Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Optimization Tips? (deckard's System Scanner Included)


  • This topic is locked This topic is locked
5 replies to this topic

#1 TimEggers

TimEggers

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tiskilwa, IL
  • Local time:07:30 AM

Posted 03 August 2008 - 08:02 PM

Hello,

I was referenced to this forum through the use if HijackThis and thought I would perform a scan and share it with hopes of gathering tips to further optimize my system. I'm happy with my current performance but want to maximize my system when at all possible. I'm an intermediate computer user/tweaker and do this for fun. Can you spot something that will further enhance my system? Thanks you very much for your time.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 19%
Physical Memory (total/avail): 2558.09 MiB / 2061.78 MiB
Pagefile Memory (total/avail): 3167.51 MiB / 2818.33 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.55 MiB

C: is Fixed (NTFS) - 145.41 GiB total, 125.35 GiB free.
D: is CDROM (No Media)
E: is CDROM (Unformatted)

\\.\PHYSICALDRIVE0 - ST3160023AS - 149.01 GiB - 3 partitions
\PARTITION0 - Unknown - 70.57 MiB
\PARTITION1 (bootable) - Installable File System - 145.41 GiB - C:
\PARTITION2 - Unknown - 3.53 GiB



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Timothy Eggers\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=EGGERS
ComSpec=C:\WINDOWS\system32\cmd.exe
DEVMGR_SHOW_NONPRESENT_DEVICES=1
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Timothy Eggers
KDS_LANGUAGE=13
LOGONSERVER=\\EGGERS
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Documents and Settings\Timothy Eggers\Application Data\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\crashreporter-override.ini
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Sonic Shared;C:\PROGRA~1\COMMON~1\Sonic Shared\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
STACKS=0,0
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\TIMOTH~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\TIMOTH~1\LOCALS~1\Temp
USERDOMAIN=EGGERS
USERNAME=Timothy Eggers
USERPROFILE=C:\Documents and Settings\Timothy Eggers
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Timothy Eggers (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
Ad-Aware 2008 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
aiofw --> MsiExec.exe /I{791E3D44-33D3-4446-82AD-5CD4B0169083}
aioocr --> MsiExec.exe /I{3BED0238-3A25-41AE-BC23-316914B5B048}
aioprnt --> MsiExec.exe /I{2A97D5B3-A989-47E1-B207-1CA9E3635655}
aioscnnr --> MsiExec.exe /I{C0251585-1BE8-4278-B3CB-964B6E01C59D}
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x7365
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Catalyst Control Center - Branding --> MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
center --> MsiExec.exe /I{79E41D91-BA1C-44B9-9358-48E598263ECF}
COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
DeepBurner Pro v1.9.0.228 --> "C:\Program Files\Astonsoft\DeepBurner Pro\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner Pro\install.log" -u
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
filehippo.com Update Checker --> "C:\Program Files\filehippo.com\uninstall.exe"
FireTune --> C:\WINDOWS\iun6002.exe "C:\Program Files\FireTune\irunin.ini"
Help_CTR --> MsiExec.exe /I{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}
helptut --> MsiExec.exe /I{843081BD-351F-46FC-8A17-517A0D9117A3}
helpug --> MsiExec.exe /I{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
jv16 PowerTools 2007 --> "C:\Program Files\jv16 PowerTools 2007\unins000.exe"
kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
KODAK All-in-One Printer Software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_1a7eb1fe\Setup.exe /APR-REMOVE
ksdip --> MsiExec.exe /I{73F1681F-ADE1-461F-9F18-B7640507D395}
Logitech Gaming Software 5.01 --> MsiExec.exe /X{C5961323-A2E5-4FAB-B92D-DBF6C282F0F5}
Microsoft Bootvis --> MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Tool Web Package : EXCTRLST.EXE --> MsiExec.exe /X{B0650E3D-FDCA-4908-B74B-0CC1731BDB93}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Modem Event Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
Photo Click --> MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED}
PowerDVD 5.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Scrapbook Factory Deluxe 4.0 --> MsiExec.exe /I{AE133141-825E-440E-AAE5-898ACE8E33C1}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001 --> MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
TBS WMP Plug-in --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\Intel 32\IDriver.exe /M{DB5F474C-B584-417F-810B-DEBBC1893C2A}
The Print Shop 20 --> MsiExec.exe /I{152BF35B-56D7-4652-B519-1661AAC270EE}
tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Xteq-dotec X-Setup Pro 6.6.300.Final1 --> "C:\Program Files\X-Setup Pro\unins000.exe"
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type122491 / Warning
Event Submitted/Written: 08/03/2008 05:34:05 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type122490 / Warning
Event Submitted/Written: 08/03/2008 05:34:05 PM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .

Event Record #/Type122487 / Warning
Event Submitted/Written: 08/03/2008 05:28:40 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type122486 / Warning
Event Submitted/Written: 08/03/2008 05:28:40 PM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .

Event Record #/Type122481 / Warning
Event Submitted/Written: 08/03/2008 05:21:58 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type70826 / Error
Event Submitted/Written: 08/03/2008 05:34:08 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error:
%%1058

Event Record #/Type70824 / Warning
Event Submitted/Written: 08/03/2008 05:34:05 PM
Event ID/Source: 1102 / SNMP
Event Description:
The SNMP Service is ignoring extension agent dll C:\WINDOWS\System32\dhcpmib.dll because it is missing or misconfigured.

Event Record #/Type70823 / Error
Event Submitted/Written: 08/03/2008 05:34:00 PM
Event ID/Source: 3095 / NETLOGON
Event Description:
This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Event Record #/Type70810 / Error
Event Submitted/Written: 08/03/2008 05:28:42 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error:
%%1058

Event Record #/Type70808 / Warning
Event Submitted/Written: 08/03/2008 05:28:40 PM
Event ID/Source: 1102 / SNMP
Event Description:
The SNMP Service is ignoring extension agent dll C:\WINDOWS\System32\dhcpmib.dll because it is missing or misconfigured.



-- End of Deckard's System Scanner: finished at 2008-08-03 19:49:48 ------------




Deckard's System Scanner v20071014.68
Run by Timothy Eggers on 2008-08-03 19:46:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
18: 2008-08-04 00:46:40 UTC - RP187 - Deckard's System Scanner Restore Point
17: 2008-08-03 15:46:13 UTC - RP186 - Removed World of Warcraft FREE Trial
16: 2008-08-03 15:42:32 UTC - RP185 - Shockwave Player
15: 2008-08-03 15:40:43 UTC - RP184 - Installed QuickTime
14: 2008-08-03 15:37:46 UTC - RP183 - Installed World of Warcraft FREE Trial


-- First Restore Point --
1: 2008-08-01 14:40:38 UTC - RP170 - Installed Windows Live


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Timothy Eggers.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:48:33 PM, on 8/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Documents and Settings\Timothy Eggers\Desktop\dss.exe
C:\PROGRA~1\Trend Micro\HijackThis\Timothy Eggers.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&...;N=PLHS&O=I
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;*.tvguide.com;<local>
R3 - URLSearchHook: (no name) - _{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutorunsDisabled
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1452/ftp...02/cpbrkpie.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll,avgrsstx.dll
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: StarOpen - Sonic Solutions - (no file)
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 6217 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)
S4 SASKUTIL - c:\program files\superantispyware\saskutil.sys (file missing)
S4 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 KodakSvc (Kodak AiO Device Service) - "c:\program files\kodak\printer\center\kodaksvc.exe" <Not Verified; Eastman Kodak Company; KodakSvc>

S3 LiveUpdate - "c:\progra~1\symantec\liveup~1\lucoms~1.exe" (file missing)
S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 Automatic LiveUpdate Scheduler - "c:\program files\symantec\liveupdate\aluschedulersvc.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-08-03 10:40:33 284 --a----c- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-08-03 09:47:26 302 --a----c- C:\WINDOWS\Tasks\Chkdsk.job
2008-08-03 09:46:55 198 --a----c- C:\WINDOWS\Tasks\Defrag2.job
2008-08-03 03:49:44 524 --a----c- C:\WINDOWS\Tasks\JkDefrag.job
2008-08-02 22:31:12 346 --a----c- C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2008-08-02 01:00:06 302 --a----c- C:\WINDOWS\Tasks\Disk Cleanup.job


-- Files created between 2008-07-03 and 2008-08-03 -----------------------------

2008-08-03 17:11:00 0 d------c- C:\Program Files\X-Setup Pro
2008-08-03 11:18:30 0 d-------- C:\Documents and Settings\Timothy Eggers\Application Data\Mozilla
2008-08-03 10:52:01 0 dr-h----- C:\Documents and Settings\Timothy Eggers\Recent
2008-08-03 10:40:30 0 d------c- C:\Program Files\Apple Software Update
2008-08-03 10:09:15 0 d------c- C:\Program Files\filehippo.com
2008-08-03 10:09:00 0 d------c- C:\Program Files\QuickTime
2008-08-03 10:07:24 0 d------c- C:\Program Files\Lavasoft
2008-08-03 10:07:22 0 d------c- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-02 23:42:43 0 d------c- C:\Program Files\Lavasoft(2)
2008-08-02 20:33:42 0 d------c- C:\Program Files\TweakXP 2
2008-08-01 09:47:59 0 d------c- C:\Program Files\QuickTime(2)
2008-08-01 09:47:09 0 d------c- C:\Program Files\Apple Software Update(2)
2008-08-01 09:46:17 0 d------c- C:\WINDOWS\system32\Adobe
2008-08-01 09:39:20 0 d------c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-01 09:39:09 0 d------c- C:\Program Files\Windows Live
2008-08-01 09:39:00 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-01 09:33:51 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-08-01 09:08:35 0 d------c- C:\Program Files\Common Files\Adobe AIR
2008-08-01 09:06:34 6787072 --a------ C:\Documents and Settings\Timothy Eggers\ntuser.dat
2008-07-16 17:55:59 0 d------c- C:\Program Files\Microsoft Silverlight
2008-07-13 00:09:10 0 d--h----- C:\$AVG8.VAULT$
2008-07-07 09:26:11 0 d------c- C:\WINDOWS\system32\drivers\Avg
2008-07-07 09:21:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8


-- Find3M Report ---------------------------------------------------------------

2008-08-03 10:37:18 0 d------c- C:\Program Files\ATI Technologies
2008-08-03 10:22:12 0 d------c- C:\Program Files\Common Files\Adobe
2008-08-03 10:07:22 0 d-a----c- C:\Program Files\Common Files
2008-08-03 03:50:00 4 --a----c- C:\Program Files\confirm.txt
2008-08-02 22:56:08 0 d------c- C:\Program Files\Trend Micro
2008-08-01 10:53:34 0 d------c- C:\Program Files\SpywareBlaster
2008-07-26 00:23:22 1088 --a----c- C:\WINDOWS\checkip.dat
2008-07-13 18:47:12 4212 ---h---c- C:\WINDOWS\system32\zllictbl.dat
2008-07-09 23:43:01 121965 --a------ C:\logfile
2008-07-07 23:39:33 0 d------c- C:\Program Files\Microsoft Bootvis
2008-07-05 00:13:01 25992 --a----c- C:\WINDOWS\system32\pgdfgsvc.exe <Not Verified; Sysinternals - www.sysinternals.com; Page File Defragmenter>
2008-07-03 23:06:35 0 d------c- C:\Program Files\Common Files\Real
2008-07-03 23:06:34 0 d-------- C:\Documents and Settings\Timothy Eggers\Application Data\Real
2008-07-03 21:05:00 593920 -------c- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-06-30 00:18:19 0 d------c- C:\Program Files\AVG
2008-06-12 19:45:34 0 d--h---c- C:\Program Files\InstallShield Installation Information


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
06/11/2008 10:33 PM 75128 --a--c--- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\cfp.exe" [06/07/2008 10:00 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/07/2008 09:26 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 07:12 PM]

C:\Documents and Settings\Timothy Eggers\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 2:04:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 2:04:12 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=0 (0x0)
"NoSMHelp"=01000000
"NoLogoff"=0 (0x0)
"NoRecentDocsMenu"=01000000
"NoRecentDocsHistory"=01000000
"NoSMMyDocs"=01000000
"NoSMMyPictures"=01000000
"NoNetworkConnections"=01000000
"NoRecentDocsNetHood"=01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
Ati2evxx.dll 07/03/2008 10:13 PM 139264 C:\WINDOWS\SYSTEM32\ati2evxx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\guard32.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ReminderApp"=C:\Program Files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe
"EKIJ5000StatusMonitor"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7359eb13-f9d3-11db-bb7f-001111cc0286}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7359eb14-f9d3-11db-bb7f-001111cc0286}]
AutoRun\command- G:\setupSNK.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

7285 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-03 19:49:48 ------------

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:30 AM

Posted 15 August 2008 - 02:26 PM

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new Deckard's System Scanner Log which includes the HijackThis log. Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 TimEggers

TimEggers
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tiskilwa, IL
  • Local time:07:30 AM

Posted 16 August 2008 - 07:45 PM

Hello Sue and thank you for your time. I ran another scan and included the information below for your review. Again I am relatively happy with my system performance but if you see something that would benefit me please share. Having said that in my time here I have seen many folks with legitimate problems so please feel free to glance at my information then move on to folks who genuinely need help. Again I thank you for your time and kind welcome (I've learned a lot from this group since my time here).

Deckard's System Scanner v20071014.68
Run by Timothy Eggers on 2008-08-16 18:59:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Timothy Eggers.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:00:04 PM, on 8/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Timothy Eggers\Desktop\dss.exe
C:\PROGRA~1\Trend Micro\HijackThis\Timothy Eggers.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&...;N=PLHS&O=I
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;*.tvguide.com;<local>
R3 - URLSearchHook: (no name) - _{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: AutorunsDisabled
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: StarOpen - Sonic Solutions - (no file)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 6753 bytes

-- Files created between 2008-07-16 and 2008-08-16 -----------------------------

2008-08-16 17:38:25 0 d------c- C:\WINDOWS\system32\drivers\Avg
2008-08-16 17:35:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-15 15:35:02 0 d-------- C:\Documents and Settings\Timothy Eggers\.idlerc
2008-08-15 15:34:20 0 d-------- C:\Python25
2008-08-15 15:00:40 0 dr-h----- C:\Documents and Settings\Timothy Eggers\Recent
2008-08-14 07:34:37 0 d-------- C:\Documents and Settings\Timothy Eggers\Application Data\wsInspector
2008-08-14 07:24:06 0 d------c- C:\Program Files\Startup Inspector for Windows
2008-08-13 07:35:49 0 d-------- C:\Documents and Settings\Timothy Eggers\Application Data\CheckPoint
2008-08-13 07:35:34 96 --a----c- C:\WINDOWS\system32\pdfl.dat
2008-08-13 07:35:34 224 --a----c- C:\WINDOWS\system32\lkfl.dat
2008-08-13 07:35:34 80 --a----c- C:\WINDOWS\system32\ibfl.dat
2008-08-13 07:35:30 0 d------c- C:\Program Files\CheckPoint
2008-08-13 07:23:28 3084320 --ahs--c- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-13 07:20:30 0 d------c- C:\WINDOWS\system32\ZoneLabs
2008-08-09 21:02:26 0 d------c- C:\Program Files\Lavasoft
2008-08-09 21:01:54 0 d------c- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-03 22:58:57 59 --a----c- C:\Program Files\AutoCHKDSK.bat
2008-08-03 20:13:18 0 d-------- C:\Documents and Settings\Timothy Eggers\Application Data\Malwarebytes
2008-08-03 20:12:56 0 d------c- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-03 20:12:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-03 17:11:00 0 d------c- C:\Program Files\X-Setup Pro
2008-08-03 11:18:30 0 d-------- C:\Documents and Settings\Timothy Eggers\Application Data\Mozilla
2008-08-03 10:40:30 0 d------c- C:\Program Files\Apple Software Update
2008-08-03 10:09:15 0 d------c- C:\Program Files\filehippo.com
2008-08-03 10:09:00 0 d------c- C:\Program Files\QuickTime
2008-08-02 23:42:43 0 d------c- C:\Program Files\Lavasoft(2)
2008-08-02 20:33:42 0 d------c- C:\Program Files\TweakXP 2
2008-08-01 09:47:59 0 d------c- C:\Program Files\QuickTime(2)
2008-08-01 09:47:09 0 d------c- C:\Program Files\Apple Software Update(2)
2008-08-01 09:46:17 0 d------c- C:\WINDOWS\system32\Adobe
2008-08-01 09:39:20 0 d------c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-01 09:39:09 0 d------c- C:\Program Files\Windows Live
2008-08-01 09:39:00 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-01 09:33:51 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-08-01 09:08:35 0 d------c- C:\Program Files\Common Files\Adobe AIR
2008-08-01 09:06:34 6291456 --a------ C:\Documents and Settings\Timothy Eggers\ntuser.dat
2008-07-16 17:55:59 0 d------c- C:\Program Files\Microsoft Silverlight


-- Find3M Report ---------------------------------------------------------------

2008-08-15 11:15:39 0 d------c- C:\Program Files\Microsoft Bootvis
2008-08-13 09:35:23 0 d------c- C:\Program Files\SpywareBlaster
2008-08-13 07:23:25 0 d------c- C:\Program Files\Comodo
2008-08-13 07:23:25 0 d-------- C:\Documents and Settings\Timothy Eggers\Application Data\Comodo
2008-08-13 07:22:19 4212 ---h---c- C:\WINDOWS\system32\zllictbl.dat
2008-08-13 06:59:14 0 d------c- C:\Program Files\Messenger
2008-08-11 07:02:18 0 d------c- C:\Program Files\Java
2008-08-09 21:01:54 0 d-a----c- C:\Program Files\Common Files
2008-08-05 23:45:48 124377 --a------ C:\logfile
2008-08-03 22:49:52 25992 --a----c- C:\WINDOWS\system32\pgdfgsvc.exe <Not Verified; Sysinternals - www.sysinternals.com; Page File Defragmenter>
2008-08-03 10:37:18 0 d------c- C:\Program Files\ATI Technologies
2008-08-03 10:22:12 0 d------c- C:\Program Files\Common Files\Adobe
2008-08-03 03:50:00 4 --a----c- C:\Program Files\confirm.txt
2008-08-02 22:56:08 0 d------c- C:\Program Files\Trend Micro
2008-07-26 00:23:22 1088 --a----c- C:\WINDOWS\checkip.dat
2008-07-03 23:06:35 0 d------c- C:\Program Files\Common Files\Real
2008-07-03 23:06:34 0 d-------- C:\Documents and Settings\Timothy Eggers\Application Data\Real
2008-07-03 21:05:00 593920 -------c- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-06-30 00:18:19 0 d------c- C:\Program Files\AVG


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
06/11/2008 10:33 PM 75128 --a--c--- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [07/09/2008 09:05 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [08/16/2008 05:38 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 07:12 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42 AM]

C:\Documents and Settings\Timothy Eggers\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 2:04:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 2:04:12 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=0 (0x0)
"NoSMHelp"=01000000
"NoLogoff"=0 (0x0)
"NoRecentDocsMenu"=01000000
"NoRecentDocsHistory"=01000000
"NoSMMyDocs"=01000000
"NoSMMyPictures"=01000000
"NoNetworkConnections"=01000000
"NoRecentDocsNetHood"=01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
Ati2evxx.dll 07/03/2008 10:13 PM 139264 C:\WINDOWS\SYSTEM32\ati2evxx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ReminderApp"=C:\Program Files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe
"EKIJ5000StatusMonitor"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7359eb13-f9d3-11db-bb7f-001111cc0286}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7359eb14-f9d3-11db-bb7f-001111cc0286}]
AutoRun\command- G:\setupSNK.exe

*Newly Created Service* - AVG8EMC
*Newly Created Service* - AVG8WD
*Newly Created Service* - AVGLDX86
*Newly Created Service* - AVGMFX86



-- End of Deckard's System Scanner: finished at 2008-08-16 19:01:07 ------------

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:30 AM

Posted 24 August 2008 - 09:16 AM

Let's try to get rid of the O24 entry.
  • Click Start > Control Panel > Display > Desktop > Customize Desktop...> Web tab.
  • Uncheck and delete everything you find in there (except for "My current home page"),
  • Remove the check mark from the the Lock Desktop Items box if it is checked.
  • Click Apply .
  • Click OK > OK.
  • Click the white "X" in the red square at the top right of the screen to exit Display properties.
  • Run HijackThis and check the O24 - Desktop Component 0: (no name) - (no file) entry, if it still exists, and click Fix checked .
  • Reboot your computer and post a new HijackThis log.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:30 AM

Posted 24 August 2008 - 10:16 AM

I do not see any obvious signs of malware. I have some suggestions for general cleaning of your computer.

Step 1

You may want to print this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step 2

Be sure you have the latest versions of Ad-Aware and Adobe Reader which are Ad-Aware 2008 and Adobeģ Readerģ 9.

Step 3

In normal mode, run an online antivirus check from at least two and preferably three of the following sites
BitDefender
Computer Associates Online Virus Scan
Panda's ActiveScan
Trend Micro Housecall
Windows Live Safety Center Free Online Scan
This scanner from Trend does not require an Active X to run.
  • Detects and removes malware ( viruses, worms, trojans, etc. )
  • Detects and removes grayware and spyware
  • Restores damage caused by malware to your system.
  • Notifies about vulnerabilities in installed programs and connected network services.
  • Multi-platform support for: Windows, Linux, Solaris.
  • Easy-to-use with the Microsoft Internet Explorer and Mozilla Firefox.
When you have completed the scans, if you get a report of files that canít be cleaned / deleted, make a note of the file location of anything that cannot be deleted so you can delete it yourself. Please post that list in your next reply.

Step 4

I recommend using Spyware Blaster.
Please download SpywareBlaster. SpywareBlaster helps to:
  • Prevent the installation of Active X-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
  • Restrict the actions of potentially unwanted sites in Internet Explorer.
Please see Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware for instructions on how to download, install, and use SpywareBlaster.

Step 5

Windows Defender is a free program that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software. It features Real-Time Protection, a monitoring system that recommends actions against spyware when it is detected and minimizes interruptions and helps you stay productive.

Please download and install Windows Defender.
  • Confirm that your computer meets the minimum system requirements to install Windows Defender.
  • Visit the Windows Defender page in the Microsoft Download Center. Click the Continue button and follow the directions on the succeeding pages to download the program and start the Installation Wizard.
  • Follow the steps in the Installation Wizard. You will be asked if you want to participate in the Microsoft SpyNet online community. We suggest you choose the first option,
  • Use recommended settings.
  • Click Next to continue.
  • Click Install to begin installing Windows Defender.
  • When installation is complete, click Finish. Windows Defender will begin to scan your computer.
  • For more information, See How to install and set up Windows Defender
Step 6

Malwarebytes' Anti-Malware is FREEWARE, however you may upgrade to the PRO version which contains realtime protection, scheduled scanning and updating.
  • Please download Malwarebytes Anti-Malware (MBAM). Alternate download link
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing scan. If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from the Malware Bytes Web site. Scroll down the page until you see Latest Database; click Download from GT500.org
  • Double-click on mbam-rules.exe to install.
  • On the Scanner tab, make sure the Perform Quick Scan option is selected.
  • Click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and Scan in progress will show at the top. It may take some time to complete; please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully.
  • At the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
  • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Step 7

ATF-Cleaner features include:
  • Cleaning of all user temp folders, administrator only can use this feature.
  • Cleaning of the Java cache, which seems to be harboring more and more malware.
  • Cleaning the cache, cookies, history, download history, visited links and saved passwords. You have the option of checking no if you want to save your passwords.
Please download the ATF-Cleaner by Atribune.
Instructions:
  • Double-click ATF-Cleaner.exe to run the program.
  • Check the boxes to the left of:
    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Prefetch (Windows XP) only
    • Java Cache
  • The rest are optional - if you want to remove them all, check Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
If you use the Firefox browser:
  • Click Firefox at the top and choose: Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use the Opera browser:
  • Click Opera at the top and choose: Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
If needed, Tutorial on ATF Cleaner with pictures.
Do not run it yet.

Step 8

Please disconnect from the Internet. Please close ALL browser windows (including this one).

Step 9

During the process of removing malware from your computer, there are times you may need to use specialized fix tools. Certain embedded files that are part of these specialized fix tools may be detected by your antivirus or anti-malware scanner as a RiskTool, Hacking tool, Potentially unwanted tool, a virus or a Trojan when that is not the case.
These tools have been carefully created and tested by security experts so if your antivirus or anti-malware program flags them as malware, then it is a False Positive. Antivirus scanners cannot distinguish between good and malicious use of such programs; therefore, they may alert you or even automatically remove them. In these cases, the removal of these files can have unpredictable results and unintentional results.
To avoid any problems while using a specialized fix tool, it is very important that you temporarily disable your antivirus and/or anti-malware programs before using the specialized fix tool.
When your system has been cleaned, it is important that you enable your security programs to avoid reinfection.

Please disable the following program:

Spybot - Search and Destroy TeaTimer
  • Please disable Spybot - Search and Destroy TeaTimer, as it will prevent HijackThis from fixing the infection. You can enable it after you're clean. To disable Spybot - Search and Destroy TeaTimer:
  • Open Spybot - Search and Destroy.
  • Click Mode in the toolbar.
  • Select Advance Mode.
  • Click Tools.
  • ClickResident.
  • Uncheck the box next to Resident Tea-Timer.
  • Close Spybot - Search and Destroy.
  • Reboot your machine.
    Don't forget to restart Spybot - Search and Destroy's Teatimer when your machine is clean and undo the changes above.
  • If needed, How To Disable Spybot Search and Destroy TeaTimer.
Step 10

Uninstall the following programs (Do not worry if they are not there.)

C:\PROGRA~1\ "Symantec" which contains \LIVEUP~1\LUCOMS~1.EXE

To uninstall the C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE.
  • Click Start > Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight LiveUpdate, click Remove.
  • Close the Add or Remove Programs and the Control Panel windows.
  • Using Windows Explorer (Windows key+e), search for the C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE folder. If the program folder is still there, select/highlight the C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE. DELETE it. (File > Delete.) If Windows is not installed on the C drive, replace C:\ with the appropriate drive letter.
  • Close Windows Explorer.
Step 11

Use ctrl + alt + del (Three keys together) to get task manager. Find these processes and end task them.
OR
Use the Process Manager in HijackThis:
  • Open HijackThis.
  • Click Open the Misc Tools Section
  • Click Open Process manager, find these programs and kill process the following running processes (Do not worry if they are not there.)
LUCOMS~1.EXE

Step 12

Now we will address the HijackThis fixes.

Please run HijackThis and click Scan. Place checks next to the following entries (make sure not to miss any):

R3 - URLSearchHook: (no name) - _{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)


Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.

Step 13

Optional Fixes is the name that we use for fixes for unnecessary programs that load during startup and run in the background. These programs are not required to start automatically as you can start them manually if you need them. You would be removing the program from your startup but you would not be removing the program itself.

Your computer may be sluggish due to the many programs loading during startup and running in the background that are not necessary. Windows has a facility for starting programs at startup time. Some of these programs are required for your computer and the applications installed on it to run correctly. A good example of such a program is a virus-checking application that must always run, constantly checking for and isolating or removing files with viruses. Other such programs are not strictly required, or are optional. In some cases, you can gain significant performance enhancements by disabling the automatic startup of these programs. In many cases, the functionality offered by the programs is still available by starting the programs manually by, for example, starting the program from the Windows Start->Programs menu. Media players and instant messaging programs often fall into this category. In fact, it is common for many modern software applications, when installed, to add programs at startup that add items to the system tray or shortcut (context) menus in Windows Explorer to provide quick access to the features and functions of these applications. While they may be useful, they do increase boot time and consume system resources. It is advised that you disable these programs so that they do not take up necessary resources or slow the boot time.

Other than ScanRegistry, SystemTray, StateMgr, antivirus program entries, and firewall program entries, very few others need to load and run.

Read the articles below to see if it applies to your computer problem with being slow to respond.
Slow_Computer_Check_here_first_it_may_not_be_malware.
Help! My computer is slow!
50 Tips for a Super Fast PC
4 Ways to Speed Up Your Computer's Performance
It's not always malware: How to fix the top 10 Internet Explorer issues

You will be removing the program from your startup but you will not be removing the program itself. Scan with HijackThis.

Please run HijackThis and click Scan. Place checks next to the following entries:

msmsgs.exe (MSN Messenger Internet chat tool) is the main process relating to the MSN Messenger Internet chat tool installed by default on most Windows computers. The Windows Messenger (IM, MSN Messenger) from Microsoft provides Online Chat and Instant Messaging. If you don't use Windows Messenger, you can
  • Rename the "Messenger" folder.
  • Uninstall, Stop, Disable or Remove "Windows Messenger (IM, MSN Messenger)".
A tray bar is also installed alongside this process for easy access to its features which include Internet chat, file sharing and audio/video conferencing. This is a non-essential process. Disabling or enabling it is down to user preference. process can be removed to free up resources without compromising system performance. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

WebmasterWorld says:

LinkScanner was withdrawn because it was a security risk for AVG users.

I recommend that you remove AVG V8 and reload it without the website scanner or download AVG Free.
Please see this thread regarding Linkscanner Concerns AVG Stops Real-Time Scanning" Indicated in the HijackThis log by:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

ati2evxx.exe is the ATI External Event Utility for your ATI display drivers. It manages the ATI Hotkey feature. This process can be removed to free up resources without compromising system performance. ati2evxx.exe is a process which provides optional features that the majority of us really do not use. The XT's overdrive feature uses this. If you have an XT you'll probably want to leave this on. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources.
To change the service to Manual.
  • Right-click on My Computer and choose Manage.
  • Expand the Services and Applications section and click on Services.
  • On the right-side of the screen, find the entry for Ati HotKey Poller and double-click on it.
  • Change the Startup Type: to Manual.
  • Hit the OK button and close the Computer Management screen.
Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

IDriverT.exe (InstallDriver Table Manager) process can be removed to free up resources without compromising system performance. IDriverT.exe is a process which belongs to the InstallShield product installation service which should only appear when you are installing a new piece of software. This program is not required to start automatically as you can start it manually if you need it. To change to Manual:
  • Right-click on My Computer and choose Manage.
  • Expand the Services and Applications section and click on Services.
  • On the right-side of the screen, find the entry for InstallDriver Table Manager and double-click on it.
  • Change the Startup Type: to Manual.
  • Hit the OK button and close the Computer Management screen.
Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.

Step 14

Using Windows Explorer, (My Computer (Windows key+e) search for the following files/folders and DELETE the following Folders indicated in BLUE. (Do not worry if they are not there):

C:\PROGRA~1\ Symantec which contains \LIVEUP~1\LUCOMS~1.EXE

Step 15

Letís run ATF-Cleaner to ensure no malware is hiding in temporary folders and for general computer cleanup to free space on your computer.

Step 16

Please run HijackThis in Normal Mode and post a new HijackThis log so I can make sure that all the malware was deleted according to plan.

Please post the list of file names and locations for any files that canít be cleaned / deleted that were reported after you completed the online scans.

Please advise me of any problems you still have.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:30 AM

Posted 04 September 2008 - 08:05 AM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users