Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ie Won't Connect & Other User Accounts Cause Cpu To Go Through The Roof


  • This topic is locked This topic is locked
5 replies to this topic

#1 ErrorMessage

ErrorMessage

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Location:Devon
  • Local time:02:11 PM

Posted 26 April 2007 - 08:49 AM

Hi Folks

XP Pro, have 5 user accounts (2 admin - me n missus, 3 standard for small kids).
Sophos Anti V, Zone Alarm, Ad-Aware all installed and (more or less) up to date.
My login appears to work ok apart from not being able to connect to internet (via IE) get a time out message. All other user accounts cause the CPU to go thru' the roof and the pc is virtually unusable, slow response etc etc, screen takes an age to refresh.
Scanned using sophos and found some nasties that were quarantined/deleted but troubles persist.
HJT log attached below.

Logfile of HijackThis v1.99.1
Scan saved at 07:52:47, on 26/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.metoffice.gov.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - Global Startup: ICMON.lnk = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe


Grateful for any assistance.
Cheers
Andy
Knowledge is knowing a tomato is a fruit; Wisdom is not putting it in a fruit salad

BC AdBot (Login to Remove)

 


m

#2 ErrorMessage

ErrorMessage
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Location:Devon
  • Local time:02:11 PM

Posted 26 April 2007 - 05:49 PM

Don't know if this will help but I ran DSS and here are the logs.
Attached and copied

Deckard's System Scanner v20070423.42
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 31%
Physical Memory (total/avail): 1022.79 MiB / 704.2 MiB
Pagefile Memory (total/avail): 4925.33 MiB / 4718.46 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1952.54 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.55 GiB total, 14.68 GiB free.
D: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Fixed (NTFS) - 195.33 GiB total, 143 GiB free.
I: is CDROM (No Media)
J: is Removable (No Media)
K: is Removable (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.

FW: ZoneAlarm Firewall v7.0.337.000 (Check Point, LTD.)
AV: Sophos Anti-Virus v () Disabled Outdated


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Dad\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=WEEBEASTIE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Dad
LOGONSERVER=\\WEEBEASTIE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adobe\AGL;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Dad\LOCALS~1\Temp
TMP=C:\DOCUME~1\Dad\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=WEEBEASTIE
USERNAME=Dad
USERPROFILE=C:\Documents and Settings\Dad
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Dad (admin)
Wifey (admin)
Ellen
Cassie
Molly.WEEBEASTIE
Administrator.WEEBEASTIE (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Ashampoo Burning Studio 6 --> "C:\Program Files\Ashampoo\Ashampoo Burning Studio 6\Uninstall\BS6_Uninstall.EXE"
Ashampoo UnInstaller Platinum 2 --> "C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\Uninstall\UIP_Uninstall.exe"
ASUS Enhanced Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9 -removeonly
ASUS GameFace Live --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{68D8533B-9EE7-46AB-B8B2-D643F888C5DF}
ASUS Probe V2.22.02 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Probe\probunis.dll"
ASUS Radio Player V1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6D43069B-6B59-45FA-AF0A-C297359DAB98}\Setup.exe" -l0x9
ASUS SmartDoctor --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{12E11FBB-7CA6-4A86-834D-5E6390D51009} /l1033
ASUS Utilities --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{F4026ECE-9F19-43EC-9FC8-474C2DB7D2BE} /l1033
ASUS VideoSecurity Online --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{169E414A-37C7-434E-9021-27A03AE087CD}
Bonusprint PhotoBook Editor --> "C:\Program Files\Bonusprint PhotoBook Editor\unins000.exe"
Bonusprint Pix --> C:\PROGRA~1\BONUSP~2\UNWISE.EXE C:\PROGRA~1\BONUSP~2\INSTALL.LOG
Canon CanoScan Toolbox 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\setup.exe" -l0x9
CanoScan LiDE20,30 Manual --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B360A8E5-C171-4AAE-9777-65B3CDB0072C}\setup.exe" -l0x9
Conexant AccessRunner USB ADSL WAN Adapter --> C:\Program Files\Conexant\AccessRunner ADSL\CnxUnist.exe -w7 AccessRunner ADSL
Doom II for Windows 95 --> H:\GAMES\doomII\uninstl.exe /S H:\GAMES\doomII
Family Tree Legends --> MsiExec.exe /I{1ED6CA46-633C-46CD-9D0F-2A8AE225E8A6}
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
HijackThis 1.99.1 --> C:\Program Files\HiJackThis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hyper-Threading Technology Test Utility --> MsiExec.exe /X{1D5E76F3-6F61-482B-86B4-7D0C8FBE824C}
iolo technologies' System Mechanic 7 --> "C:\Program Files\iolo\System Mechanic 7\unins000.exe"
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Lavasoft VX2 Cleaner --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\INSTALL.LOG
LSP Explorer plug-in for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\LSPEXP~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\LSPEXP~1\INSTALL.LOG
Microsoft Color Control Panel Applet for Windows XP --> MsiExec.exe /X{CE378F36-E404-4244-A33F-F50A2A6D31BD}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91E30409-6000-11D3-8CFE-0150048383C9}
Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50) --> MsiExec.exe /X{2E5A5B57-57FC-4C79-A239-9DB280ADEC2A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
myphotobook 3.01 --> C:\Program Files\myphotobook\uninst.exe
Nikon FotoShare --> C:\Program Files\Nikon\FotoShare\Uninstal.exe C:\PROGRA~1\Nikon\FOTOSH~1\INSTALL.LOG
Nikon Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenMG Limited Patch 4.4-06-13-19-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.4-06-13-19-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.4.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{CFB17307-B244-4EAD-AE8E-CDAF440477C2} UNINSTALL
PictureProject --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
Sophos Anti-Virus --> MsiExec.exe /X{09C6BF52-6DBA-4A97-9939-B6C24E4738BF}
Sophos AutoUpdate --> MsiExec.exe /X{15C418EB-7675-42be-B2B3-281952DA014D}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
TotalPIX Editor --> "C:\Program Files\TotalPIX Editor\unins000.exe"
Windows Live Messenger --> MsiExec.exe /I{FCE50DB8-C610-4C42-BE5C-193F46C6F812}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- End of Deckard's System Scanner: finished at 2007-04-26 at 23:36:30 ---------

And now for the 'Main'
Deckard's System Scanner v20070423.42
Run by Dad on 2007-04-26 at 23:34:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
55: 2007-04-26 22:34:29 UTC - RP182 - Deckard's System Scanner Restore Point
54: 2007-04-26 20:45:11 UTC - RP181 - System Checkpoint
53: 2007-04-24 15:38:05 UTC - RP180 - Installed Sophos AutoUpdate
52: 2007-04-24 15:36:06 UTC - RP179 - Installed Sophos Anti-Virus
51: 2007-04-23 21:00:28 UTC - RP178 - Removed SonicStage


-- First Restore Point --
1: 2007-01-25 18:46:01 UTC - RP128 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Dad.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 23:35:49, on 26/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Dad\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Dad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.metoffice.gov.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe


-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20060822-174037-141 O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll (file missing)
backup-20060822-174037-223 O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - C:\Program Files\IntCodec\isaddon.dll (file missing)
backup-20060822-174037-249 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
backup-20060822-174037-255 O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe"
backup-20060822-174037-319 O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
backup-20060822-174037-336 O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe"
backup-20060822-174037-344 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
backup-20060822-174037-398 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
backup-20060822-174037-470 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.metoffice.gov.uk/
backup-20060822-174037-479 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
backup-20060822-174037-521 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btinternet.com/
backup-20060822-174037-552 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.freeserve.com/iesearch/default.htm
backup-20060822-174037-590 O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe"
backup-20060822-174037-611 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
backup-20060822-174037-665 O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Program Files\IntCodec\iesplugin.dll (file missing)
backup-20060822-174037-707 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20060822-174037-810 R3 - Default URLSearchHook is missing
backup-20060822-174037-896 O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
backup-20060822-174037-977 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
backup-20060822-174138-340 O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
backup-20060822-174138-457 O23 - Service: PC-cillin Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\PC-cillin 2003\PccPfw.exe
backup-20060822-174138-692 O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
backup-20060822-174138-890 O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
backup-20060824-075116-229 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20060824-075116-951 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20061012-213601-331 O21 - SSODL: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - C:\WINDOWS\system32\tazth.dll (file missing)
backup-20061012-213601-473 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20061012-213601-728 O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Program Files\HQVideoCodec\isaddon.dll
backup-20061012-213727-276 O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Program Files\HQVideoCodec\isaddon.dll
backup-20061124-220950-645 O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Program Files\HQVideoCodec\isaddon.dll (file missing)
backup-20061124-221051-638 O11 - Options group: [INTERNATIONAL] International*
backup-20070423-181643-425 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070423-181643-936 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070423-181804-151 O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
backup-20070423-181804-303 O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
backup-20070423-181804-337 O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
backup-20070423-181804-502 O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
backup-20070423-181804-941 O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
backup-20070423-181804-973 O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
backup-20070423-214943-730 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
backup-20070423-214944-529 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070423-214945-160 O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
backup-20070423-214945-369 O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
backup-20070423-214945-555 O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
backup-20070423-215909-656 O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
backup-20070423-215909-855 O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
backup-20070423-224917-101 O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start
backup-20070423-224917-279 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20070423-224917-321 O4 - HKCU\..\Run: [WinColorReminder] C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe
backup-20070423-224917-841 O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
backup-20070424-182055-551 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
backup-20070424-182055-571 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070424-182056-123 O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
backup-20070424-182139-299 O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
backup-20070424-182637-231 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
backup-20070424-182638-377 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
backup-20070424-182704-118 O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
backup-20070424-190318-109 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
backup-20070424-190318-192 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
backup-20070424-190318-889 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1157772726390
backup-20070424-190441-760 O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
backup-20070424-190441-945 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
backup-20070424-205243-405 R3 - Default URLSearchHook is missing
backup-20070424-205243-625 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
backup-20070424-205243-862 O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
backup-20070424-205243-895 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070426-230628-177 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070426-230628-198 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070426-230628-426 O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - shell\open\command - NOTEPAD.EXE %1
.scr - scrfile - shell\open\command - NOTEPAD.EXE %1
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 atiide - c:\windows\system32\drivers\atiide.sys <Verified; ATI Technologies Inc.; ATI PCI BUS MASTER IDE Controller Driver; 1.00.0000.3; 1.00.0000.3 built by: WinDDK>
R0 caboagp (ATI Cabo AGP Filter) - c:\windows\system32\drivers\atisgkaf.sys <Not Verified; ATI Technologies Inc.; ATI AGP GART Driver; 5.00.2195.1007; 5.00.2195.1007>
R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver; 1.60.1101; 1.60.1101>
R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.; 1.0.0.1; 1.0.0.1>
R1 SAVOnAccess Control - c:\windows\system32\drivers\savonaccesscontrol.sys <Verified; Sophos plc; Sophos Anti-Virus for Windows XP, 2000, 2003; 5.1.3; 3.6.0.222>
R1 SAVOnAccess Filter - c:\windows\system32\drivers\savonaccessfilter.sys <Verified; Sophos plc; Sophos Anti-Virus for Windows XP, 2000, 2003; 5.1.3; 3.6.0.222>
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt; 1, 0, 0, 17; 1, 0, 0, 17>
R2 aslm75 - c:\windows\system32\drivers\aslm75.sys
R2 Asusio - c:\program files\asus\asus radio player v1.0\asusio.sys
R2 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT; 1.94; 1.93>
R2 wg3n (SyGate for NT, wg3n) - c:\windows\system32\drivers\wg3n.sys <Not Verified; Sygate Technologies, Inc.; SyberGen WGXN; 1.01.1222; 1.01.1222>
R3 aeaudio - c:\windows\system32\drivers\aeaudio.sys <Verified; Andrea Electronics Corporation; Andrea Audio Driver; 1.0.0.2 (STUB); 1.0.0.2 (STUB)>
R3 EL90Xbc (3Com 3C90X-BC Family PCI EtherLink Adapter) - c:\windows\system32\drivers\el90xbc5.sys <Verified; 3Com Corporation; 3Com EtherLink PCI; 5.00; 4.35.00.0000>
R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver; 5.12.01.3860; 5.12.01.3860>
R3 SNCP106 (PC Camera (6009 CIF)) - c:\windows\system32\drivers\sncp106.sys <Verified; ; PC Camera driver; 0, 9, 4, 0; 0, 9, 4, 0>
R3 Video3D (ASUS Video3D Service) - c:\windows\system32\drivers\video3d.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Video3D driver; 1.0.0.1; 1.0.0.1>
R3 vulfnths (VIA USB Host Controller Lower Filter) - c:\windows\system32\drivers\vulfnth.sys <Not Verified; VIA Technologies, Inc.; VIA USB Host Controller Lower Filter Driver; 2.60; 2.60>
R3 vulfntrs (VIA USB Roothub Lower Filter) - c:\windows\system32\drivers\vulfntr.sys <Not Verified; VIA Technologies, Inc.; VIA USB Roothub Lower Filter Driver; 2.64; 2.64>

S3 ASUSHWIO - c:\windows\system32\drivers\asushwio.sys (file missing)
S3 atirage3 - c:\windows\system32\drivers\atimpae.sys <Verified; ATI Technologies Inc.; Microsoft® Windows® Operating System; 5.1.2493.0; 5.1.2493.0 (Lab01_N(ericks).010612-1818)>
S3 CnxEtP (Conexant AccessRunner USB ADSL WAN Adapter Filter Driver) - c:\windows\system32\drivers\cnxetp.sys <Not Verified; Conexant; Conexant USB ADSL Modem; 32.099.074.000; 32.099.074.000>
S3 CnxEtU (Conexant AccessRunner USB ADSL Interface Device Driver) - c:\windows\system32\drivers\cnxetu.sys <Not Verified; Conexant; Conexant USB ADSL Modem; 32.099.074.000; 32.099.074.000>
S3 CnxTgN (Conexant AccessRunner USB ADSL WAN Adapter Driver) - c:\windows\system32\drivers\cnxtgn.sys <Not Verified; Conexant Systems Inc.; Conexant AccessRunner ADSL; 13032.099.074.000; 13032.099.074.000>
S3 EnumChip - i:\driver\gart\enumchip.sys (file missing)
S3 ltmodem5 (LT Modem Driver) - c:\windows\system32\drivers\ltmdmnt.sys <Verified; LT; LT V.92 Data+Fax Modem Version 8.28; 8.28; 8.28>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service; 1, 0, 1, 0; 1, 0, 1, 0>
R2 SAVAdminService (Sophos Anti-Virus status reporter) - "c:\program files\sophos\sophos anti-virus\savadminservice.exe" <Not Verified; Sophos Plc; Sophos Anti-Virus; 6.0.6; 1.0.0.1060>
R2 SAVService (Sophos Anti-Virus) - "c:\program files\sophos\sophos anti-virus\savservice.exe" <Not Verified; Sophos Plc; Sophos Anti-Virus; 6.0.6; 1.0.0.1060>
R2 Sophos AutoUpdate Service - "c:\program files\sophos\autoupdate\alsvc.exe" <Not Verified; Sophos Plc; Sophos AutoUpdate; 2.1.1; 3.7.18.129>
R2 SoundMAX Agent Service (default) (SoundMAX Agent Service) - c:\program files\analog devices\soundmax\smagent.exe <Not Verified; Analog Devices, Inc.; SoundMAX service agent; 3, 2, 6, 0; 3, 2, 6, 0>

S3 ioloDMV (iolo DMV Service) - c:\program files\iolo\common\lib\iolodmvsvc.exe
S3 SPTISRV (Sony SPTI Service) - "c:\program files\common files\sony shared\avlib\sptisrv.exe" <Not Verified; Sony Corporation; SPTISRV Module; 4.4.00.11241; 4.4.00.11241>
S4 MSCSPTISRV - "c:\program files\common files\sony shared\avlib\mscsptisrv.exe" <Not Verified; Sony Corporation; MSCSPTISRV Module; 4.4.00.11241; 4.4.00.11241>
S4 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe" <Not Verified; Sony Corporation; PACSPTISVR Module; 4.4.00.11241; 4.4.00.11241>


-- Scheduled Tasks -------------------------------------------------------------

2007-04-26 21:00:00 524 --a------ C:\WINDOWS\Tasks\Daily.job


-- Files created between 2007-03-26 and 2007-04-26 -----------------------------

2007-04-24 20:08:43 0 d-------- C:\Documents and Settings\Administrator.WEEBEASTIE\Favorites
2007-04-24 20:08:43 0 d-------- C:\Documents and Settings\Administrator.WEEBEASTIE\Desktop
2007-04-24 20:08:43 0 d--hs---- C:\Documents and Settings\Administrator.WEEBEASTIE\Cookies
2007-04-24 20:08:43 0 dr-h----- C:\Documents and Settings\Administrator.WEEBEASTIE\Application Data
2007-04-24 20:08:43 0 d---s---- C:\Documents and Settings\Administrator.WEEBEASTIE\Application Data\Microsoft
2007-04-24 20:08:42 0 d--h----- C:\Documents and Settings\Administrator.WEEBEASTIE\Templates
2007-04-24 20:08:42 0 dr------- C:\Documents and Settings\Administrator.WEEBEASTIE\Start Menu
2007-04-24 20:08:42 0 dr-h----- C:\Documents and Settings\Administrator.WEEBEASTIE\SendTo
2007-04-24 20:08:42 0 d--h----- C:\Documents and Settings\Administrator.WEEBEASTIE\Recent
2007-04-24 20:08:42 0 d--h----- C:\Documents and Settings\Administrator.WEEBEASTIE\PrintHood
2007-04-24 20:08:42 0 d--h----- C:\Documents and Settings\Administrator.WEEBEASTIE\NetHood
2007-04-24 20:08:42 0 d-------- C:\Documents and Settings\Administrator.WEEBEASTIE\My Documents
2007-04-24 20:08:42 0 d--h----- C:\Documents and Settings\Administrator.WEEBEASTIE\Local Settings
2007-04-24 20:08:40 1048576 --ah----- C:\Documents and Settings\Administrator.WEEBEASTIE\NTUSER.DAT
2007-04-24 16:37:25 0 d-------- C:\Program Files\Common Files\Cisco Systems
2007-04-24 16:37:20 15872 --a------ C:\WINDOWS\system32\SophosBootTasks.exe <Not Verified; Sophos Plc; Sophos Anti-Virus; 6.0.0; 1.0.0.1017>
2007-04-24 16:37:09 0 d-------- C:\Program Files\Sophos
2007-04-24 16:37:09 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sophos
2007-04-24 16:34:47 24064 --a------ C:\WINDOWS\system32\drivers\savonaccessfilter.sys <Verified; Sophos plc; Sophos Anti-Virus for Windows XP, 2000, 2003; 5.1.3; 3.6.0.222>
2007-04-24 16:34:46 80128 --a------ C:\WINDOWS\system32\drivers\savonaccesscontrol.sys <Verified; Sophos plc; Sophos Anti-Virus for Windows XP, 2000, 2003; 5.1.3; 3.6.0.222>
2007-04-24 16:34:42 0 d-------- C:\savxpsa
2007-04-23 16:44:03 0 d-------- C:\Documents and Settings\Wifey\Phone Browser
2007-04-23 15:58:03 0 d-------- C:\Documents and Settings\Ellen\Phone Browser
2007-04-22 14:58:15 0 d-------- C:\Program Files\MSXML 4.0
2007-04-22 14:48:17 0 d-------- C:\Documents and Settings\Dad\Phone Browser
2007-04-22 14:44:08 90624 --a------ C:\WINDOWS\system32\nmwcdcls.dll <Not Verified; Nokia; ; ; 6.83.6.0>
2007-04-22 14:43:38 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
2007-04-22 14:30:49 0 d-------- C:\Documents and Settings\Dad\Application Data\PC Suite
2007-04-22 14:29:30 0 d-------- C:\Program Files\Common Files\PCSuite
2007-04-22 14:29:29 0 d-------- C:\Program Files\Common Files\Nokia
2007-04-11 09:25:04 0 dr-h----- C:\Documents and Settings\Dad\Recent
2007-04-06 00:48:18 1087216 --a------ C:\WINDOWS\system32\zpeng24.dll <Verified; Python Software Foundation; Python; 2.4.2; 2.4.2>


-- Find3M Report ---------------------------------------------------------------

2007-04-23 18:23:03 0 d-------- C:\Program Files\SpywareBlaster
2007-04-22 14:31:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-06 00:50:29 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-03-27 09:53:30 435816 --a------ C:\WINDOWS\system32\Incinerator.dll
2007-03-19 19:25:25 0 d-------- C:\Program Files\Intel Corporation
2007-03-02 17:46:09 0 d-------- C:\Program Files\Family Tree Legends


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CnxDslTaskBar"="\"C:\\Program Files\\Conexant\\AccessRunner ADSL\\CnxDslTb.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic 7\\SMSystemAnalyzer.exe\""
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{f31aee4a-1530-4fef-8537-79c6973bff9a}"="gaonic"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SAVService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-04-26 at 23:36:30 ---------

Hope this helps (not bumping)

Cheers
Andy.

Attached Files


Knowledge is knowing a tomato is a fruit; Wisdom is not putting it in a fruit salad

#3 ErrorMessage

ErrorMessage
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Location:Devon
  • Local time:02:11 PM

Posted 03 May 2007 - 10:51 AM

Hi folks
Had to dig on this one, as anti-v and spyware checkers couldn't find a thing.

All I will say is DO NOT INSTALL and then attempt to UNINSTALL the product suite that comes with new Nokia phones. It will screw XP. :thumbsup: :flowers: :huh:

Tried to 'help a friend' by checking that his new phone was working just fine by installing the Nokia software on my box... what a god awful mess.

Just don't do it, unless you enjoy reinstalling your OS.
Knowledge is knowing a tomato is a fruit; Wisdom is not putting it in a fruit salad

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:11 AM

Posted 03 May 2007 - 04:05 PM

Hello ErrorMessage and welcome to the BC HijackThis forum. Soooo, am I reading this correctly that the issues have been resolved?

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 ErrorMessage

ErrorMessage
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Location:Devon
  • Local time:02:11 PM

Posted 07 May 2007 - 01:45 PM

Hi Old Timer
Yup, managed to sort myself out. Broke my own rule - don't install software that "a friend" is having problems with... Lesson learnt, 'cos i really enjoy reinstalling my :thumbsup: os & additional software :flowers: .
Thanks to you guys for keeping these forums going.

ErrorMessage.
Knowledge is knowing a tomato is a fruit; Wisdom is not putting it in a fruit salad

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:11 AM

Posted 08 May 2007 - 05:47 AM

LOL ErrorMessage, I know what you mean :thumbsup:

Ok, then I will close this topic. If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users