Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Computer Help


  • Please log in to reply
11 replies to this topic

#1 some12

some12

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 13 October 2007 - 10:57 AM

Hello this is an old slow computer i am wondering if it is just its age or something could be on.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:45 AM, on 10/13/07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\VISUAL IP INSIGHT\TDS\ARUPLD32.EXE
C:\PROGRAM FILES\VISUAL IP INSIGHT\TDS\ARMON32A.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\BDMCON.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\VSSERV.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\BDNAGENT.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE
C:\WINDOWS\QUICK SHELL.EXE
C:\MSSQL7\BINN\SCM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BitDefender Virus Shield] "C:\Program Files\Softwin\BitDefender9\vsserv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\bdnagent.exe"
O4 - HKLM\..\Run: [BitDefender Live Service] "C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe"
O4 - HKLM\..\Run: [Quick Shell] C:\WINDOWS\Quick Shell.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AccessRampLAN 01] "C:\PROGRAM FILES\VISUAL IP INSIGHT\TDS\ARUpld32.exe" -l
O4 - HKLM\..\RunServices: [AccessRampMonitor 01] "C:\PROGRAM FILES\VISUAL IP INSIGHT\TDS\ARMon32a.exe"
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [BitDefender Live! Init] "C:\Program Files\Softwin\BitDefender9\bdinit.exe"
O4 - HKLM\..\RunServices: [BitDefender Communicator] "C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe"
O4 - HKLM\..\RunServices: [BitDefender Scan Server] "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe"
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\SCANSOFT\PAPERP~1\PPWebCap.exe
O4 - HKUS\.DEFAULT\..\Run: [PPWebCap] C:\PROGRA~1\SCANSOFT\PAPERP~1\PPWebCap.exe (User 'Default user')
O4 - .DEFAULT Startup: SQL Server.lnk = C:\MSSQL7\Binn\scm.exe (User 'Default user')
O4 - .DEFAULT Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe (User 'Default user')
O4 - .DEFAULT Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe (User 'Default user')
O4 - .DEFAULT Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE (User 'Default user')
O4 - .DEFAULT Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: SQL Server.lnk = C:\MSSQL7\Binn\scm.exe
O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_13\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_13\BIN\SSV.DLL
O15 - Trusted Zone: www.nnerenmls.com
O15 - Trusted Zone: www.getoffutt.com
O16 - DPF: {C269D811-8511-44CF-B310-28CDDFFB1B74} (osi_valid.uCltValid9m) - http://www.nnerenmls.com/nne/valid/osi_valid9m.ocx
O24 - Desktop Component 0: (no name) - http://1stopcollectibles.com/pics/ucclogo.gif

--
End of file - 7481 bytes

BC AdBot (Login to Remove)

 


#2 some12

some12
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 21 October 2007 - 08:24 AM

bump i know i shouldnt do this but it has been 8 days please help

#3 some12

some12
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 24 October 2007 - 02:18 PM

been 10 plus days please help me, im reposting a new log here

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:15:21 PM, on 10/24/07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\VISUAL IP INSIGHT\TDS\ARUPLD32.EXE
C:\PROGRAM FILES\VISUAL IP INSIGHT\TDS\ARMON32A.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\BDMCON.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\VSSERV.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\BDNAGENT.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE
C:\MSSQL7\BINN\SCM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BitDefender Virus Shield] "C:\Program Files\Softwin\BitDefender9\vsserv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\bdnagent.exe"
O4 - HKLM\..\Run: [BitDefender Live Service] "C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AccessRampLAN 01] "C:\PROGRAM FILES\VISUAL IP INSIGHT\TDS\ARUpld32.exe" -l
O4 - HKLM\..\RunServices: [AccessRampMonitor 01] "C:\PROGRAM FILES\VISUAL IP INSIGHT\TDS\ARMon32a.exe"
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [BitDefender Live! Init] "C:\Program Files\Softwin\BitDefender9\bdinit.exe"
O4 - HKLM\..\RunServices: [BitDefender Communicator] "C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe"
O4 - HKLM\..\RunServices: [BitDefender Scan Server] "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe"
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\SCANSOFT\PAPERP~1\PPWebCap.exe
O4 - HKUS\.DEFAULT\..\Run: [PPWebCap] C:\PROGRA~1\SCANSOFT\PAPERP~1\PPWebCap.exe (User 'Default user')
O4 - .DEFAULT Startup: SQL Server.lnk = C:\MSSQL7\Binn\scm.exe (User 'Default user')
O4 - .DEFAULT Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe (User 'Default user')
O4 - .DEFAULT Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe (User 'Default user')
O4 - .DEFAULT Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE (User 'Default user')
O4 - .DEFAULT Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: SQL Server.lnk = C:\MSSQL7\Binn\scm.exe
O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_13\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_13\BIN\SSV.DLL
O15 - Trusted Zone: www.nnerenmls.com
O15 - Trusted Zone: www.getoffutt.com
O16 - DPF: {C269D811-8511-44CF-B310-28CDDFFB1B74} (osi_valid.uCltValid9m) - http://www.nnerenmls.com/nne/valid/osi_valid9m.ocx
O24 - Desktop Component 0: (no name) - http://1stopcollectibles.com/pics/ucclogo.gif

--
End of file - 7313 bytes

#4 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:02:55 AM

Posted 25 October 2007 - 05:59 AM

Hello some12 and welcome to BleepingComputer!

Thanks for posting a new log. Please make sure you follow all the steps found in this topic:

Preparation Guide For Use Before Posting A Hijackthis Log.

If anything was found, kindly post the results so far aswell. This will allow a better overview of the current situation.

Thanks,

Johannes

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#5 some12

some12
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 31 October 2007 - 02:16 PM

Both spybot search and destroy and Adware SE came up with nothing.

#6 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:02:55 AM

Posted 01 November 2007 - 05:25 PM

Hey Some12,

thanks for posting back. Lets see what we can do.

Step #1

It is important that you use a software firewall, to prevent unauthorised traffic both out of and into your computer.
Your log doesn't show a firewall running. If you have disabled it, please re-enable it.
If you do not have a firewall installed, please download and install one of these excellent (and free) products:If you want to have a look at the user manuals for the above suggested programs, have a look at the following:Step #2

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u3...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.
Step #3

Please download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close ALL applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post.
The logs can be quite lengthy..use two post if you need to get them all in.

Step #4

* Clean your Cache and Cookies in InternetExplorer:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Step #5

Please do an online scan with Kaspersky Webscan (You need to use InternetExplorer or enable IEView in Firefox)

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save Report as button >> name it >> chose "Text file" in the Save as type dialogue
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Step #6

Now please post back with the main.txt and the extra.txt from DSS and the report from Kaspersky Onlinescan.

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#7 some12

some12
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 01 November 2007 - 07:08 PM

Ok I had some problems:
Step 1 all went fine.
Step 2 all went fine.
Step 3 I downloaded it and it wouldn't run I think this is because I am running windows 98.
Step 4 cleaned everything went fine.
Step 5 Wouldn't scan because I am running windows 98.

So I think the main problem here is I am running windows 98.
For the heck of it I made another hjt log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:04 PM, on 11/1/07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\VISUAL IP INSIGHT\TDS\ARUPLD32.EXE
C:\PROGRAM FILES\VISUAL IP INSIGHT\TDS\ARMON32A.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\OUTPOST.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\VSSERV.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\BDNAGENT.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE
C:\MSSQL7\BINN\SCM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BitDefender Virus Shield] "C:\Program Files\Softwin\BitDefender9\vsserv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\bdnagent.exe"
O4 - HKLM\..\Run: [BitDefender Live Service] "C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe"
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AccessRampLAN 01] "C:\PROGRAM FILES\VISUAL IP INSIGHT\TDS\ARUpld32.exe" -l
O4 - HKLM\..\RunServices: [AccessRampMonitor 01] "C:\PROGRAM FILES\VISUAL IP INSIGHT\TDS\ARMon32a.exe"
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [BitDefender Live! Init] "C:\Program Files\Softwin\BitDefender9\bdinit.exe"
O4 - HKLM\..\RunServices: [BitDefender Communicator] "C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe"
O4 - HKLM\..\RunServices: [BitDefender Scan Server] "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe"
O4 - HKLM\..\RunServices: [Outpost Firewall] C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\outpost.exe /service
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\SCANSOFT\PAPERP~1\PPWebCap.exe
O4 - HKUS\.DEFAULT\..\Run: [PPWebCap] C:\PROGRA~1\SCANSOFT\PAPERP~1\PPWebCap.exe (User 'Default user')
O4 - .DEFAULT Startup: SQL Server.lnk = C:\MSSQL7\Binn\scm.exe (User 'Default user')
O4 - .DEFAULT Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe (User 'Default user')
O4 - .DEFAULT Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe (User 'Default user')
O4 - .DEFAULT Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE (User 'Default user')
O4 - .DEFAULT Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: SQL Server.lnk = C:\MSSQL7\Binn\scm.exe
O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.6.0_03\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.6.0_03\BIN\SSV.DLL
O15 - Trusted Zone: www.nnerenmls.com
O15 - Trusted Zone: www.getoffutt.com
O16 - DPF: {C269D811-8511-44CF-B310-28CDDFFB1B74} (osi_valid.uCltValid9m) - http://www.nnerenmls.com/nne/valid/osi_valid9m.ocx
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://premium1.tds.net/files/tds/onlinescanner/fscax.cab
O24 - Desktop Component 0: (no name) - http://1stopcollectibles.com/pics/ucclogo.gif

--
End of file - 7640 bytes

#8 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:02:55 AM

Posted 02 November 2007 - 02:47 AM

Hey Some12,

Thanks for posting back. Lets try the following Onlinescanner instead:

Step #1

Please go to Eset Onlinescan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
    • Click into the text area, right-click and chose "select all" (or use ctrl+a)
    • Right-click again and chose "copy" (or ctrl+c)
    • Close Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

Step #2

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Under Additional Scans on the bottom right, check the box for Reg - Disabled MS Config Items, Reg - Uninstall List.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Step #3

Please post back with the C:\Program Files\EsetOnlineScanner\log.txt from NOD32 and the information from WinPFind3.

Thanks.

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#9 some12

some12
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 06 November 2007 - 07:45 PM

WinPFind3 logfile created on: 11/6/07 6:54:25 PM
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\WINDOWS\DESKTOP\WINPFIND3U\
(Version = .)
Internet Explorer (Version = 6.0.2800.1106)

127.37 Mb Total Physical Memory | 12.49 Mb Available Physical Memory | 9.81% Memory free
1.88 Gb Paging File | 1.67 Gb Available in Paging File | 89.11% Paging File free
Paging file location(s): Reg Data - Key not found

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 12.65 Gb Total Space | 3.40 Gb Free Space | 26.86% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: W1G2W7
Current User Name: 33468
NOT logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
[Win32 Services - Non-Microsoft Only]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AtiCwd32 -> %System32%\ATICWD32.EXE -> ATI Technologies Inc. [Ver = 4.11.2559 | Size = 20992 bytes | Modified Date = 2/19/99 12:16:48 PM | Attr = ]
AtiKey -> %System32%\ATITASK.EXE -> ATI Technologies, Inc. [Ver = 4.11.2315 | Size = 190976 bytes | Modified Date = 11/11/98 3:17:04 PM | Attr = ]
AtiQiPcl -> AtiQiPcl.exe -> File not found
BDMCon -> %ProgramFiles%\Softwin\BitDefender9\bdmcon.exe -> SOFTWIN S.R.L. [Ver = 9, 0, 0, 7 | Size = 372736 bytes | Modified Date = 10/20/06 3:36:06 PM | Attr = ]
BDNewsAgent -> %ProgramFiles%\Softwin\BitDefender9\BDNAGENT.EXE -> SOFTWIN S.R.L [Ver = 1, 0, 0, 1 | Size = 9728 bytes | Modified Date = 6/9/05 11:28:54 AM | Attr = ]
BitDefender Live Service -> %CommonProgramFiles%\Softwin\BitDefender Update Service\livesrv.exe -> SOFTWIN S.R.L. [Ver = 9, 0, 0, 3 | Size = 229376 bytes | Modified Date = 3/24/06 5:10:46 PM | Attr = ]
BitDefender Virus Shield -> %ProgramFiles%\Softwin\BitDefender9\vsserv.exe -> SOFTWIN S.R.L. [Ver = 9, 0, 0, 17 | Size = 335872 bytes | Modified Date = 10/20/06 3:36:12 PM | Attr = ]
OneTouch Monitor -> %ProgramFiles%\Visioneer OneTouch\OneTouchMon.exe -> Visioneer Inc [Ver = 3, 1, 2, 20 | Size = 86016 bytes | Modified Date = 7/9/01 8:08:12 AM | Attr = ]
Outpost Firewall -> %ProgramFiles%\Agnitum\Outpost Firewall 1.0\outpost.exe -> Agnitum [Ver = 1.0.242 | Size = 78848 bytes | Modified Date = 6/14/02 4:20:36 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\evntsvc.exe -> RealNetworks, Inc. [Ver = 0.1.0.880 | Size = 146432 bytes | Modified Date = 7/18/02 2:45:46 PM | Attr = ]
< RunServices [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices ->
AccessRampLAN 01 -> %ProgramFiles%\Visual IP InSight\TDS\ARUpld32.exe -> Visual Networks [Ver = 4.3.2.69 | Size = 252416 bytes | Modified Date = 7/19/00 3:45:44 PM | Attr = ]
AccessRampMonitor 01 -> %ProgramFiles%\Visual IP InSight\TDS\ARMon32a.exe -> Visual Networks [Ver = 4.3.2.69 | Size = 71680 bytes | Modified Date = 7/19/00 3:45:44 PM | Attr = ]
BitDefender Communicator -> %CommonProgramFiles%\Softwin\BitDefender Communicator\xcommsvr.exe -> Softwin [Ver = 1, 8, 11, 0 | Size = 86016 bytes | Modified Date = 1/13/06 6:14:46 PM | Attr = ]
BitDefender Live! Init -> %ProgramFiles%\Softwin\BitDefender9\bdinit.exe -> [Ver = | Size = 32768 bytes | Modified Date = 10/22/04 3:04:54 PM | Attr = ]
BitDefender Scan Server -> %CommonProgramFiles%\Softwin\BitDefender Scan Server\bdss.exe -> [Ver = | Size = 69632 bytes | Modified Date = 10/20/06 3:35:30 PM | Attr = ]
Outpost Firewall -> %ProgramFiles%\Agnitum\Outpost Firewall 1.0\outpost.exe -> Agnitum [Ver = 1.0.242 | Size = 78848 bytes | Modified Date = 6/14/02 4:20:36 PM | Attr = ]
SAgent2ExePath -> %CommonProgramFiles%\EPSON\EBAPI\SAgent2.exe -> SEIKO EPSON CORPORATION [Ver = 2, 1, 0, 0 | Size = 90112 bytes | Modified Date = 8/9/01 2:01:00 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
PPWebCap -> %ProgramFiles%\ScanSoft\PaperPort\PPWEBCAP.EXE -> Scansoft Inc. [Ver = 7.0 | Size = 40960 bytes | Modified Date = 9/6/00 12:14:34 PM | Attr = ]
< User Startup > -> C:\WINDOWS\Start Menu\Programs\StartUp ->
%SystemRoot%\Start Menu\Programs\StartUp\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 8/6/02 2:37:50 PM | Attr = ]
%SystemRoot%\Start Menu\Programs\StartUp\Check for OneTouch Updates.lnk -> %ProgramFiles%\Visioneer OneTouch\WiseUpdt.exe -> [Ver = | Size = 166518 bytes | Modified Date = 1/10/01 11:27:56 AM | Attr = ]
%SystemRoot%\Start Menu\Programs\StartUp\EPSON Status Monitor 3 Environment Check 2.lnk -> %System32%\E_SRCV02.EXE -> SEIKO EPSON CORPORATION [Ver = 2.09 | Size = 135680 bytes | Modified Date = 8/22/01 3:09:00 AM | Attr = ]
%SystemRoot%\Start Menu\Programs\StartUp\Image Transfer.lnk -> %ProgramFiles%\Sony Corporation\Image Transfer\SonyTray.exe -> [Ver = | Size = 73728 bytes | Modified Date = 10/16/02 8:20:20 PM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
zwebauth.dll -> %System32%\ZWebAuth.dll -> [Ver = | Size = 16973 bytes | Modified Date = 9/18/01 6:37:34 PM | Attr = ]
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> •
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\ -> ->
< HOSTS File > -> ->
-> Hosts file not found ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->
HKLM: Local Page -> C:\WINDOWS\SYSTEM\blank.htm ->
HKLM: Search Bar -> http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html ->
HKLM: Search Page -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\SYSTEM\blank.htm ->
HKCU: Search Bar -> http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html ->
HKCU: Search Page -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> <local> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
aol.com [ - ] -> ->
free_aol.com [ - ] -> ->
free_aol.com [http] -> ->
www_getoffutt.com [*] -> ->
www_nnerenmls.com [*] -> ->
TrueFormsOL.com [https] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/05 1:04:00 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 1, 5, 1 | Size = 181752 bytes | Modified Date = 1/6/06 12:52:14 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/07 1:11:34 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/07 1:11:34 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> Reg Data - Value does not exist [ButtonText: Yahoo! Services] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Yahoo! Search -> %ProgramFiles%\Yahoo!\Common\YCSRCH.HTM -> [Ver = | Size = 605 bytes | Modified Date = 6/3/05 7:07:38 PM | Attr = ]
Yahoo! &Dictionary -> %ProgramFiles%\Yahoo!\Common\YCDICT.HTM -> [Ver = | Size = 616 bytes | Modified Date = 6/3/05 7:07:16 PM | Attr = ]
Yahoo! &Maps -> %ProgramFiles%\Yahoo!\Common\ycmap.htm -> [Ver = | Size = 690 bytes | Modified Date = 6/3/05 7:07:44 PM | Attr = ]
Yahoo! &SMS -> %ProgramFiles%\Yahoo!\Common\YCsms.htm -> [Ver = | Size = 1006 bytes | Modified Date = 8/1/05 6:43:00 PM | Attr = ]
< Default Protocols [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Default Protocols [HKCU] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{00000161-0000-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/msaudio.cab ->
{00000162-9980-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/0/B...4B9/wma9dmo.cab ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab ->
{31564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/wmvax.cab ->
{3253344D-0000-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/mpg4sax.cab ->
{3253534D-9980-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/F/3...980/wms9dmo.cab ->
{32564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/wmv8ax.cab ->
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB ->
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> OnlineScanner Control - CodeBase = http://www.eset.eu/buxus/docs/OnlineScanner.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{9D190AE6-C81E-4039-8061-978EBAD10073} -> F-Secure Online Scanner 3.0 - CodeBase = http://premium1.tds.net/files/tds/onlinescanner/fscax.cab ->
{C269D811-8511-44CF-B310-28CDDFFB1B74} -> osi_valid.uCltValid9m - CodeBase = http://www.nnerenmls.com/nne/valid/osi_valid9m.ocx ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> Shockwave Flash Object - CodeBase = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\SYSTEM\dajava.cab ->
Internet Explorer Classes for Java -> - CodeBase = file://C:\WINDOWS\SYSTEM\iejava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->

[Registry - Additional Scans - Non-Microsoft Only]
< Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{00010409-78E1-11D2-B60F-006097C998E7} -> Microsoft Office 2000 Professional ->
{018A0E82-1E79-4EA4-BA31-A72CEC193F0F} -> BitDefender 9 Standard ->
{1B4AA674-F5CA-4BB5-831A-CD37B4021959} -> ImageMixer for Sony ->
{2E7595EC-4FB1-4E29-93D4-9083C8A9B107} -> TurboTax ItsDeductible 2005 ->
{3248F0A8-6813-11D6-A77B-00B0D0160030} -> Java™ 6 Update 3 ->
{36495C59-089C-49D1-BD15-9E5BD86DC9A1} -> ItsDeductible Express ->
{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9} -> Image Transfer ->
{5C29CB8B-AC1E-4114-8D68-9CD080140D4A} -> Sony USB Driver ->
{735D7AC9-BC7B-4491-9D06-7F4642849E7C} -> P.I.M. II Plug-In ->
{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475} -> WexTech AnswerWorks ->
{F7467335-BFC5-4028-95F4-4471C428429A} -> MonacoEZcolor Demo ->
840315 -> Windows 98 Q840315 Update ->
888113 -> Windows 98 Q888113 Update ->
890175 -> Windows 98 Q890175 Update ->
891711 -> Windows 98 KB891711 Update ->
896358 -> Windows 98 KB896358 Update ->
908519 -> Windows 98 KB908519 Update ->
918547 -> Windows 98 KB918547 Update ->
Ad-Aware SE Personal -> Ad-Aware SE Personal ->
Adobe Acrobat 4.0 -> Adobe Acrobat 4.0 ->
Adobe Flash Player ActiveX -> Adobe Flash Player ActiveX ->
Adobe Photoshop 5.0 Limited Edition -> Adobe Photoshop 5.0 Limited Edition ->
Adobe Photoshop Elements 2.0 -> Adobe Photoshop Elements 2.0 ->
Agnitum Outpost Firewall 1.0 -> Agnitum Outpost Firewall 1.0 ->
Ambiance -> Remove Ambiance ->
ATI Display Driver -> ATI Display Driver software ->
ATI Mach64 Display Driver -> ATI mach64 Display Driver ->
ATI Video Player -> ATI Video Player ->
CleanUp! -> CleanUp! ->
ENSONIQ AudioPCI -> ENSONIQ AudioPCI ->
EPSON Printer and Utilities -> EPSON Printer Software ->
EpsonUSBPrinter -> EPSON USB Printer Devices ->
EsetOnlineScanner -> ESET Online Scanner ->
FileCD -> NTI FileCD ->
Film Factory -> Film Factory ->
FTW -> Family Tree Maker ->
HijackThis -> HijackThis 2.0.2 ->
HP DeskJet 840C Series -> HP DeskJet 840C Series (Remove only) ->
IE40 -> Microsoft Internet Explorer 6 SP1 and Internet Tools ->
ieupdate -> Internet Explorer Q916281 ->
Ink Monitor -> Ink Monitor ->
Inverse IP InSight (TDS) -> Visual IP InSight 4.3 (TDS) ->
KB870669 -> Microsoft Data Access Components KB870669 ->
LiveSite -> Valadeo LiveSite ->
Macromedia Shockwave Player -> Macromedia Shockwave Player ->
mIRC -> mIRC ->
Mozilla Firefox (2.0.0.9) -> Mozilla Firefox (2.0.0.9) ->
MSDE -> MSDE ->
NetMeeting -> NetMeeting 3.0 ->
NTI CD-Maker 2000 Plus -> NTI CD-Maker 2000 Plus ->
oeupdate -> Outlook Express Q823353 ->
OneTouch Version 3.0 -> OneTouch Version 3.0 ->
OutlookExpress -> Microsoft Outlook Express 6 ->
PaperPort 7.0 -> PaperPort 7.0 ->
PC Wizard 2008_is1 -> PC Wizard 2008.1.80 ->
pcANYWHERE32 -> pcANYWHERE32 ->
Q823559 -> Windows 98 Q823559 Update ->
Quick Shell -> Quick Shell ->
QuickTime -> QuickTime ->
RealPlayer 6.0 -> RealOne Player ->
Shockwave -> Shockwave ->
Silent Package Run-Time Sample -> EPSON Online Reference Guide ->
Spybot - Search & Destroy_is1 -> Spybot - Search & Destroy 1.4 ->
Teamspeak 2 RC2_is1 -> TeamSpeak 2 RC2 ->
TurboTax Basic 2004 -> TurboTax Basic 2004 ->
TurboTax Basic 2005 -> TurboTax Basic 2005 ->
vgxupdate -> Microsoft VGX Q833989 ->
WebPost -> Microsoft Web Publishing Wizard 1.6 ->
WMP7 -> Windows Media Player 7.1 ->
Yahoo! Companion -> Yahoo! Toolbar ->
Yahoo! Customizations -> Yahoo! Browser Services ->
Yahoo! Messenger -> Yahoo! Messenger ->


[Files/Folders - Created Within 30 days]
WIN.INI -> %SystemRoot%\WIN.INI -> [Ver = | Size = 8025 bytes | Created Date = 10/30/07 8:34:43 PM | Attr = ]
SYSTEM.INI -> %System32%.INI -> [Ver = | Size = 2163 bytes | Created Date = 10/30/07 8:34:43 PM | Attr = ]
WAVEMIX.INI -> %SystemRoot%\WAVEMIX.INI -> [Ver = | Size = 54 bytes | Created Date = 10/14/07 7:19:52 AM | Attr = ]
POWERPNT.INI -> %SystemRoot%\POWERPNT.INI -> [Ver = | Size = 60 bytes | Created Date = 10/14/07 7:19:52 AM | Attr = ]
HWINFO.DAT -> %SystemRoot%\HWINFO.DAT -> [Ver = | Size = 565280 bytes | Created Date = 10/30/07 4:53:59 PM | Attr = RH ]
SYSTEM.DAT -> %System32%.DAT -> [Ver = | Size = 8630326 bytes | Created Date = 11/6/07 3:56:31 PM | Attr = RH ]
33468001.PWL -> %SystemRoot%\33468001.PWL -> [Ver = | Size = 688 bytes | Created Date = 10/30/07 5:51:02 PM | Attr = ]
WININIT.BAK -> %SystemRoot%\WININIT.BAK -> [Ver = | Size = 88 bytes | Created Date = 11/6/07 3:31:54 PM | Attr = ]
java.exe -> %SystemRoot%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 11/1/07 7:53:00 PM | Attr = ]
javaw.exe -> %SystemRoot%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 11/1/07 7:53:00 PM | Attr = ]
javaws.exe -> %SystemRoot%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 11/1/07 7:53:01 PM | Attr = ]
d3d8caps.dat -> %System32%\d3d8caps.dat -> [Ver = | Size = 1632 bytes | Created Date = 11/1/07 4:07:02 PM | Attr = ]
PCWizard.cpl -> %System32%\PCWizard.cpl -> 4 [Ver = 2008, 1, 8, 0 | Size = 27136 bytes | Created Date = 10/10/07 3:52:59 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
BOOTLOG.PRV -> %SystemDrive%\BOOTLOG.PRV -> [Ver = | Size = 56764 bytes | Modified Date = 10/12/07 6:29:36 PM | Attr = H ]
Config.sys -> %SystemDrive%\Config.sys -> [Ver = | Size = 59 bytes | Modified Date = 10/30/07 5:49:38 PM | Attr = ]
autoexec.bat -> %SystemDrive%\autoexec.bat -> [Ver = | Size = 88 bytes | Modified Date = 11/6/07 12:55:56 PM | Attr = ]
bdod.bin -> %SystemDrive%\bdod.bin -> [Ver = | Size = 81984 bytes | Modified Date = 11/6/07 6:51:22 PM | Attr = ]
WIN.INI -> %SystemRoot%\WIN.INI -> [Ver = | Size = 8025 bytes | Modified Date = 11/6/07 6:01:36 PM | Attr = ]
SYSTEM.INI -> %System32%.INI -> [Ver = | Size = 2163 bytes | Modified Date = 11/6/07 5:50:16 PM | Attr = ]
WAVEMIX.INI -> %SystemRoot%\WAVEMIX.INI -> [Ver = | Size = 54 bytes | Modified Date = 10/14/07 7:19:54 AM | Attr = ]
POWERPNT.INI -> %SystemRoot%\POWERPNT.INI -> [Ver = | Size = 60 bytes | Modified Date = 10/14/07 7:19:54 AM | Attr = ]
USER.DAT -> %SystemRoot%\USER.DAT -> [Ver = | Size = 1122336 bytes | Modified Date = 11/6/07 6:53:22 PM | Attr = RH ]
HWINFO.DAT -> %SystemRoot%\HWINFO.DAT -> [Ver = | Size = 565280 bytes | Modified Date = 10/30/07 4:54:00 PM | Attr = RH ]
SYSTEM.CB -> %System32%.CB -> [Ver = | Size = 116 bytes | Modified Date = 10/12/07 5:08:10 PM | Attr = ]
command.PIF -> %SystemRoot%\command.PIF -> [Ver = | Size = 967 bytes | Modified Date = 10/30/07 4:10:02 PM | Attr = ]
Twain001.Mtx -> %SystemRoot%\Twain001.Mtx -> [Ver = | Size = 4 bytes | Modified Date = 10/30/07 5:02:16 PM | Attr = ]
SYSTEM.DAT -> %System32%.DAT -> [Ver = | Size = 8630326 bytes | Modified Date = 11/6/07 6:54:20 PM | Attr = RH ]
33468001.PWL -> %SystemRoot%\33468001.PWL -> [Ver = | Size = 688 bytes | Modified Date = 10/30/07 5:51:04 PM | Attr = ]
bdinit.ini -> %SystemRoot%\bdinit.ini -> [Ver = | Size = 10 bytes | Modified Date = 11/6/07 5:50:20 PM | Attr = ]
wmplibrary_v_0_12.db -> %SystemRoot%\wmplibrary_v_0_12.db -> [Ver = | Size = 270336 bytes | Modified Date = 11/2/07 7:45:52 AM | Attr = ]
WININIT.BAK -> %SystemRoot%\WININIT.BAK -> [Ver = | Size = 88 bytes | Modified Date = 11/6/07 3:32:12 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 11/6/07 5:50:22 PM | Attr = H ]
Tune-up Application Start.job -> %SystemRoot%\tasks\Tune-up Application Start.job -> [Ver = | Size = 502 bytes | Modified Date = 11/3/07 7:00:00 PM | Attr = ]
HwInfoD.vxd -> %System32%\HwInfoD.vxd -> [Ver = | Size = 10982 bytes | Modified Date = 10/30/07 4:53:44 PM | Attr = ]
QuickTime.qtp -> %System32%\QuickTime.qtp -> [Ver = | Size = 9857 bytes | Modified Date = 11/2/07 6:56:42 AM | Attr = ]
d3d8caps.dat -> %System32%\d3d8caps.dat -> [Ver = | Size = 1632 bytes | Modified Date = 11/1/07 4:07:04 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
Thawte Consulting , -> %System32%.pca -> [Ver = | Size = 4444192 bytes | Modified Date = 6/20/00 3:34:42 PM | Attr = ]
Thawte Consulting , USERTRUST , -> %System32%.DAT -> [Ver = | Size = 8630326 bytes | Modified Date = 11/6/07 6:54:20 PM | Attr = RH ]
PEC2 , -> %System32%\Dwapilib.tlb -> [Ver = | Size = 197171 bytes | Modified Date = 2/14/97 10:24:14 PM | Attr = ]
UPX! , UPX0 , -> %System32%\PCWizard.cpl -> 4 [Ver = 2008, 1, 8, 0 | Size = 27136 bytes | Modified Date = 9/15/07 4:11:52 PM | Attr = ]

< End of report >


# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2642 (20071106)
# vers_arch_module=1.058 (20070906)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=03766a70808cdc118cdf00119562bd31
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2007-11-06 09:31:20
# local_time=2007-11-06 04:31:20 (-0500, Eastern Standard Time)
# country="United States"
# osver=4.10.67766446 9x A
# scanned=96677
# found=0
# scan_time=1877


also Fresh hjt log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:10 PM, on 11/6/07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\VISUAL IP INSIGHT\TDS\ARUPLD32.EXE
C:\PROGRAM FILES\VISUAL IP INSIGHT\TDS\ARMON32A.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\OUTPOST.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\VSSERV.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\BDNAGENT.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE
C:\MSSQL7\BINN\SCM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BitDefender Virus Shield] "C:\Program Files\Softwin\BitDefender9\vsserv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\bdnagent.exe"
O4 - HKLM\..\Run: [BitDefender Live Service] "C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe"
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AccessRampLAN 01] "C:\PROGRAM FILES\VISUAL IP INSIGHT\TDS\ARUpld32.exe" -l
O4 - HKLM\..\RunServices: [AccessRampMonitor 01] "C:\PROGRAM FILES\VISUAL IP INSIGHT\TDS\ARMon32a.exe"
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [BitDefender Live! Init] "C:\Program Files\Softwin\BitDefender9\bdinit.exe"
O4 - HKLM\..\RunServices: [BitDefender Communicator] "C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe"
O4 - HKLM\..\RunServices: [BitDefender Scan Server] "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe"
O4 - HKLM\..\RunServices: [Outpost Firewall] C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\outpost.exe /service
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\SCANSOFT\PAPERP~1\PPWebCap.exe
O4 - HKUS\.DEFAULT\..\Run: [PPWebCap] C:\PROGRA~1\SCANSOFT\PAPERP~1\PPWebCap.exe (User 'Default user')
O4 - .DEFAULT Startup: SQL Server.lnk = C:\MSSQL7\Binn\scm.exe (User 'Default user')
O4 - .DEFAULT Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe (User 'Default user')
O4 - .DEFAULT Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe (User 'Default user')
O4 - .DEFAULT Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE (User 'Default user')
O4 - .DEFAULT Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: SQL Server.lnk = C:\MSSQL7\Binn\scm.exe
O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.6.0_03\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.6.0_03\BIN\SSV.DLL
O15 - Trusted Zone: www.nnerenmls.com
O15 - Trusted Zone: www.getoffutt.com
O16 - DPF: {C269D811-8511-44CF-B310-28CDDFFB1B74} (osi_valid.uCltValid9m) - http://www.nnerenmls.com/nne/valid/osi_valid9m.ocx
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://premium1.tds.net/files/tds/onlinescanner/fscax.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O24 - Desktop Component 0: (no name) - http://1stopcollectibles.com/pics/ucclogo.gif

--
End of file - 7811 bytes

#10 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:02:55 AM

Posted 11 November 2007 - 07:42 AM

Hey Some12,

You originally asked if there where some unwanted things on this pc or if it was due to its age. After reviewing your latest logs, it shows that your system is clean and your "problems" are more originating from its age.

If you want to have a look into purchasing more RAM, you might want to take a look at this link: http://crucial.com/
If you need to dig further to find out what RAM you need to get for your pc, you can look for Crucial Memory Advisor™ tool. It should be of assistance to you.

NB: The above link is just to give you an indication of what it can cost. I am in no way asking you to buy anything from Crucial itself (its entirely up to you).

Step #1

Run HijackThis, press Scan, and put a check mark next to this entry:

R3 - Default URLSearchHook is missing

Close all other windows and browsers, and press the Fix Checked button.

Step #2

Please download System Security Suite from here
  • Open System Security Suite.
  • In the Items to Clear tab thick:
    • Internet Explorer (left pane): Cookies & Temporary files
    • My Computer (right pane): Temporary files & Recycle Bin
  • Press the Clear Selected Items button.
  • Close the program.
Step #3

Please post back with a fresh HijackThis log and let me know if System Security Suite was of any help to you in terms of your pc's performance.

Thanks,

Johannes

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#11 some12

some12
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 11 November 2007 - 09:41 PM

I don't think System Security Suite was of any use because I clean my cookies and temporary files often. I think I will just get a new computer soon, this one if a windows 98 from like 2002.

Here is the hjt:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:23 PM, on 11/11/07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\VISUAL IP INSIGHT\TDS\ARUPLD32.EXE
C:\PROGRAM FILES\VISUAL IP INSIGHT\TDS\ARMON32A.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\OUTPOST.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\BDMCON.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\VSSERV.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\BDNAGENT.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE
C:\MSSQL7\BINN\SCM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BitDefender Virus Shield] "C:\Program Files\Softwin\BitDefender9\vsserv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\bdnagent.exe"
O4 - HKLM\..\Run: [BitDefender Live Service] "C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe"
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AccessRampLAN 01] "C:\PROGRAM FILES\VISUAL IP INSIGHT\TDS\ARUpld32.exe" -l
O4 - HKLM\..\RunServices: [AccessRampMonitor 01] "C:\PROGRAM FILES\VISUAL IP INSIGHT\TDS\ARMon32a.exe"
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [BitDefender Live! Init] "C:\Program Files\Softwin\BitDefender9\bdinit.exe"
O4 - HKLM\..\RunServices: [BitDefender Communicator] "C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe"
O4 - HKLM\..\RunServices: [BitDefender Scan Server] "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe"
O4 - HKLM\..\RunServices: [Outpost Firewall] C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\outpost.exe /service
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\SCANSOFT\PAPERP~1\PPWebCap.exe
O4 - HKUS\.DEFAULT\..\Run: [PPWebCap] C:\PROGRA~1\SCANSOFT\PAPERP~1\PPWebCap.exe (User 'Default user')
O4 - .DEFAULT Startup: SQL Server.lnk = C:\MSSQL7\Binn\scm.exe (User 'Default user')
O4 - .DEFAULT Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe (User 'Default user')
O4 - .DEFAULT Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe (User 'Default user')
O4 - .DEFAULT Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE (User 'Default user')
O4 - .DEFAULT Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: SQL Server.lnk = C:\MSSQL7\Binn\scm.exe
O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.6.0_03\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.6.0_03\BIN\SSV.DLL
O15 - Trusted Zone: www.nnerenmls.com
O15 - Trusted Zone: www.getoffutt.com
O16 - DPF: {C269D811-8511-44CF-B310-28CDDFFB1B74} (osi_valid.uCltValid9m) - http://www.nnerenmls.com/nne/valid/osi_valid9m.ocx
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://premium1.tds.net/files/tds/onlinescanner/fscax.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O24 - Desktop Component 0: (no name) - http://1stopcollectibles.com/pics/ucclogo.gif

--
End of file - 7937 bytes

#12 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:02:55 AM

Posted 12 November 2007 - 02:24 PM

Hey Some12,

Ok, thanks for the feedback.

If you wish, you can visit our Windows 98 forum and see if they have any tips and tricks for you, until you will purchase a new pc.

Additionally, I just wanted to point out that only a few programmes clean the index.dat file. The basic junk cleaning function of Windows does not clean it. If you use CCleaner or Cleanup it will have cleaned the index.dat successfully. If not and index.dat has never been cleaned correctly, it could be a huge file by now and causing your pc to slow down. Some further reading in regards to this - here.

Regarding speed issues and staying safe, there are two links I would like to point out to you that I think could be of value to you. The first one is a write up by one of my colleagues - miekiemoes, and can be found here. The second one is this one: "Simple and easy ways to keep your computer safe and secure on the Internet"

Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!

Edited by Yourhighness, 12 November 2007 - 02:24 PM.

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users