Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very Slow Computer


  • This topic is locked This topic is locked
9 replies to this topic

#1 mysticrose

mysticrose

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Durant, Oklahoma
  • Local time:05:59 AM

Posted 26 July 2008 - 02:41 AM

Here lately my computer has been running very slow. It will run fine for a little while but, then it will get so slow I have to reboot it several times a day. Here are the two logs from DSS & HijackThis.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.80GHz
Percentage of Memory in Use: 76%
Physical Memory (total/avail): 511.47 MiB / 118.14 MiB
Pagefile Memory (total/avail): 1250.16 MiB / 716.66 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.59 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 186.3 GiB total, 165.92 GiB free.
D: is CDROM (No Media)
E: is Fixed (FAT32) - 149.01 GiB total, 141.19 GiB free.

\\.\PHYSICALDRIVE0 - MDT MD2000BB-00RDA0 - 186.31 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 186.3 GiB - C:

\\.\PHYSICALDRIVE1 - WD 1600AAJ External USB Device - 149.05 GiB - 1 partition
\PARTITION0 - Unknown - 149.05 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kristy\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KRISTY-2711B683
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kristy
LOGONSERVER=\\KRISTY-2711B683
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Kristy\LOCALS~1\Temp
TMP=C:\DOCUME~1\Kristy\LOCALS~1\Temp
USERDOMAIN=KRISTY-2711B683
USERNAME=Kristy
USERPROFILE=C:\Documents and Settings\Kristy
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Kristy (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
礣orrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Abexo Free Registry Cleaner --> C:\Program Files\Abexo\afrc\uninst.exe
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Amazing Bubbles 3D 1.1 --> "C:\WINDOWS\Amazing Bubbles 3D\unins000.exe"
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{D63C3DAC-5112-4544-A766-C02D4C3BF811}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Babysitting Mania --> "C:\Program Files\Babysitting Mania\ReflexiveArcade\unins000.exe"
BookWorm Deluxe --> C:\PROGRA~1\GAMEHO~1\BOOKWO~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\BOOKWO~1\INSTALL.LOG
Build in Time --> C:\PROGRA~1\GAMEHO~1\BUILDI~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\BUILDI~1\INSTALL.LOG
Buildalot 2 Town Of The Year --> "C:\Program Files\Buildalot 2 Town Of The Year\ReflexiveArcade\unins000.exe"
Burger Island --> "C:\Program Files\Burger Island\ReflexiveArcade\unins000.exe"
Cake Mania 2 --> C:\PROGRA~1\GAMEHO~1\CAKEMA~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\CAKEMA~1\INSTALL.LOG
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CLUE Classic --> C:\PROGRA~1\GAMEHO~1\CLUECL~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\CLUECL~1\INSTALL.LOG
Desktop Sidebar --> MsiExec.exe /I{A92D7264-1A13-45BE-B769-88445DD04FD6}
Dream Day First Home --> "C:\Program Files\Dream Day First Home\ReflexiveArcade\unins000.exe"
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
Eusing Free Registry Cleaner --> C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
Fashion Boutique --> "C:\Program Files\Fashion Boutique\ReflexiveArcade\unins000.exe"
fflink --> MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
Flash Dating --> C:\PROGRA~1\GAMEHO~1\FLASHD~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\FLASHD~1\INSTALL.LOG
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Customer Participation Program 10.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3 --> C:\Program Files\HP\Digital Imaging\{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}\setup\hpzscr01.exe -datfile hposcr28.dat -onestop
HP Imaging Device Functions 10.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.5 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing --> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
HP USB Disk Storage Format Tool --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9 anything
Intel® Network Connections Drivers --> Prounstl.exe
Janes Hotel Family Hero --> "C:\Program Files\Janes Hotel Family Hero\ReflexiveArcade\unins000.exe"
Jasc Animation Shop 3 --> MsiExec.exe /I{7C4196CA-CA41-4F34-9C08-7724E7705D52}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Jojo's Fashion Show --> C:\PROGRA~1\GAMEHO~1\JOJO'S~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\JOJO'S~1\INSTALL.LOG
kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_25d117\Setup.exe /APR-REMOVE
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PCI Audio Driver --> cmuninst.exe
Posh Boutique --> C:\PROGRA~1\GAMEHO~1\POSHBO~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\POSHBO~1\INSTALL.LOG
PowerArchiver 2007 --> MsiExec.exe /I{B6826FA8-04C8-4147-AA3C-5B900AB887A1}
Quick StartUp 2.3 --> "C:\Program Files\Quick StartUp\unins000.exe"
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealArcade --> "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\RealArcade.rguninst" "AddRemove"
Sallys Spa --> "C:\Program Files\Sallys Spa\ReflexiveArcade\unins000.exe"
SCRABBLE --> C:\PROGRA~1\GAMEHO~1\SCRABB~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\SCRABB~1\INSTALL.LOG
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Shop for HP Supplies --> C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
skin0001 --> MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
SlimBrowser (remove only) --> "C:\Program Files\SlimBrowser\uninst.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
The Price Is Right --> "C:\Program Files\The Price Is Right\ReflexiveArcade\unins000.exe"
tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
TriPeaks Solitaire To Go --> "C:\Program Files\TriPeaks Solitaire To Go\ReflexiveArcade\unins000.exe"
Turbo Subs --> "C:\Program Files\Turbo Subs\ReflexiveArcade\unins000.exe"
Virtual Villagers The Secret City --> "C:\Program Files\Virtual Villagers The Secret City\ReflexiveArcade\unins000.exe"
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Webshots Desktop --> "C:\Program Files\Webshots\unins000.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Zuma Deluxe --> "C:\Program Files\Zuma Deluxe\ReflexiveArcade\unins000.exe"
Zune Desktop Theme --> MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}


-- Application Event Log -------------------------------------------------------

Event Record #/Type791 / Error
Event Submitted/Written: 07/26/2008 02:16:12 AM
Event ID/Source: 11706 / MsiInstaller
Event Description:
Product: TrayApp -- Error 1706. An installation package for the product TrayApp cannot be found. Try the installation again using a valid copy of the installation package 'TrayApp.msi'.

Event Record #/Type788 / Warning
Event Submitted/Written: 07/26/2008 02:14:05 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{5ACE69F0-A3E8-44EB-88C1-0A841E700180}', feature 'TrayApp' failed during request for component '{9E888D92-4DA4-4086-9A07-8015D56C3F53}'

Event Record #/Type787 / Warning
Event Submitted/Written: 07/26/2008 02:14:05 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{5ACE69F0-A3E8-44EB-88C1-0A841E700180}', feature 'TrayApp', component '{544C7EF7-6803-40A6-980E-57758E45BE87}' failed. The resource 'HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\DigitalImaging\CtxMgr\Strings\EditorPluginsDir' does not exist.

Event Record #/Type775 / Warning
Event Submitted/Written: 07/26/2008 00:07:34 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{5ACE69F0-A3E8-44EB-88C1-0A841E700180}', feature 'TrayApp' failed during request for component '{9E888D92-4DA4-4086-9A07-8015D56C3F53}'

Event Record #/Type774 / Warning
Event Submitted/Written: 07/26/2008 00:07:34 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{5ACE69F0-A3E8-44EB-88C1-0A841E700180}', feature 'TrayApp', component '{544C7EF7-6803-40A6-980E-57758E45BE87}' failed. The resource 'HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\DigitalImaging\CtxMgr\Strings\EditorPluginsDir' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3155 / Warning
Event Submitted/Written: 07/26/2008 02:33:45 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type3154 / Warning
Event Submitted/Written: 07/26/2008 02:18:39 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type3132 / Error
Event Submitted/Written: 07/26/2008 02:15:21 AM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The HP CUE DeviceDiscovery Service service hung on starting.

Event Record #/Type3131 / Error
Event Submitted/Written: 07/26/2008 02:13:16 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.33 for the Network Card with network address 0002B3B4FB87 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type3125 / Warning
Event Submitted/Written: 07/26/2008 01:46:25 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-07-26 02:36:52 ------------


Deckard's System Scanner v20071014.68
Run by Kristy on 2008-07-26 02:30:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
51: 2008-07-26 07:31:10 UTC - RP51 - Deckard's System Scanner Restore Point
50: 2008-07-26 05:46:05 UTC - RP50 - Installed Jasc Animation Shop 3
49: 2008-07-26 05:36:42 UTC - RP49 - Removed Jasc Paint Shop Pro 9
48: 2008-07-26 01:20:49 UTC - RP48 - System Checkpoint
47: 2008-07-25 00:46:25 UTC - RP47 - System Checkpoint


-- First Restore Point --
1: 2008-06-11 07:35:41 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Kristy.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:35:29 AM, on 7/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Webshots\webshots.scr
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\SlimBrowser\sbrowser.exe
E:\ProgramFiles\Jasc Software Inc\Paint Shop Pro 9\Paint Shop Pro 9.exe
C:\Documents and Settings\Kristy\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kristy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://fubar.com/imgs/ImageUploader5.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 7108 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 cmpci (C-Media PCI Audio Driver (WDM)) - c:\windows\system32\drivers\cmaudio.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-16 12:44:58 438 --a------ C:\WINDOWS\Tasks\EasyShare Registration Task.job
2008-06-24 19:52:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-26 and 2008-07-26 -----------------------------

2008-07-26 02:33:34 0 d-------- C:\Program Files\Trend Micro
2008-07-26 02:29:27 0 d-------- C:\WINDOWS\Sun
2008-07-26 02:29:27 0 d-------- C:\Documents and Settings\Kristy\Application Data\Sun
2008-07-26 01:02:54 0 d-------- C:\Documents and Settings\Kristy\Application Data\Jasc
2008-07-26 00:40:43 0 d-------- C:\WINDOWS\system32\appmgmt
2008-07-26 00:30:57 0 d-------- C:\Program Files\Western Digital Technologies
2008-07-24 23:04:24 0 dr-h----- C:\Documents and Settings\Kristy\Recent
2008-07-23 11:29:21 0 d--h----- C:\$AVG8.VAULT$
2008-07-22 23:55:24 0 d-------- C:\Documents and Settings\Kristy\Application Data\SlimBrowser
2008-07-22 23:55:19 0 d-------- C:\Program Files\SlimBrowser
2008-07-22 17:27:15 0 d-------- C:\Program Files\Sun
2008-07-22 17:24:45 0 d-------- C:\Program Files\Java
2008-07-22 17:22:01 0 d-------- C:\Program Files\Common Files\Java
2008-07-18 14:52:32 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-18 14:52:32 0 d-------- C:\Documents and Settings\Kristy\Application Data\AVGTOOLBAR
2008-07-18 14:52:20 0 d-------- C:\Program Files\AVG
2008-07-18 14:52:20 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-18 14:51:20 0 --a------ C:\Documents and Settings\Kristy\񀿉
2008-07-18 10:29:40 0 d-------- C:\Documents and Settings\Kristy\Application Data\HPAppData
2008-07-18 10:25:56 0 d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-07-18 10:25:25 0 d-------- C:\Documents and Settings\Kristy\Application Data\HP
2008-07-18 10:21:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-07-18 10:08:59 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-07-18 10:08:59 0 d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-07-18 10:08:19 0 d-------- C:\Program Files\Hewlett-Packard
2008-07-18 10:08:06 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-07-18 10:07:38 0 d-------- C:\Program Files\Common Files\HP
2008-07-18 10:05:22 0 d-------- C:\Program Files\HP
2008-07-18 10:00:35 932 -----n--- C:\WINDOWS\hpomdl28.dat
2008-07-18 10:00:35 157529 --a------ C:\WINDOWS\hpoins28.dat
2008-07-17 14:01:06 0 d-------- C:\Program Files\MSXML 4.0
2008-07-17 07:20:58 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2008-07-17 07:20:56 0 d-------- C:\Program Files\FriendBlasterPro
2008-07-16 13:07:10 0 d-------- C:\Documents and Settings\Kristy\Application Data\Skinux
2008-07-16 12:58:59 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-07-16 12:54:51 0 d-------- C:\Program Files\Common Files\Kodak
2008-07-16 12:54:29 0 d-------- C:\Program Files\Kodak
2008-07-16 12:42:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2008-07-15 01:12:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-12 17:40:10 0 d-------- C:\Program Files\Dream Day First Home
2008-07-12 13:38:27 0 d-------- C:\Documents and Settings\Kristy\Application Data\EA
2008-07-12 13:37:01 0 d-------- C:\Program Files\TriPeaks Solitaire To Go
2008-07-11 04:45:27 0 d-------- C:\Documents and Settings\Kristy\Application Data\Sandlot Games
2008-07-11 00:47:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Astar Games
2008-07-11 00:36:00 0 d-------- C:\Program Files\Ice Cream Mania
2008-07-09 22:42:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
2008-07-09 22:38:39 0 d-------- C:\Documents and Settings\Kristy\Application Data\Sudden Games
2008-07-09 22:10:07 0 d-------- C:\Program Files\Burger Island
2008-07-09 22:09:35 0 d-------- C:\Program Files\Zuma Deluxe
2008-07-09 22:08:21 0 d-------- C:\Program Files\Ice Cream Dee Lites
2008-07-09 22:04:12 0 d-------- C:\Program Files\Yard Sale Junkie
2008-07-09 21:22:58 0 d-------- C:\Program Files\Go Go Gourmet
2008-07-08 03:36:06 0 d-------- C:\Documents and Settings\Kristy\.editrocket
2008-07-06 20:07:57 0 d-------- C:\Documents and Settings\Kristy\Application Data\Eyeblaster
2008-07-06 02:36:01 0 d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-07-06 02:33:06 0 d-------- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-07-06 01:45:46 0 d-------- C:\Documents and Settings\Kristy\Application Data\GamesCafe
2008-07-06 01:44:55 24 --a------ C:\WINDOWS\popcinfo.dat
2008-07-05 00:00:10 0 d-------- C:\Documents and Settings\Kristy\Application Data\Gamelab
2008-07-04 23:05:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Lifetime
2008-07-04 00:03:30 0 d-------- C:\Documents and Settings\Kristy\Application Data\My Games
2008-07-04 00:00:47 0 d-------- C:\Documents and Settings\Kristy\Application Data\GameHouse
2008-07-04 00:00:42 0 d-------- C:\Program Files\GameHouse
2008-07-03 23:43:11 0 d-------- C:\Program Files\Fatal Hearts
2008-07-02 23:41:00 0 d-------- C:\Program Files\Fashion Craze
2008-07-02 22:37:14 0 d-------- C:\Program Files\Virtual Villagers The Secret City
2008-07-02 19:33:55 0 d-------- C:\Documents and Settings\All Users\Application Data\eGames
2008-07-02 19:33:24 0 d-------- C:\Documents and Settings\Kristy\Application Data\eGames
2008-07-02 19:31:50 0 d-------- C:\Program Files\Purrfect Pet Shop
2008-07-02 18:46:42 0 d-------- C:\Documents and Settings\Kristy\Application Data\ViquaSoft
2008-07-02 12:20:39 0 d-------- C:\Documents and Settings\Kristy\Application Data\Magic Seeds
2008-07-02 12:19:18 0 d-------- C:\Program Files\Magic Seeds
2008-07-01 22:24:48 0 d-------- C:\Documents and Settings\Kristy\Application Data\iWin
2008-07-01 21:47:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-07-01 20:02:42 0 d-------- C:\Documents and Settings\Kristy\Application Data\Total Eclipse
2008-07-01 20:00:00 0 d-------- C:\Program Files\Fashion Boutique
2008-07-01 17:42:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Gogii
2008-07-01 17:40:58 0 d-------- C:\Program Files\Babysitting Mania
2008-07-01 14:30:38 0 d-------- C:\Documents and Settings\Kristy\Application Data\Oberon Games
2008-07-01 14:30:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Oberon Games
2008-07-01 14:29:04 0 d-------- C:\Program Files\Turbo Subs
2008-07-01 01:38:22 0 d-------- C:\Documents and Settings\Kristy\Application Data\Jane s Hotel Family Hero
2008-07-01 01:37:11 0 d-------- C:\Program Files\Janes Hotel Family Hero
2008-07-01 01:19:05 0 d-------- C:\Documents and Settings\Kristy\Application Data\Ludia
2008-07-01 01:19:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Ludia
2008-07-01 01:16:25 0 d-------- C:\Program Files\The Price Is Right
2008-06-30 23:34:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2
2008-06-30 22:23:27 0 d-------- C:\Program Files\Fashion Solitaire
2008-06-30 21:32:45 0 d--hs---- C:\WINDOWS\ftpcache
2008-06-30 18:15:30 0 d-------- C:\Documents and Settings\Kristy\Application Data\PlayFirst
2008-06-30 18:15:30 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-06-30 18:10:21 0 d-------- C:\Program Files\Pet Shop Hop
2008-06-30 17:49:40 0 d-------- C:\Program Files\Airport Mania
2008-06-30 16:46:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-06-30 15:16:40 0 d-------- C:\Program Files\Build in Time
2008-06-30 13:41:30 0 d-------- C:\Program Files\Sallys Spa
2008-06-30 00:35:53 0 d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-06-30 00:33:46 0 d-------- C:\Program Files\Buildalot 2 Town Of The Year
2008-06-30 00:14:36 0 d-------- C:\Documents and Settings\Kristy\Saved Games
2008-06-30 00:14:36 0 d-------- C:\Documents and Settings\Kristy\Application Data\Flood Light Games
2008-06-30 00:14:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Flood Light Games
2008-06-30 00:10:11 0 d-------- C:\Program Files\ReflexiveArcade
2008-06-29 23:22:43 0 d-------- C:\Documents and Settings\All Users\Application Data\ConeXware
2008-06-29 23:19:32 0 d-------- C:\Program Files\PowerArchiver
2008-06-29 22:44:55 0 d-------- C:\Reflexive.GameHouse.Patchers
2008-06-29 22:25:04 4096 --a------ C:\WINDOWS\d3dx.dat
2008-06-29 17:48:07 0 d-------- C:\My Games
2008-06-29 17:46:48 0 d-------- C:\users
2008-06-29 17:44:19 0 d-------- C:\Program Files\RealArcade
2008-06-26 22:51:46 0 d-------- C:\Documents and Settings\Kristy\Application Data\Yahoo!
2008-06-26 22:51:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-26 17:15:07 56 -r-hs---- C:\WINDOWS\system32\5A15E6F768.sys
2008-06-26 15:52:41 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-06-26 15:51:14 0 d-------- C:\Documents and Settings\Kristy\Application Data\Jasc Software Inc
2008-06-26 15:49:19 3350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-26 15:48:35 0 d-------- C:\Program Files\Jasc Software Inc


-- Find3M Report ---------------------------------------------------------------

2008-07-26 00:38:56 0 d-------- C:\Program Files\Common Files
2008-07-17 08:03:05 0 d-------- C:\Documents and Settings\Kristy\Application Data\uTorrent
2008-07-15 01:13:03 0 d-------- C:\Program Files\Lavasoft
2008-07-03 23:56:31 0 d-------- C:\Documents and Settings\Kristy\Application Data\Macromedia
2008-06-26 15:51:48 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-25 21:05:28 0 d-------- C:\Program Files\Webshots
2008-06-25 21:05:17 0 d-------- C:\Documents and Settings\Kristy\Application Data\Webshots
2008-06-24 19:53:40 0 d-------- C:\Program Files\QuickTime
2008-06-24 19:52:00 0 d-------- C:\Program Files\Apple Software Update
2008-06-24 15:17:15 0 d-------- C:\Program Files\Yahoo!
2008-06-24 12:02:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-21 13:33:17 0 d-------- C:\Program Files\Astonsoft
2008-06-21 08:20:58 0 d-------- C:\Documents and Settings\Kristy\Application Data\Desktop Sidebar
2008-06-20 14:17:10 0 d-------- C:\Program Files\uTorrent
2008-06-17 23:27:11 0 d-------- C:\Program Files\MagicISO
2008-06-13 20:39:34 0 d-------- C:\Documents and Settings\Kristy\Application Data\DeepBurner
2008-06-13 13:58:15 0 d-------- C:\Program Files\CCleaner
2008-06-13 13:57:07 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-06-13 13:50:28 0 d-------- C:\Program Files\Desktop XP
2008-06-13 13:01:18 0 d-------- C:\Documents and Settings\Kristy\Application Data\Adobe
2008-06-12 19:09:12 0 d-------- C:\Program Files\Online Services
2008-06-11 10:26:36 0 d-------- C:\Program Files\Desktop Sidebar
2008-06-11 10:01:13 0 d-------- C:\Program Files\Quick StartUp
2008-06-11 09:53:18 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-11 09:53:11 0 d-------- C:\Documents and Settings\Kristy\Application Data\Mozilla
2008-06-11 09:52:03 0 d-------- C:\Program Files\Abexo
2008-06-11 04:44:15 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-11 04:37:59 0 d-------- C:\Program Files\MSBuild
2008-06-11 04:32:33 0 d-------- C:\Program Files\Reference Assemblies
2008-06-11 03:21:18 0 d-------- C:\Documents and Settings\Kristy\Application Data\ATI
2008-06-11 03:11:02 0 d-------- C:\Program Files\ATI Technologies
2008-06-11 02:48:16 0 d-------- C:\Program Files\Messenger
2008-06-11 02:47:38 0 d-------- C:\Program Files\Movie Maker
2008-06-11 02:43:45 0 d-------- C:\Program Files\Windows NT
2008-06-11 02:35:26 0 d-------- C:\Documents and Settings\Kristy\Application Data\Identities
2008-06-11 02:27:54 0 d-------- C:\Program Files\microsoft frontpage
2008-06-11 02:27:29 0 -rahs---- C:\MSDOS.SYS
2008-06-11 02:27:29 0 -rahs---- C:\IO.SYS
2008-06-11 02:27:29 0 --a------ C:\CONFIG.SYS
2008-06-11 02:27:29 0 --a------ C:\AUTOEXEC.BAT
2008-06-11 02:25:36 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-11 02:24:33 0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-11 02:22:52 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-11 02:22:20 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-11 01:27:07 0 d-------- C:\Program Files\MSXML 6.0
2008-06-10 21:15:45 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-10 21:15:40 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-06-10 21:15:01 62 --ahs---- C:\Documents and Settings\Kristy\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
11/06/2007 01:50 AM 322880 --a------ C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/18/2008 02:52 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
11/06/2007 01:50 AM 542016 --a------ C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/18/2008 02:52 PM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [10/15/2002 06:00 PM C:\WINDOWS\mixer.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [10/14/2007 09:17 PM]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [08/22/2007 04:31 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/18/2008 02:52 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 07:12 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"ares"="C:\Program Files\Ares\Ares.exe" []
"PowerArchiver Tray"="C:\Program Files\PowerArchiver\PASTARTER.EXE" [11/30/2007 10:08 AM]

C:\Documents and Settings\Kristy\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [6/25/2008 9:05:18 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [10/14/2007 8:38:52 PM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [5/10/2008 7:15:28 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8724 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-26 02:36:52 ------------

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:59 AM

Posted 08 August 2008 - 12:14 PM

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new Deckard's System Scanner which includes the HijackThis log. Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 mysticrose

mysticrose
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Durant, Oklahoma
  • Local time:05:59 AM

Posted 09 August 2008 - 08:14 AM

Deckard's System Scanner v20071014.68
Run by Kristy on 2008-08-09 08:07:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Kristy.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:59 AM, on 8/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\vphc700.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\Kristy\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kristy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: TrayMin700.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.fubar.com/imgs/ImageUploader5.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 6889 bytes

-- Files created between 2008-07-09 and 2008-08-09 -----------------------------

2008-08-04 01:51:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Fitn17
2008-08-04 01:28:49 0 d-------- C:\Program Files\Fitness Frenzy
2008-08-04 01:28:04 0 d-------- C:\Program Files\Fashion Dash
2008-08-03 21:47:26 0 dr-h----- C:\Documents and Settings\Kristy\Recent
2008-08-03 21:41:55 0 d-------- C:\Program Files\Dream Day Honeymoon
2008-08-03 04:52:19 0 d-------- C:\Documents and Settings\Kristy\Application Data\Amaranth Games
2008-08-03 04:47:58 0 d-------- C:\Program Files\Yummy Drink Factory
2008-08-03 01:08:37 0 d-------- C:\Documents and Settings\Kristy\Application Data\Apple Computer
2008-08-02 03:06:42 0 d-------- C:\WINDOWS\pss
2008-08-01 22:29:21 0 d-------- C:\Program Files\Dream Day Wedding 2
2008-08-01 06:46:08 0 d-------- C:\Program Files\The Poppit Show
2008-08-01 05:27:57 0 d-------- C:\Documents and Settings\Kristy\Application Data\OpenOffice.org2
2008-07-31 03:06:21 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-07-30 02:31:57 0 d-------- C:\Documents and Settings\Kristy\Application Data\Avant Profiles
2008-07-30 02:29:03 0 d-------- C:\Program Files\Avant Browser
2008-07-28 00:31:35 0 d-------- C:\Program Files\Philips
2008-07-28 00:30:21 0 d-------- C:\Documents and Settings\Kristy\Application Data\ArcSoft
2008-07-28 00:29:43 0 d-------- C:\Program Files\Common Files\ArcSoft
2008-07-28 00:29:40 212480 --a------ C:\WINDOWS\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2008-07-28 00:29:40 0 d-------- C:\Program Files\Philips_VLounge
2008-07-27 23:46:12 0 d-------- C:\Program Files\DSC Driver
2008-07-27 02:26:03 0 d-------- C:\Documents and Settings\Kristy\Application Data\MxBoost
2008-07-26 02:33:34 0 d-------- C:\Program Files\Trend Micro
2008-07-26 02:29:27 0 d-------- C:\WINDOWS\Sun
2008-07-26 02:29:27 0 d-------- C:\Documents and Settings\Kristy\Application Data\Sun
2008-07-26 01:02:54 0 d-------- C:\Documents and Settings\Kristy\Application Data\Jasc
2008-07-26 00:40:43 0 d-------- C:\WINDOWS\system32\appmgmt
2008-07-26 00:30:57 0 d-------- C:\Program Files\Western Digital Technologies
2008-07-23 11:29:21 0 d--h----- C:\$AVG8.VAULT$
2008-07-22 23:55:24 0 d-------- C:\Documents and Settings\Kristy\Application Data\SlimBrowser
2008-07-22 23:55:19 0 d-------- C:\Program Files\SlimBrowser
2008-07-22 17:24:45 0 d-------- C:\Program Files\Java
2008-07-22 17:22:01 0 d-------- C:\Program Files\Common Files\Java
2008-07-18 14:52:32 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-18 14:52:32 0 d-------- C:\Documents and Settings\Kristy\Application Data\AVGTOOLBAR
2008-07-18 14:52:20 0 d-------- C:\Program Files\AVG
2008-07-18 14:52:20 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-18 14:51:20 0 --a------ C:\Documents and Settings\Kristy\񀿉
2008-07-18 10:29:40 0 d-------- C:\Documents and Settings\Kristy\Application Data\HPAppData
2008-07-18 10:25:56 0 d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-07-18 10:25:25 0 d-------- C:\Documents and Settings\Kristy\Application Data\HP
2008-07-18 10:21:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-07-18 10:08:59 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-07-18 10:08:59 0 d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-07-18 10:08:19 0 d-------- C:\Program Files\Hewlett-Packard
2008-07-18 10:08:06 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-07-18 10:07:38 0 d-------- C:\Program Files\Common Files\HP
2008-07-18 10:05:22 0 d-------- C:\Program Files\HP
2008-07-18 10:00:35 932 -----n--- C:\WINDOWS\hpomdl28.dat
2008-07-18 10:00:35 157529 --a------ C:\WINDOWS\hpoins28.dat
2008-07-17 14:01:06 0 d-------- C:\Program Files\MSXML 4.0
2008-07-17 07:20:58 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2008-07-17 07:20:56 0 d-------- C:\Program Files\FriendBlasterPro
2008-07-16 13:07:10 0 d-------- C:\Documents and Settings\Kristy\Application Data\Skinux
2008-07-16 12:58:59 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-07-16 12:54:51 0 d-------- C:\Program Files\Common Files\Kodak
2008-07-16 12:54:29 0 d-------- C:\Program Files\Kodak
2008-07-16 12:42:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2008-07-15 01:12:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-12 17:40:10 0 d-------- C:\Program Files\Dream Day First Home
2008-07-12 13:38:27 0 d-------- C:\Documents and Settings\Kristy\Application Data\EA
2008-07-12 13:37:01 0 d-------- C:\Program Files\TriPeaks Solitaire To Go
2008-07-11 04:45:27 0 d-------- C:\Documents and Settings\Kristy\Application Data\Sandlot Games
2008-07-11 00:47:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Astar Games
2008-07-09 22:42:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
2008-07-09 22:38:39 0 d-------- C:\Documents and Settings\Kristy\Application Data\Sudden Games
2008-07-09 22:10:07 0 d-------- C:\Program Files\Burger Island
2008-07-09 22:09:35 0 d-------- C:\Program Files\Zuma Deluxe


-- Find3M Report ---------------------------------------------------------------

2008-08-06 08:43:49 0 d-------- C:\Program Files\PowerArchiver
2008-08-04 01:30:28 0 d-------- C:\Documents and Settings\Kristy\Application Data\PlayFirst
2008-07-30 02:48:17 0 d-------- C:\Program Files\Babysitting Mania
2008-07-28 00:31:34 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-28 00:29:43 0 d-------- C:\Program Files\Common Files
2008-07-26 00:46:06 0 d-------- C:\Program Files\Jasc Software Inc
2008-07-25 22:23:21 3350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-25 22:23:10 56 -r-hs---- C:\WINDOWS\system32\5A15E6F768.sys
2008-07-21 23:31:50 0 d-------- C:\Documents and Settings\Kristy\Application Data\GameHouse
2008-07-21 23:31:36 0 d-------- C:\Program Files\GameHouse
2008-07-18 16:12:32 0 d-------- C:\Program Files\Build in Time
2008-07-17 08:03:05 0 d-------- C:\Documents and Settings\Kristy\Application Data\uTorrent
2008-07-15 01:13:03 0 d-------- C:\Program Files\Lavasoft
2008-07-14 05:49:34 0 d-------- C:\Program Files\Virtual Villagers The Secret City
2008-07-14 02:45:23 24 --a------ C:\WINDOWS\popcinfo.dat
2008-07-09 12:37:36 0 d-------- C:\Program Files\Fashion Boutique
2008-07-06 21:12:15 0 d-------- C:\Documents and Settings\Kristy\Application Data\iWin
2008-07-06 20:07:57 0 d-------- C:\Documents and Settings\Kristy\Application Data\Eyeblaster
2008-07-06 01:45:46 0 d-------- C:\Documents and Settings\Kristy\Application Data\GamesCafe
2008-07-05 00:00:10 0 d-------- C:\Documents and Settings\Kristy\Application Data\Gamelab
2008-07-04 00:03:30 0 d-------- C:\Documents and Settings\Kristy\Application Data\My Games
2008-07-03 23:56:31 0 d-------- C:\Documents and Settings\Kristy\Application Data\Macromedia
2008-07-03 23:34:14 0 d-------- C:\Program Files\Magic Seeds
2008-07-02 21:42:39 0 d-------- C:\Program Files\Purrfect Pet Shop
2008-07-02 19:34:39 0 d-------- C:\Program Files\Airport Mania
2008-07-02 19:33:24 0 d-------- C:\Documents and Settings\Kristy\Application Data\eGames
2008-07-02 18:46:42 0 d-------- C:\Documents and Settings\Kristy\Application Data\ViquaSoft
2008-07-02 12:20:40 0 d-------- C:\Documents and Settings\Kristy\Application Data\Magic Seeds
2008-07-01 20:02:42 0 d-------- C:\Documents and Settings\Kristy\Application Data\Total Eclipse
2008-07-01 14:30:38 0 d-------- C:\Documents and Settings\Kristy\Application Data\Oberon Games
2008-07-01 14:30:30 0 d-------- C:\Program Files\Turbo Subs
2008-07-01 01:38:22 0 d-------- C:\Documents and Settings\Kristy\Application Data\Jane s Hotel Family Hero
2008-07-01 01:38:16 0 d-------- C:\Program Files\Janes Hotel Family Hero
2008-07-01 01:19:05 0 d-------- C:\Documents and Settings\Kristy\Application Data\Ludia
2008-07-01 01:18:14 0 d-------- C:\Program Files\The Price Is Right
2008-06-30 13:44:20 0 d-------- C:\Program Files\Sallys Spa
2008-06-30 00:35:21 0 d-------- C:\Program Files\Buildalot 2 Town Of The Year
2008-06-30 00:14:36 0 d-------- C:\Documents and Settings\Kristy\Application Data\Flood Light Games
2008-06-30 00:10:11 0 d-------- C:\Program Files\ReflexiveArcade
2008-06-29 23:35:22 0 d-------- C:\Program Files\RealArcade
2008-06-29 22:25:04 4096 --a------ C:\WINDOWS\d3dx.dat
2008-06-26 22:52:26 0 d-------- C:\Documents and Settings\Kristy\Application Data\Yahoo!
2008-06-26 15:51:48 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-26 15:51:14 0 d-------- C:\Documents and Settings\Kristy\Application Data\Jasc Software Inc
2008-06-25 21:05:28 0 d-------- C:\Program Files\Webshots
2008-06-25 21:05:17 0 d-------- C:\Documents and Settings\Kristy\Application Data\Webshots
2008-06-24 19:53:40 0 d-------- C:\Program Files\QuickTime
2008-06-24 19:52:00 0 d-------- C:\Program Files\Apple Software Update
2008-06-24 15:17:15 0 d-------- C:\Program Files\Yahoo!
2008-06-21 13:33:17 0 d-------- C:\Program Files\Astonsoft
2008-06-21 08:20:58 0 d-------- C:\Documents and Settings\Kristy\Application Data\Desktop Sidebar
2008-06-20 14:17:10 0 d-------- C:\Program Files\uTorrent
2008-06-17 23:27:11 0 d-------- C:\Program Files\MagicISO
2008-06-13 20:39:34 0 d-------- C:\Documents and Settings\Kristy\Application Data\DeepBurner
2008-06-13 13:58:15 0 d-------- C:\Program Files\CCleaner
2008-06-13 13:57:07 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-06-13 13:50:28 0 d-------- C:\Program Files\Desktop XP
2008-06-13 13:01:18 0 d-------- C:\Documents and Settings\Kristy\Application Data\Adobe
2008-06-12 19:09:12 0 d-------- C:\Program Files\Online Services
2008-06-11 10:26:36 0 d-------- C:\Program Files\Desktop Sidebar
2008-06-11 10:01:13 0 d-------- C:\Program Files\Quick StartUp
2008-06-11 09:53:18 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-11 09:53:11 0 d-------- C:\Documents and Settings\Kristy\Application Data\Mozilla
2008-06-11 09:52:03 0 d-------- C:\Program Files\Abexo
2008-06-11 04:44:15 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-11 04:37:59 0 d-------- C:\Program Files\MSBuild
2008-06-11 04:32:33 0 d-------- C:\Program Files\Reference Assemblies
2008-06-11 03:21:18 0 d-------- C:\Documents and Settings\Kristy\Application Data\ATI
2008-06-11 03:11:02 0 d-------- C:\Program Files\ATI Technologies
2008-06-11 02:48:16 0 d-------- C:\Program Files\Messenger
2008-06-11 02:47:38 0 d-------- C:\Program Files\Movie Maker
2008-06-11 02:43:45 0 d-------- C:\Program Files\Windows NT
2008-06-11 02:35:26 0 d-------- C:\Documents and Settings\Kristy\Application Data\Identities
2008-06-11 02:27:54 0 d-------- C:\Program Files\microsoft frontpage
2008-06-11 02:27:29 0 -rahs---- C:\MSDOS.SYS
2008-06-11 02:27:29 0 -rahs---- C:\IO.SYS
2008-06-11 02:27:29 0 --a------ C:\CONFIG.SYS
2008-06-11 02:27:29 0 --a------ C:\AUTOEXEC.BAT
2008-06-11 02:25:36 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-11 02:24:33 0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-11 02:22:52 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-11 02:22:20 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-11 01:27:07 0 d-------- C:\Program Files\MSXML 6.0
2008-06-10 21:15:45 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-10 21:15:40 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-06-10 21:15:01 62 --ahs---- C:\Documents and Settings\Kristy\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
11/06/2007 01:50 AM 322880 --a------ C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/18/2008 02:52 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
11/06/2007 01:50 AM 542016 --a------ C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/18/2008 02:52 PM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [10/15/2002 06:00 PM C:\WINDOWS\mixer.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [10/14/2007 09:17 PM]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [08/22/2007 04:31 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/18/2008 02:52 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"phc700"="C:\WINDOWS\vphc700.exe" [10/16/2006 10:18 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 07:12 PM]
"PowerArchiver Tray"="C:\Program Files\PowerArchiver\PASTARTER.EXE" [11/30/2007 10:08 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
TrayMin700.exe.lnk - C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe [7/28/2008 12:31:36 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kristy^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=C:\Documents and Settings\Kristy\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kristy^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\Kristy\Start Menu\Programs\Startup\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08320e43-375c-11dd-90b4-806d6172696f}]
AutoRun\command- D:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{565f17ce-5ad2-11dd-9107-0002b3b4fb87}]
AutoRun\command- E:\wd_windows_tools\setup.exe




-- End of Deckard's System Scanner: finished at 2008-08-09 08:08:42 ------------

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:59 AM

Posted 10 August 2008 - 04:13 PM

A few things you may do prior to cleaning:During the cleaning process, if any other issues appear, please let us know. Please do not make any changes on your computer during the cleaning process or download and add programs on your computer unless instructed to do so. Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:59 AM

Posted 10 August 2008 - 04:25 PM

I did not see any obvious signs of malware. I have a few suggestions for cleaning.

Step 1

You may want to print this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step 2

In normal mode, run an online antivirus check from at least two and preferably three of the following sites
BitDefender
Computer Associates Online Virus Scan
Panda's ActiveScan
Trend Micro Housecall
Windows Live Safety Center Free Online Scan
This scanner from Trend does not require an Active X to run.
  • Detects and removes malware ( viruses, worms, trojans, etc. )
  • Detects and removes grayware and spyware
  • Restores damage caused by malware to your system.
  • Notifies about vulnerabilities in installed programs and connected network services.
  • Multi-platform support for: Windows, Linux, Solaris.
  • Easy-to-use with the Microsoft Internet Explorer and Mozilla Firefox.
When you have completed the scans, if you get a report of files that can抰 be cleaned / deleted, make a note of the file location of anything that cannot be deleted so you can delete it yourself. Please post that list in your next reply.

Step 3

Please download Ad-Aware 2008.
Please check this link, Ad-Aware 2007/ 2008 for instructions on how to download, install and use Ad-Aware. Run this program as soon as possible.

Step 4

I recommend using Spyware Blaster.
Please download SpywareBlaster. SpywareBlaster helps to:
  • Prevent the installation of Active X-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
  • Restrict the actions of potentially unwanted sites in Internet Explorer.
Please see Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware for instructions on how to download, install, and use SpywareBlaster.

Step 5

Windows Defender is a free program that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software. It features Real-Time Protection, a monitoring system that recommends actions against spyware when it is detected and minimizes interruptions and helps you stay productive.

Please download and install Windows Defender.
  • Confirm that your computer meets the minimum system requirements to install Windows Defender.
  • Visit the Windows Defender page in the Microsoft Download Center. Click the Continue button and follow the directions on the succeeding pages to download the program and start the Installation Wizard.
  • Follow the steps in the Installation Wizard. You will be asked if you want to participate in the Microsoft SpyNet online community. We suggest you choose the first option,
  • Use recommended settings.
  • Click Next to continue.
  • Click Install to begin installing Windows Defender.
  • When installation is complete, click Finish. Windows Defender will begin to scan your computer.
  • For more information, See How to install and set up Windows Defender
Step 6

ATF-Cleaner features include:
  • Cleaning of all user temp folders, administrator only can use this feature.
  • Cleaning of the Java cache, which seems to be harboring more and more malware.
  • Cleaning the cache, cookies, history, download history, visited links and saved passwords. You have the option of checking no if you want to save your passwords.
Please download the ATF-Cleaner by Atribune.
Instructions:
  • Double-click ATF-Cleaner.exe to run the program.
  • Check the boxes to the left of:
    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Prefetch (Windows XP) only
    • Java Cache
  • The rest are optional - if you want to remove them all, check Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
If you use the Firefox browser:
  • Click Firefox at the top and choose: Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use the Opera browser:
  • Click Opera at the top and choose: Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
If needed, Tutorial on ATF Cleaner with pictures.
Do not run it yet.

Step 7

Please disconnect from the Internet. Please close ALL browser windows (including this one).

Now we will address the HijackThis fixes.

Please run HijackThis and click Scan. Place checks next to the following entries (make sure not to miss any):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)


Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.

Step 8

Optional Fixes is the name that we use for fixes for unnecessary programs that load during startup and run in the background. These programs are not required to start automatically as you can start them manually if you need them. You would be removing the program from your startup but you would not be removing the program itself.

Your computer may be sluggish due to the many programs loading during startup and running in the background that are not necessary. Windows has a facility for starting programs at startup time. Some of these programs are required for your computer and the applications installed on it to run correctly. A good example of such a program is a virus-checking application that must always run, constantly checking for and isolating or removing files with viruses. Other such programs are not strictly required, or are optional. In some cases, you can gain significant performance enhancements by disabling the automatic startup of these programs. In many cases, the functionality offered by the programs is still available by starting the programs manually by, for example, starting the program from the Windows Start->Programs menu. Media players and instant messaging programs often fall into this category. In fact, it is common for many modern software applications, when installed, to add programs at startup that add items to the system tray or shortcut (context) menus in Windows Explorer to provide quick access to the features and functions of these applications. While they may be useful, they do increase boot time and consume system resources. It is advised that you disable these programs so that they do not take up necessary resources or slow the boot time.

Other than ScanRegistry, SystemTray, StateMgr, antivirus program entries, and firewall program entries, very few others need to load and run.

Read the articles below to see if it applies to your computer problem with being slow to respond.
Slow_Computer_Check_here_first_it_may_not_be_malware.
Help! My computer is slow!
50 Tips for a Super Fast PC
4 Ways to Speed Up Your Computer's Performance
It's not always malware: How to fix the top 10 Internet Explorer issues

If you decide that you want to stop the Optional Fixes in your startup, let me know and I will give you a list with instructions. You would be removing the program from your startup but you would not be removing the program itself.

Step 9

Let抯 run ATF-Cleaner to ensure no malware is hiding in temporary folders and for general computer cleanup to free space on your computer.

Step 10

Please run HijackThis in Normal Mode and post a new HijackThis log.

Please post the list of file names and locations for any files that can抰 be cleaned / deleted that were reported after you completed the online scans.

Please advise me of any problems you still have.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#6 mysticrose

mysticrose
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Durant, Oklahoma
  • Local time:05:59 AM

Posted 12 August 2008 - 09:34 AM

None of the online scanners you listed would work for me. But, I've been having problems with my browsers when the computer started running slow. I have firefox, slimbrowser, and avant no of which run right. I ran the ATF cleaner like you suggested. I fixed the three things in Hijackthis. Here is the new log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:27 AM, on 8/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\vphc700.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: TrayMin700.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.fubar.com/imgs/ImageUploader5.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7112 bytes

#7 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:59 AM

Posted 12 August 2008 - 02:01 PM

WebmasterWorld says:

LinkScanner was withdrawn because it was a security risk for AVG users.

I recommend that you remove AVG8 and reload it without the website scanner or download AVG Free.
Please see this thread regarding Linkscanner Concerns AVG Stops Real-Time Scanning"
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
Other than the above concern, you log looks good. How is your computer behaving now?
Have you tried to use Internet Explorer for the online scans? Often online scans will not work with FireFox.
The reason your computer is slow is that you have too many programs in your startup and running in the background. Slimming down your start up programs will increase the speed of your computer. You really should try the Optional Fixes. If you want to do so, let me know.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#8 mysticrose

mysticrose
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Durant, Oklahoma
  • Local time:05:59 AM

Posted 13 August 2008 - 09:46 AM

I did try the online scanners with IE sorry I should have included that in my last post. I did uninstall and download another avg. Its not running as slow as before but, I'm still having issues with everyone of the browsers not wanting to load pages right. Its not my internet connection so I have no clue what is causing this. I did take some programs out of my start up but, I'm not sure of what has to stay so if you could help me with that I would be greatful!

Edited by mysticrose, 13 August 2008 - 09:47 AM.


#9 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:59 AM

Posted 13 August 2008 - 02:29 PM

These are Optional Fixes. It is your decision whether you want to remove them from your start up. You will be removing the program from your startup but you will not be removing the program itself.

Please run HijackThis and click Scan. Place checks next to the following entries.

Mixer.exe (C-Media Mixer) process can be removed to free up resources without compromising system performance. The C-Media Mixer - C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> Program. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

HPWuSchd2.exe and HPWuSchd.exe (HP software updates) process can be removed to free up resources without compromising system performance. This is the HP software updates. If a shortcut doesn't exist, create your own and run it manually. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

You have jusched.exe running at Startup. It checks with Sun's Java updates site to see if newer Java versions are available. This program is not required to start automatically. You can do this manually by visiting http://java.sun.com or just run the Java Plug-In Control Panel. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

vphc700.exe ( Philips_SPC 700NC PC Camera_CameraMonitor Application_Sonix) process can be removed to free up resources without compromising system performance. Related to Philips_SPC 700NC PC Camera. Note: Located in C:\%WINDIR%\ . This is a valid program but it is not required to run on startup. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe

PASTARTER.EXE (Power_Archiver) process can be removed to free up resources without compromising system performance. Related to Power_Archiver from ConeXware, Inc. ZIP Support tool. Note: Located in \%Program. This is a valid program but it is not required to run on startup. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE

yahoomessenger.exe (YAHOOM~1.EXE) (Yahoo! Messenger process can be removed to free up resources without compromising system performance. yahoomessenger.exe is the executable for Yahoo! Messenger, a free instant messenging software from Yahoo! Inc.. It allows you to send and receive messages from online contacts. Other features include LAUNCHcast radio, Yahoo! Weather and Yahoo! Games. Disabling or enabling it is down to user preference. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

ati2evxx.exe is the ATI External Event Utility for your ATI display drivers. It manages the ATI Hotkey feature. This process can be removed to free up resources without compromising system performance. ati2evxx.exe is a process which provides optional features that the majority of us really do not use. The XT's overdrive feature uses this. If you have an XT, you'll probably want to leave this on. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources.
To change the service to Manual.
  • Right-click on My Computer and choose Manage.
  • Expand the Services and Applications section and click on Services.
  • On the right-side of the screen, find the entry for Ati HotKey Poller and double-click on it.
  • Change the Startup Type: to Manual.
  • Hit the OK button and close the Computer Management screen.
Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis.Item(s) to fix in HijackThis:

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

Close all browsers and other windows except for HijackThis, and click [b]Fix Checked
to have [b]HijackThis
fix the entries you checked.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#10 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:59 AM

Posted 24 August 2008 - 10:24 AM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users