456

ACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.01.2600.2180

adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.01.2600.2180

ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180

appHelp.dll Application Compatibility Client Library Microsoft Corporation 5.01.2600.2180

ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000

BatMeter.dll Battery Meter Helper DLL Microsoft Corporation 6.00.2900.2180

BCGCBPRO800u.dll BCGControlBar Professional DLL BCGSoft Ltd 8.00.0000.0000

browselc.dll Shell Browser UI Library Microsoft Corporation 6.00.2900.2180

BROWSEUI.dll Shell Browser UI Library Microsoft Corporation 6.00.2900.2995

Cabinet.dll Microsoft® Cabinet File API Microsoft Corporation 5.01.2600.2180

CFGMGR32.dll Configuration Manager Forwarder DLL Microsoft Corporation 5.01.2600.2180

CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0308

comctl32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2982

comctl32.dll Common Controls Library Microsoft Corporation 5.82.2900.2982

comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.2180

COMRes.dll Microsoft Corporation 2001.12.4414.0258

credui.dll Credential Manager User Interface Microsoft Corporation 5.01.2600.2180

CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.2180

cryptnet.dll Crypto Network Related API Microsoft Corporation 5.131.2600.2180

CRYPTUI.dll Microsoft Trust UI Provider Microsoft Corporation 5.131.2600.2180

CSCDLL.dll Offline Network Agent Microsoft Corporation 5.01.2600.2180

cscui.dll Client Side Caching UI Microsoft Corporation 5.01.2600.2180

ctype.nls

davclnt.dll Web DAV Client DLL Microsoft Corporation 5.01.2600.2180

drprov.dll Microsoft Terminal Server Network Provider Microsoft Corporation 5.01.2600.2180

DUSER.dll Windows DirectUser Engine Microsoft Corporation 5.01.2600.2180

Explorer.EXE Windows Explorer Microsoft Corporation 6.00.2900.3156

faultrep.dll Windows Error Reporting Microsoft Corporation 5.01.2600.2180

GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3316

gdiplus.dll Microsoft GDI+ Microsoft Corporation 5.01.3102.2180

ieframe.dll Internet Explorer Microsoft Corporation 7.00.6000.16640

ieframe.dll.mui Internet Explorer Microsoft Corporation 7.00.6000.16414

iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 7.00.6000.16640

IMAGEHLP.dll Windows NT Image Helper Microsoft Corporation 5.01.2600.2180

IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.2180

index.dat

index.dat

index.dat

index.dat

iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2912

jsproxy.dll JScript Proxy Auto-Configuration Microsoft Corporation 7.00.6000.16640

kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.3119

LINKINFO.dll Windows Volume Tracking Microsoft Corporation 5.01.2600.2751

locale.nls

MFC71.DLL MFCDLL Shared Library - Retail Version Microsoft Corporation 7.10.3077.0000

MFC71ENU.DLL MFC Language Specific Resources Microsoft Corporation 7.10.3077.0000

MFC71U.DLL MFCDLL Shared Library - Retail Version Microsoft Corporation 7.10.3077.0000

midimap.dll Microsoft MIDI Mapper Microsoft Corporation 5.01.2600.2180

MLANG.dll Multi Language Support DLL Microsoft Corporation 6.00.2900.2180

MPR.dll Multiple Provider Router DLL Microsoft Corporation 5.01.2600.2180

MSACM32.dll Microsoft ACM Audio Filter Microsoft Corporation 5.01.2600.2180

msacm32.drv Microsoft Sound Mapper Microsoft Corporation 5.01.2600.0000

MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.2180

MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.2180

msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.2180

msi.dll Windows Installer Microsoft Corporation 3.01.4000.4039

MSIMG32.dll GDIEXT Client DLL Microsoft Corporation 5.01.2600.2180

MSVCP71.dll Microsoft® C++ Runtime Library Microsoft Corporation 7.10.3077.0000

MSVCR71.dll Microsoft® C Runtime Library Microsoft Corporation 7.10.3052.0004

MSVCR80.dll Microsoft® C Runtime Library Microsoft Corporation 8.00.50727.1433

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180

mydocs.dll My Documents Folder UI Microsoft Corporation 6.00.2900.2180

NeroDigitalExt.dll Nero Digital Shell Extension Nero AG 2.00.0000.0008

NeroSearchBar.dll Nero File Dialog Nero AG 1.02.0000.0013

NeroSearchTrayHook.dll Nero File Dialog Nero AG 1.02.0000.0013

NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2976

NETRAP.dll Net Remote Admin Protocol DLL Microsoft Corporation 5.01.2600.2180

NETSHELL.dll Network Connections Shell Microsoft Corporation 5.01.2600.2180

NETUI0.dll NT LM UI Common Code - GUI Classes Microsoft Corporation 5.01.2600.2180

NETUI1.dll NT LM UI Common Code - Networking classes Microsoft Corporation 5.01.2600.2180

Normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.00.5441.0000

ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180

ntlanman.dll Microsoft® Lan Manager Microsoft Corporation 5.01.2600.2180

ntshrui.dll Shell extensions for sharing Microsoft Corporation 5.01.2600.2180

ODBC32.dll Microsoft Data Access - ODBC Driver Manager Microsoft Corporation 3.525.1117.0000

odbcint.dll Microsoft Data Access - ODBC Resources Microsoft Corporation 3.525.1117.0000

ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2726

OLEAUT32.dll Microsoft Corporation 5.01.2600.3266

olepro32.dll Microsoft Corporation 5.01.2600.2180

PDFShell.dll PDF Shell Extension Adobe Systems, Inc. 8.01.0000.0000

PortableDeviceApi.dll Windows Portable Device API Components Microsoft Corporation 5.02.5721.5145

PortableDeviceTypes.dll Windows Portable Device (Parameter) Types Component Microsoft Corporation 5.02.5721.5145

POWRPROF.dll Power Profile Helper DLL Microsoft Corporation 6.00.2900.2180

printui.dll Print UI DLL Microsoft Corporation 5.01.2600.2180

PSAPI.DLL Process Status Helper Microsoft Corporation 5.01.2600.2180

RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.3173

rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.01.2600.2161

rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180

SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180

SDHelper.dll SBSD IE Protection Safer Networking Limited 1.05.0000.0011

Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180

SensApi.dll SENS Connectivity API DLL Microsoft Corporation 5.01.2600.2180

SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.2180

SHDOCVW.dll Shell Doc Object and Control Library Microsoft Corporation 6.00.2900.2987

SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.3241

shellstyle.dll Windows Shell Style Resource Dll Microsoft Corporation 5.01.2600.0000

shellstyle.dll Windows Shell Style Resource Dll Microsoft Corporation 5.01.2600.0000

ShimEng.dll Shim Engine DLL Microsoft Corporation 5.01.2600.2180

SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.2995

sortkey.nls

sorttbls.nls

stobject.dll Systray shell service object Microsoft Corporation 5.01.2600.2180

SXS.DLL Fusion 2.5 Microsoft Corporation 5.01.2600.3019

themeui.dll Windows Theme API Microsoft Corporation 6.00.2900.2180

unicode.nls

urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 7.00.6000.16640

urlmon.dll.mui OLE32 Extensions for Win32 Microsoft Corporation 7.00.5730.0011

usbui.dll USB UI Dll Microsoft Corporation 5.01.2600.2180

USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.3099

USERENV.dll Userenv Microsoft Corporation 5.01.2600.2180

UxTheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180

wdmaud.drv WDM Audio driver mapper Microsoft Corporation 5.01.2600.2180

webcheck.dll Web Site Monitor Microsoft Corporation 7.00.6000.16640

WINHTTP.dll Windows HTTP Services Microsoft Corporation 5.01.2600.2180

WININET.dll Internet Extensions for Win32 Microsoft Corporation 7.00.6000.16640

WINMM.dll MCI API DLL Microsoft Corporation 5.01.2600.2180

WINSPOOL.DRV Windows Spooler Driver Microsoft Corporation 5.01.2600.2180

WINSTA.dll Winstation Library Microsoft Corporation 5.01.2600.2180

WINTRUST.dll Microsoft Trust Verification APIs Microsoft Corporation 5.131.2600.2180

WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180

WPDShServiceObj.dll Windows Portable Device Shell Service Object Microsoft Corporation 5.02.5721.5145

WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180

WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180

wsock32.dll Windows Socket 32-Bit DLL Microsoft Corporation 5.01.2600.2180

WTSAPI32.dll Windows Terminal Server SDK APIs Microsoft Corporation 5.01.2600.2180

wuapi.dll Windows Update Client API Microsoft Corporation 7.00.6000.0381

xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.01.2600.2180

zipfldr.dll Compressed (zipped) Folders Microsoft Corporation 6.00.2900.2180

Share this post


Link to post
Share on other sites

The log from Process Explorer is fine.

 

let me ask a question.

Do you have Windows Automatic Updates turned on?

 

For right now if you would, let's make sure that is disabled for the time being.

 

Turn Off Automatic Updates

1. Click Start, click Run, type sysdm.cpl, and then press ENTER.

2. Click the Automatic Updates tab, and then click to select Turn off Automatic Updates.

3. Click OK.

 

You may have to reboot for this to take effect.

 

Use the computer for a while and see if this makes any difference.

 

 

Another thing we can try

 

 

Boot into Safe Mode.

 

Let it sit in safe mode for a while and see if the problem still persists there?

If it doesn't, it can mean that there's a third party program causing the hangs.

Edited by Juliet

Share this post


Link to post
Share on other sites

I let it run in Safe mode for about 1/2 hour, all perfect. Rebooted normal, as soon as I could pull up task manager, explorer.exe was bouncing up to 10%, now it's up to 25%. Now what? BTW, I haven't said it yet, but I REALLY appreciate your help!!

 

 

 

Mike

Edited by speedjunkie

Share this post


Link to post
Share on other sites

No workie with turning off the auto updates.

 

Not sure I know what your saying here?

It was already set as disabled?

I let it run in Safe mode for about 1/2 hour, all perfect.

My thoughts are.. that it's evident something loading at start up is causing this problem, it can mean that there's a third party program causing the hangs.

 

Let's take your machine down to bare bone basic start ups and see if this can do anything to the good.

 

All the thorough scanners have come back clean....

 

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

 

The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

 

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe

 

Now reboot your machine to set the registry.

 

 

AV: Authentium Antivirus v4.305 (Authentium) Disabled <-please check and make sure this application is totally disabled or remove it since you have AVG 7.5 onboard.

BTW, I haven't said it yet, but I REALLY appreciate your help!!

BTW, I haven't said it yet, your very welcome!!

 

Post back with a new HJT log...let me know if anything changes.

Share this post


Link to post
Share on other sites

QUOTE

No workie with turning off the auto updates.

 

Not sure I know what your saying here?

It was already set as disabled?

 

Just saying that when I turned off the auto updates, it had no effect on performance.

 

 

AV: Authentium Antivirus v4.305 (Authentium) Disabled <-please check and make sure this application is totally disabled or remove it since you have AVG 7.5 onboard.

 

 

What is this to be sure? I don't recognize the Authentium Antivirus. I don't think I have this, do I? I'll run the other now tho.

 

 

Mike

Share this post


Link to post
Share on other sites

Ok, deleted what you asked, no improvement.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:33:38 PM, on 5/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://centralkansas.cox.net/cci/home

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://centralkansas.cox.net/cci/home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://centralkansas.cox.net/cci/home

O14 - IERESET.INF: MS_START_PAGE_URL=http://centralkansas.cox.net/cci/home

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...w.viewpoint.com

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/ghostfrenzy/sis/axhost.cab

O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 6967 bytes

Share this post


Link to post
Share on other sites

Glad we could help

 

Below are recommendations to protect your computer.

 

Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.

 

 

Firefox 2.0 The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 2, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

 

How to prevent Malware: Created by Miekiemoes

 

Here are some additional utilities that will further enhance your safety.

# http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

 

 

Read this article 'Safe Computing Practices'.

So how did I get infected in the first place.

 

Secure My Computer: A Layered Approach

 

Strong passwords: How to create and use them

 

Slow Computer? Check here first; it may not be malware

http://www.castlecops.com/postitle175256-0-0-.html

Free Antivirus-AntiSpyware-Firewall Software

 

 

PC Safety and Security--What Do I Need?

http://www.techsupportforum.com/security-c...-do-i-need.html

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

Click here to Read Amazon Reviews!



×