Solved: slow boot-up, slow-loading applications, getting worse over time

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

twalk

Thread Starter
Joined
Mar 31, 2008
Messages
17
Hello, Tech Guy Forums!

I've got a Compaq Presario 2410 laptop running Windows XP Home Ed. (SP2) that's seen a gradual decline in performance over the past several months. Boot-up time has increased to about 5 minutes now, applications load very slowly, even alt-tabbing between two windows can take me on the order of 15 seconds. I've been running Lavasoft's Adaware compulsively, but I'm concerned that it's missing something that's causing the slowdown. I am not seeing an popup windows, but the processor seems to be working quite hard even when no programs are open.

Also, I've had a Windows Update yellow shield popping up regularly for awhile now, which is trying to install Office XP Service Pack 3, but it gets halfway through and asks for the Office XP CD, which I misplaced during my last move across the country. Office works fine (except for the overall slowdown). I have no idea if the update I can't get and the slowdown are related.

I've attached a Hijackthis log in the hope that someone here might be able to help me locate the source of my problems. I'm not literate enough to interpret everything in the log, but I do know better than to start deleting system files willy-nilly. Any help given is thoroughly appreciated!

- Tom
 

Attachments

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,281
Hiya and welcome :)

Are you still having problems? If so, can we see a fresh HijackThis log:

Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Regards

eddie
 

twalk

Thread Starter
Joined
Mar 31, 2008
Messages
17
As requested, here's a fresh HJT log. This was taken after the laptop had been on for about a day. Still seeing slow all-around performance.

Again, I'm most appreciative of any help you can give.
 

Attachments

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,281
Thanks :)

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

eddie
 

twalk

Thread Starter
Joined
Mar 31, 2008
Messages
17
Here are the results from DSS. Sorry, forum won't let me paste both files in the same reply, so I'm splitting it over two posts.

from MAIN.TXT:


Deckard's System Scanner v20071014.68
Run by Valerie Gapp on 2008-04-08 14:22:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
51: 2008-04-08 18:23:32 UTC - RP454 - Deckard's System Scanner Restore Point
50: 2008-04-06 21:59:01 UTC - RP453 - System Checkpoint
49: 2008-04-05 20:58:59 UTC - RP452 - System Checkpoint
48: 2008-04-04 19:58:59 UTC - RP451 - System Checkpoint
47: 2008-04-03 19:28:01 UTC - RP450 - System Checkpoint


-- First Restore Point --
1: 2008-01-09 08:02:27 UTC - RP404 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 223 MiB (512 MiB recommended).


-- HijackThis (run as Valerie Gapp.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:28:45 PM, on 08/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ctfmgr.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Aliant\Net Assistant\bin\mpbtn.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Documents and Settings\Valerie Gapp\Desktop\dss.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\VALERI~1\Desktop\Valerie Gapp.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.217.73.52:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavHook Object - {07D7F044-2F5F-41B2-BAA5-936814AF0163} - C:\Program Files\Pure Networks\Network Magic\nmbrhelp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ctfmgr] C:\WINDOWS\ctfmgr.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Net Assistant.lnk = C:\Program Files\Aliant\Net Assistant\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q305&bd=presario&pf=laptop
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&6&04.00.09.13&premium&unknown&http://www.flou.it/asp/simulator/Simul_objMTS.asp?LANG=eng&noreloadredir
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132582259125
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://nsprdnaaw-vip.aliant.net/wizlet/aliant/static/controls/WebflowActiveX.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12712 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>
S3 nmraapache (Pure Networks Net2Go Service) - "c:\program files\pure networks\network magic\webserver\bin\nmraapache.exe" -k runservice <Not Verified; Pure Networks, Inc.; Pure Networks Net2Go Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\754807C09F00
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\754807C09F00
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-03-10 11:16:08 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2005-11-22 16:04:18 364 -----n--- C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-03-08 and 2008-04-08 -----------------------------

Nothing created in this timespan.


-- Find3M Report ---------------------------------------------------------------

Nothing modified in this timespan.


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [11/04/2005 01:00 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [09/11/2006 02:07 PM]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [01/04/2005 06:11 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [02/02/2005 08:12 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/02/2005 08:11 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [13/10/2004 07:04 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [16/02/2007 09:54 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [28/08/2004 08:22 AM]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [29/10/2004 02:58 AM]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [03/12/2004 04:24 PM]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [17/02/2005 05:01 PM]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [14/10/2004 04:54 PM]
"Motive SmartBridge"="C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe" [16/11/2005 09:03 PM]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [30/06/2003 08:56 PM]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [30/06/2003 09:00 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [24/02/2007 04:51 PM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [08/05/2007 03:24 PM]
"ctfmgr"="C:\WINDOWS\ctfmgr.exe" [29/10/2007 03:33 AM]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [11/04/2006 10:57 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 04:00 AM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [23/02/2007 09:46 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [13/11/2006 12:39 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [31/01/2006 9:11:51 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [23/02/2007 9:46:15 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 1:01:04 AM]
Net Assistant.lnk - C:\Program Files\Aliant\Net Assistant\bin\matcli.exe [16/11/2005 9:01:01 PM]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14e191ca-84aa-11dc-9f9d-0014a51edf38}]
Auto\command- E:\MSOCache\doWTP_RESTORE.exe -autorun
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe -autorun

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a3d7a02-5774-11da-9ce5-0014a51edf38}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe uc.vbs




-- End of Deckard's System Scanner: finished at 2008-04-08 14:31:51 ------------
 

twalk

Thread Starter
Joined
Mar 31, 2008
Messages
17
Here are the contents of the other log file from the DSS scan.

from EXTRA.TXT:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Turion(tm) 64 Mobile Technology ML-30
Percentage of Memory in Use: 87%
Physical Memory (total/avail): 222.48 MiB / 28.81 MiB
Pagefile Memory (total/avail): 783.56 MiB / 356.65 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.06 MiB

C: is Fixed (NTFS) - 74.53 GiB total, 41.29 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - IC25N080ATMR04-0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Security v2005 (Symantec Corporation) Disabled
AV: Norton Internet Security v2005 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Pure Networks\\Network Magic\\nmsrvc.exe"="C:\\Program Files\\Pure Networks\\Network Magic\\nmsrvc.exe:LocalSubNet:Enabled:pure Networks Network Magic Service"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Valerie Gapp\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PRETTYCOMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Valerie Gapp
LOGONSERVER=\\PRETTYCOMPUTER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2402
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\VALERI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\VALERI~1\LOCALS~1\Temp
USERDOMAIN=PRETTYCOMPUTER
USERNAME=Valerie Gapp
USERPROFILE=C:\Documents and Settings\Valerie Gapp
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Valerie Gapp (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Aliant\NETASS~1\Uninstall.exe Aliant
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Brother HL-2070N --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{261D43D4-9C69-47DE-9FEE-7C1DC14CDC9D}\SETUP.exe" -l0x9 -removeonly /uninst
CC_ccProxyExt --> MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
ccPxyCore --> MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}
Conexant AC-Link Audio --> C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -Iqta3091.inf
Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C\HXFSETUP.EXE -U -IVEN_1002&DEV_4378&SUBSYS_3091103C
Dell Laser Printer 1110 Software Uninstall --> C:\Program Files\DELL\Dell Laser Printer 1110\Install\setup.exe /Uninstall
DivX ;-) Audio Compressor 4.02 --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\DivXAudioCompressor4.02.inf
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
eMachineShop --> C:\PROGRA~1\EMACHI~1\UNWISE.EXE C:\PROGRA~1\EMACHI~1\INSTALL.LOG
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2 --> "C:\Documents and Settings\Valerie Gapp\Desktop\HijackThis.exe" /uninstall
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Update --> MsiExec.exe /X{25F6C900-C138-4888-A56C-91D3D063023A}
HP User Guides 0001 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06ECCCF4-9295-468E-851C-9529A7C181E8}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant 1.01 A2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
IKEA Home Planner Kitchen --> C:\PROGRA~1\IKEAHO~1\UNWISE.EXE C:\PROGRA~1\IKEAHO~1\INSTALL.LOG
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
K-Lite Codec Pack 2.72 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 2.5 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech Print Service --> C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech QuickCam --> MsiExec.exe /I{26AA53D5-1307-48F9-A80F-A4D25F5849D4}
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.2) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
muvee autoProducer 4.0 - SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{534AA552-E1F1-4965-B2AA-FBDEB0730D60}\setup.exe" -l0x9
Net Assistant --> C:\WINDOWS\Motive\Aliant\MCCUninst.exe
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security --> MsiExec.exe /I{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}
Norton Internet Security --> MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Internet Security 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Norton Security Center --> MsiExec.exe /X{503AA035-41E2-4858-B31F-1E49AC66C309}
Norton WMI Update --> MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Pure Networks Network Magic --> C:\Program Files\Pure Networks\Network Magic\Uninstall.exe
Quick Launch Buttons 5.10 B2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RescuePRO --> MsiExec.exe /X{D6DE6FCA-6662-4680-A4FF-7DC2432E80DC}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{612DC38A-B36A-4699-88EB-12C7394DE2FC} /l1033
TFM Audio Filter for DirectShow --> "C:\Program Files\TFM\Audio Filter\unins000.exe"
Video mp3 Extractor --> "C:\Program Files\Video mp3 Extractor\unins000.exe"
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall
WebCam for MSN Messenger --> Rundll32.exe setupapi,InstallHinfSection DefaultUnInstall 128 C:\WINDOWS\INF\Athena.inf
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Mobile® Device Handbook --> C:\Program Files\Windows Mobile Device Handbook\Windows Mobile Device Handbook\Bin\DHUninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Zone Deluxe Games --> MsiExec.exe /I{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}


-- Application Event Log -------------------------------------------------------

Event Record #/Type5400 / Error
Event Submitted/Written: 03/31/2008 09:09:30 PM
Event ID/Source: 1024 / MsiInstaller
Event Description:
Product: Microsoft Office XP Professional with FrontPage - Update '{DA256408-A2E7-41A5-8AD6-62ACB86A0FD7}' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Event Record #/Type5399 / Error
Event Submitted/Written: 03/31/2008 09:09:25 PM
Event ID/Source: 11706 / MsiInstaller
Event Description:
Product: Microsoft Office XP Professional with FrontPage -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.

Event Record #/Type5295 / Error
Event Submitted/Written: 03/11/2008 00:46:13 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application rundll32.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type385004 / Error
Event Submitted/Written: 04/08/2008 02:10:27 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053

Event Record #/Type385003 / Error
Event Submitted/Written: 04/08/2008 02:10:26 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Event Record #/Type384981 / Warning
Event Submitted/Written: 04/04/2008 04:34:28 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type384980 / Error
Event Submitted/Written: 04/03/2008 06:20:45 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {F3A614DC-ABE0-11D2-A441-00C04F795683} did not register with DCOM within the required timeout.

Event Record #/Type384972 / Error
Event Submitted/Written: 04/03/2008 02:58:16 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Application Layer Gateway Service service failed to start due to the following error:
%%1053



-- End of Deckard's System Scanner: finished at 2008-04-08 14:31:51 ------------
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,281
Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


You are currently using HijackThis from a temporary directory, this can cause problems.
HijackThis creates backups, these are needed in case of any recovery issues.
Please create a directory on your C:\ drive called C:\HJT, download and unzip HijackThis into that directory. Run the program from that directory from now on.

STEPS For Creating Folder

  1. 1. Please go to My Computer, open your C:\ drive, Select: New >> Folder and name the folder HJT.

    2. Download HijackThis to the new folder:

    3. Double Click on 'HijackThis.zip' to extract and install HijackThis.exe to the new folder.

    4. Close ALL windows except HJT

    5. SCAN with HJT and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')

    6. POST the log in this thread using 'Add Reply' (Ctrl-V to 'paste')
Please make sure you post the entire log including the top portion:

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER

Then, post a fresh HijackThis log and the SAS log in your next reply :)

eddie
 

twalk

Thread Starter
Joined
Mar 31, 2008
Messages
17
Hi,

Here is the log from the SuperAntiSpyware scan:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/11/2008 at 05:08 PM

Application Version : 4.0.1154

Core Rules Database Version : 3436
Trace Rules Database Version: 1428

Scan type : Complete Scan
Total Scan Time : 01:09:49

Memory items scanned : 449
Memory threats detected : 0
Registry items scanned : 6045
Registry threats detected : 0
File items scanned : 70749
File threats detected : 65

Adware.Tracking Cookie
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][2].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][2].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][2].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][2].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][2].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][2].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][2].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][2].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][2].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][2].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][2].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][2].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][2].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][2].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][2].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][2].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][2].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][2].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][3].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][2].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][2].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][2].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][2].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][2].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][2].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][2].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][2].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][2].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
C:\Documents and Settings\Valerie Gapp\Cookies\[email protected][1].txt
 

twalk

Thread Starter
Joined
Mar 31, 2008
Messages
17
Hi again,

Here is the HJT log from a scan run after the SAS scan (running HJT from C:/HJT, as you suggested).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:16:01 PM, on 11/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ctfmgr.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\dialsys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Aliant\Net Assistant\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\hjt\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.217.73.52:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavHook Object - {07D7F044-2F5F-41B2-BAA5-936814AF0163} - C:\Program Files\Pure Networks\Network Magic\nmbrhelp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ctfmgr] C:\WINDOWS\ctfmgr.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Net Assistant.lnk = C:\Program Files\Aliant\Net Assistant\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q305&bd=presario&pf=laptop
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&6&04.00.09.13&premium&unknown&http://www.flou.it/asp/simulator/Simul_objMTS.asp?LANG=eng&noreloadredir
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132582259125
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://nsprdnaaw-vip.aliant.net/wizlet/aliant/static/controls/WebflowActiveX.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12853 bytes
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,281
Sorry for the late reply, was ill since Thursday, and just getting back to normal now.


Now, there are a few entries causing concern. Did you knowingly download such a program that recovers login passwords called Dialupass?

eddie
 

twalk

Thread Starter
Joined
Mar 31, 2008
Messages
17
No troubles, I was out of town this weekend anyway!

No, I don't remember knowingly downloading such a program. It's my wife's computer, though... she may have done it unknowingly, I can't be sure. What can I do to remove it?
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,281
Do you have flash or external drive on this computer?

eddie
 

twalk

Thread Starter
Joined
Mar 31, 2008
Messages
17
No, this computer doesn't have a flash or external drive. Is that a problem?
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,281
Nope, no problem at all :)


I'm attaching a MountPoints Diagnostic.zip file to this post. Save it to your desktop. Unzjip it and double click the MountPoints Diagnostic.bat file and let it run. It will create a report in Notepad named Diagnostic.txt. Please upload the Diagnostic.txt file as an attachment.

eddie
 

Attachments

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top