Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved]Computer Running Awfully Slow!


  • This topic is locked This topic is locked
13 replies to this topic

#1 Jace

Jace

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 05 August 2007 - 11:43 PM

Hello! Lately my computer has been running awfully slow. The problem became very apparent when my music from iTunes wouldn't play without skipping and coming out distorted. While trying to reset my computer, the startup screen would take upwards of five minutes before going to the login screen, and in my Performance tab of Windows Task Manager I am constantly spiking up to 90-100%!!! My first action was to run multiple Spy-ware and virus programs, all of which had no success. Disk defragment didn't help either. I noticed that there was a process called DoScan.exe and Rtvscan.exe running that would constantly take up much of my cpu power. I suspected it was this process that was bogging down my computer; research led me to find that they are both processes of Symantec Antivirus and that with the new patch those 2 hefty processes are fixed. I uninstalled symantec in attempts to free up some processing power and return my computer to its normal quick speed, but it did not help! As of now, I am still not able to play music without it skipping and bogging down, or run multiple programs without SERIOUS lag! PLEASE HELP, I am thoroughly lost and have reached the very end of my tech abilities (or lack there of :unsure: ) THANKS!



Logfile of HijackThis v1.99.1
Scan saved at 10:27:35 PM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.up.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0

\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11

\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32

\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth

Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-

Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program

Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    Advertisements

Register to Remove


#2 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 06 August 2007 - 09:17 PM

Hi Jace,

I can't yet say whether the problems you are experiencing are caused by malware, if they are we will get to the bottom of it, if not then I'll advise you on getting further help.

I understand your frustration with the slowness of your computer, but without an antivirus program running is your computer is very vulnerable and can easily be infected at any time so it it is essential you have one active at all times.

There are several free packages available, two of the most popular are here:
Antivir: http://www.free-av.com/
AVG Antivirus: http://free.grisoft.com/doc/1

Please download and install an antivirus program immediately, update the definitions and set it to update automatically. Then do a full system scan and quarantine/delete anything it finds, and make a note of where the logfile is stored so you can post a copy in your next response.

Now open HijackThis, select Open the Misc Tools section
Press the Open Uninstall Manager... button, then press Save list...
Save the Uninstall log to your deskop and include a copy in your next response.
Now press Back and Scan and then Save log to create and save a new HijackThis log.

Before posting your HijackThis log, select Format from the top menu and make sure Word Wrap is not selected - this will make your HijackThis log readable.

Once complete, please post the antivirus scan log, the uninstall list and a new HijackThis log.
ASAP & UNITE Member

#3 Jace

Jace

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 11 August 2007 - 09:49 PM

Thankyou. I downloaded the AVG free anti-virus and scanned my laptop with the latest updated addition. The search gave no hits and said my computer was clean. I'm still having the issue of not being able to hear music without it coming out skipping and distorted, and the boot time takes a LONG time. ARRR... below are my logs! thankyou!

Logfile of HijackThis v1.99.1
Scan saved at 8:37:24 PM, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.up.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe





2Wire Wireless Manager
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0
Adobe Shockwave Player
Adobe Stock Photos 1.0
America's Army
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
Atajo
Athlon 64 Processor Driver
ATI Control Panel
ATI Display Driver
AVG 7.5
Battlefield 1942
Battlefield 1942: Secret Weapons of WWII
CCleaner (remove only)
Cisco Clean Access Agent
Conexant AC-Link Audio
Customer Experience Enhancement
DC++ 0.698
DesertCombat 0.7
ElectricSheep 2.6.6
Google Earth
Hijackthis 1.99.1
HijackThis 1.99.1
HP Help and Support
HP Imaging Device Functions 6.0
HP Integrated Module with Bluetooth wireless technology
HP Photosmart Premier Software 6.0
HP QuickPlay 2.0
HP Software Update
HP User Guides 0025
HP User Guides--System Recovery
HP Wireless Assistant 2.00 C1
iTunes
J2SE Runtime Environment 5.0 Update 6
LimeWire 4.12.11
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Money 2006
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Beta2)
Microsoft Works
Mozilla Firefox (1.5.0.12)
MSXML 4.0 SP2 (KB927978)
muvee autoProducer 4.5
Office 2003 Trial Assistant
Otto
Quick Launch Buttons 5.20 F2
QuickTime
Qwest QuickNetworking
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SonicAC3Encoder
SonicMPEGEncoder
Spybot - Search & Destroy 1.4
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TourSetup
Trillian
VideoLAN VLC media player 0.8.5
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
WinRAR archiver
Wireless Home Network Setup



thanks!

#4 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 11 August 2007 - 10:19 PM

Hi Jace,

Some uninstalls to consider:

Please open Start->Control Panel->Add/Remove Programs, look down the list for this item and remove it:
J2SE Runtime Environment 5.0 Update 6
This out of date and now a security risk, you can get the latest update (version 6 update 2) from here

You have Viewpoint Media Player installed on your system. This program is not malware but it is foistware in that it is usually installed without the user's knowledge or approval, and for this reason I recommend you remove it. If you actually use this program, I recommend you try using safe and free alternatives such as VLC Player or Media Player Classic.
You can remove this by finding and removing these via Add/Remove Programs:
Viewpoint Manager (Remove Only)
Viewpoint Media Player


You have LimeWire, a P2P file sharing program installed on your computer. This program does not come bundled with malware as some similar programs do, but peer-to-peer file sharing networks are one of the biggest sources of malware we see. Anything downloaded from them cannot be trusted to be clean, because even if the file appears to be what it claims to be, it can have malware embedded in it.
I recommend you remove it, but of course the choice is yours.
You can remove Limewire via Add/Remove Programs.

Some parts of Norton antivirus have not been removed, to complete the uninstall go to
http://service1.syma...005033108162039
and follow the instructions for Step 2 - Download and run the Norton Removal Tool
You will download a tool and run it from your Desktop, this will clean up the Norton installation.

Next, please download F-Secure Blacklight
  • Click I ACCEPT and download the graphical user interface version to your Desktop
  • Double click the file to run it, choose I accept the agreement then press Scan
  • It will create the fsbl-xxxxxxx.log on your desktop.
  • The log will have a list of all items found.
  • Do not choose to rename any yet! I want to see the log first because legitimate items can also be present.
  • Exit Blacklight and post the contents of the log in your next reply.
Download Deckard's System Scanner (DSS)
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply
Once complete, please post the Blacklight log and both DSS logs, you won't need to produce a new HijackThis log as DSS produces one for you.
ASAP & UNITE Member

#5 Jace

Jace

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 13 August 2007 - 12:20 AM

Thankyou for your reccomendations, i took them to heart and deleted the programs that you had reccomended, including limewire.


Deckard's System Scanner v20070809.63
Run by Jason Pennell on 2007-08-12 at 23:09:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
87: 2007-08-13 06:09:45 UTC - RP327 - Deckard's System Scanner Restore Point
86: 2007-08-12 21:58:20 UTC - RP326 - Removed J2SE Runtime Environment 5.0 Update 6
85: 2007-08-11 22:17:45 UTC - RP325 - Installed AVG 7.5
84: 2007-08-06 05:00:33 UTC - RP324 - Installed iTunes
83: 2007-08-06 04:01:36 UTC - RP323 - Removed Full Tilt Poker


-- First Restore Point --
1: 2007-05-16 00:38:32 UTC - RP241 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jason Pennell.exe) ---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:12:07 PM, on 8/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\2Wire Wireless Manager\2Wire.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Documents and Settings\Jason Pennell\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Jason Pennell.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.up.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 PCTINDIS5 (PCTINDIS5 NDIS Protocol Driver) - c:\windows\system32\pctindis5.sys <Not Verified; PCTEL Inc.; PCTEL Rawether for Windows>

S2 PfModNT - c:\windows\system32\drivers\pfmodnt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-08-05 21:55:16 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-07-12 and 2007-08-12 -----------------------------

2007-08-11 15:19:33 0 d-------- C:\Documents and Settings\Jason Pennell\Application Data\AVG7
2007-08-11 15:18:46 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-08-11 15:17:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-11 15:17:45 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-08-05 22:02:06 0 d-------- C:\Program Files\iPod
2007-08-05 22:01:18 0 d-------- C:\Program Files\iTunes
2007-08-05 21:57:36 0 d-------- C:\Program Files\QuickTime
2007-08-05 21:54:41 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-08-05 21:53:51 0 d-------- C:\Program Files\Common Files\Apple
2007-08-05 21:53:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-08-05 16:22:21 0 dr-h----- C:\Documents and Settings\Jason Pennell\Recent


-- Find3M Report ---------------------------------------------------------------

2007-08-12 15:04:53 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-11 21:02:02 0 d-------- C:\Program Files\Trillian
2007-08-05 21:55:10 0 d-------- C:\Program Files\Apple Software Update
2007-08-05 21:53:51 0 d-------- C:\Program Files\Common Files
2007-08-05 21:03:24 0 d-------- C:\Program Files\myTunes Redux
2007-08-05 21:02:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-05 20:44:09 0 d-------- C:\Program Files\Arcsoff
2007-08-01 23:53:44 0 d-------- C:\Program Files\DC++
2007-07-30 21:59:24 0 d-------- C:\Documents and Settings\Jason Pennell\Application Data\uTorrent
2007-06-23 14:54:10 4034 --a------ C:\WINDOWS\mozver.dat
2007-06-13 16:38:51 0 d-------- C:\Documents and Settings\Jason Pennell\Application Data\2Wire
2007-06-13 16:33:14 0 d-------- C:\Program Files\QwestQuickNetworking
2007-06-13 16:32:50 0 d-------- C:\Program Files\2Wire Wireless Manager


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 09:56 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [11/10/2005 10:05 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/19/2005 01:50 PM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [12/12/2005 12:39 PM]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [12/07/2005 11:56 AM]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [08/01/2005 03:26 PM]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [10/11/2005 11:23 AM]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [10/28/2005 04:11 PM]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [12/13/2005 04:45 PM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/16/2005 11:11 PM]
"CTRegRun"="C:\WINDOWS\CTRegRun.EXE" [10/11/1999 07:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/31/2007 06:44 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [08/11/2007 03:17 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]

C:\Documents and Settings\Jason Pennell\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 8:16:50 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 5:44:06 AM]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [8/16/2005 11:56:00 AM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [9/24/2005 2:39:30 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eafebb8b-3d1e-11db-bd51-0014a57da1cc}]
AutoRun\command- G:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2007-08-12 at 23:12:41 ---------







Deckard's System Scanner v20070809.63
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Turion™ 64 Mobile Technology ML-37
Percentage of Memory in Use: 24%
Physical Memory (total/avail): 1918.17 MiB / 1448.45 MiB
Pagefile Memory (total/avail): 3811.42 MiB / 3471.83 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1970.55 MiB

C: is Fixed (NTFS) - 98.76 GiB total, 49.6 GiB free.
D: is Fixed (FAT32) - 12 GiB total, 0.24 GiB free.
E: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.476 v7.5.476 (GRISOFT)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Enabled:BF1942"
"C:\\Documents and Settings\\All Users\\Documents\\Battlefield2\\Battlefield2INST\\BF2.exe"="C:\\Documents and Settings\\All Users\\Documents\\Battlefield2\\Battlefield2INST\\BF2.exe:*:Enabled:BF2"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Program Files\\Black Isle\\Icewind Dale\\IDMain.exe"="C:\\Program Files\\Black Isle\\Icewind Dale\\IDMain.exe:*:Enabled:Icewind Dale"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1156657931\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1156657931\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1156657931\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1156657931\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"="C:\\Program Files\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\\Program Files\\World of Warcraft\\Repair.exe"="C:\\Program Files\\World of Warcraft\\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW.exe"="C:\\Program Files\\World of Warcraft\\WoW.exe:*:Enabled:World of Warcraft"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\WINDOWS\\system32\\ElectricSheep.scr"="C:\\WINDOWS\\system32\\ElectricSheep.scr:*:Enabled:ElectricSheep"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\Jason Pennell\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Jason Pennell\\Desktop\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jason Pennell\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JPNOTEBOOK
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jason Pennell
LOGONSERVER=\\JPNOTEBOOK
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PCTYPE=PAVILION
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2402
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JASONP~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JASONP~1\LOCALS~1\Temp
USERDOMAIN=JPNOTEBOOK
USERNAME=Jason Pennell
USERPROFILE=C:\Documents and Settings\Jason Pennell
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Jason Pennell (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2Wire Wireless Manager --> MsiExec.exe /X{5BFC0621-0C2D-42E5-8809-BCCE9A36267F}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
America's Army --> MsiExec.exe /I{6778954C-13C2-4333-AF77-F5C885EB280F}
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{967D588C-9B96-40C9-A222-DCD6922563CA}
Apple Software Update --> MsiExec.exe /I{492724FC-3B26-46B4-824F-3CE2722D9AA0}
Atajo --> MsiExec.exe /I{D6042EF8-E6DA-4E52-A200-1DD21C063D3E}
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Battlefield 1942 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
Battlefield 1942: Secret Weapons of WWII --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}\setup.exe" -l0x9
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Cisco Clean Access Agent --> MsiExec.exe /X{41C18715-AFF0-49E9-B940-287A50532D33}
Conexant AC-Link Audio --> C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -ICPL309BA.INF
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
DC++ 0.698 --> "C:\Program Files\DC++\uninstall.exe"
DesertCombat 0.7 --> C:\WINDOWS\iun6002.exe "C:\Program Files\EA GAMES\Battlefield 1942\DesertCombat.ini"
ElectricSheep 2.6.6 --> C:\WINDOWS\system32\UninstallElectricSheep.exe
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Integrated Module with Bluetooth wireless technology --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP QuickPlay 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides--System Recovery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC96BBA7-C634-460E-AD18-A0A994213F80}\Setup.exe" -l0x9 -removeonly
HP User Guides 0025 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52AE81CB-B786-490E-93CF-240A9891B392}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 C1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
iTunes --> MsiExec.exe /I{E0219810-16E4-437D-9165-93D7B22524F9}
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Beta2) --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (1.5.0.12) --> C:\PROGRA~1\MOZILL~1\uninstall\uninstall.exe /ua "1.5.0.12 (en-US)"
muvee autoProducer 4.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{286F29AF-0BE2-4D5F-AB17-B7631A810553}\setup.exe" -l0x9
Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
Quick Launch Buttons 5.20 F2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Qwest QuickNetworking --> C:\Program Files\QwestQuickNetworking\Uninstaller.exe
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378\HXFSETUP.EXE -U -Icpl309bk.inf
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicAC3Encoder --> MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E}
SonicMPEGEncoder --> MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
TourSetup --> MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
VideoLAN VLC media player 0.8.5 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wireless Home Network Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\Setup.exe" -l0x9 -removeonly


-- Application Event Log -------------------------------------------------------

Event ID #4268: Warning
Event Submitted/Written: 08/12/2007 03:10:33 PM
Event Source: Userenv
Event Description:
Windows saved user JPNOTEBOOK\Jason Pennell registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Event ID #4256: Warning
Event Submitted/Written: 08/06/2007 01:04:39 AM
Event Source: Userenv
Event Description:
Windows saved user JPNOTEBOOK\Jason Pennell registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Event ID #4239: Warning
Event Submitted/Written: 08/05/2007 08:34:43 PM
Event Source: Userenv
Event Description:
Windows saved user JPNOTEBOOK\Jason Pennell registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Event ID #4236: Warning
Event Submitted/Written: 08/05/2007 08:29:57 PM
Event Source: Symantec AntiVirus
Event Description:
Could not scan 2 files inside C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify.zip due to extraction errors encountered by the Decomposer Engines.

Event ID #4235: Warning
Event Submitted/Written: 08/05/2007 08:29:57 PM
Event Source: Symantec AntiVirus
Event Description:
Could not scan 2 files inside C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify.zip due to extraction errors encountered by the Decomposer Engines.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event ID #12417: Warning
Event Submitted/Written: 08/12/2007 09:03:07 PM
Event Source: Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event ID #12416: Warning
Event Submitted/Written: 08/12/2007 06:02:11 PM
Event Source: Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event ID #12415: Warning
Event Submitted/Written: 08/12/2007 04:49:05 PM
Event Source: Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event ID #12414: Warning
Event Submitted/Written: 08/12/2007 04:19:01 PM
Event Source: Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event ID #12413: Warning
Event Submitted/Written: 08/12/2007 04:01:40 PM
Event Source: Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2007-08-12 at 23:12:41 ---------





08/12/07 22:55:59 [Info]: BlackLight Engine 1.0.64 initialized
08/12/07 22:55:59 [Info]: OS: 5.1 build 2600 (Service Pack 2)
08/12/07 22:56:03 [Note]: 7019 4
08/12/07 22:56:03 [Note]: 7005 0
08/12/07 22:56:09 [Note]: 7006 0
08/12/07 22:56:09 [Note]: 7011 716
08/12/07 22:56:10 [Note]: 7026 0
08/12/07 22:56:10 [Note]: 7026 0
08/12/07 22:56:13 [Note]: FSRAW library version 1.7.1022
08/12/07 23:08:10 [Note]: 7007 0

#6 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 13 August 2007 - 02:50 AM

Hi Jace,

The Event Log is showing some errors:

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Submitted/Written: 08/12/2007 09:03:07 PM
Event Submitted/Written: 08/12/2007 06:02:11 PM
Event Submitted/Written: 08/12/2007 04:49:05 PM
Event Submitted/Written: 08/12/2007 04:19:01 PM
Event Submitted/Written: 08/12/2007 04:01:40 PM

Please let me know if you were using peer-to-peer filesharing software at these times.


Your Symantec/Norton antivirus program may not have uninstalled cleanly.
To complete the uninstall, go to:
http://service1.syma...005033108162039
and follow the instructions for Step 2 - Download and run the Norton Removal Tool
You will download a tool and run it from your Desktop, this will clean up the Norton installation.

Then please do an online scan with Kaspersky:

Open Kaspersky Online Scanner in Internet Explorer

You will be prompted to install an ActiveX component from Kaspersky,
Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT and then Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • The program will start to scan your system.
  • Once the scan is complete, click on the Save as Text button and save the file to your desktop
Once complete please post the Kaspersky log and a new HijackThis log.
ASAP & UNITE Member

#7 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 17 August 2007 - 11:17 PM

Hi, How are you getting on? If the instructions are unclear or something isn't working, please let me know before proceeding.
ASAP & UNITE Member

#8 Jace

Jace

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 18 August 2007 - 01:51 PM

sorry for the late reply!

thats odd that it shows errors because i WAS NOT using p2p filesharing at the time! i believe i had already deleted limewire too. i again tried to use the norton removal tool, and i hope that this time it removed the parts left of norton. below is my kaspersky and hijack info! thanks!!


Logfile of HijackThis v1.99.1
Scan saved at 12:41:36 PM, on 8/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\2Wire Wireless Manager\2Wire.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.up.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe




Friday, August 17, 2007 3:40:14 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 17/08/2007
Kaspersky Anti-Virus database records: 383013
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 71538
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 06:35:37

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\muvee Technologies30625102314\values Object is locked skipped
C:\Documents and Settings\Jason Pennell\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Temp\~DFFA75.tmp Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jason Pennell\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jason Pennell\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP330\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{375C5D97-BBAA-4191-85B9-3AA5F1289828}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.



with the kaspersky scan results, i'm not sure if i did something wrong but it saved the results as a .html file on my desktop. when i open it it appears in firefox the firefox browser and in the web address window is file:///C:/Documents%20and%20Settings/Jason%20Pennell/Desktop/kaspersky%20scan.html. i don't know what the best way to write the results would be so i'll try to copy and paste what it says into this window. please let me know if there is a better way to do so so that it might be more easily read! thanks


Friday, August 17, 2007 3:40:14 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 17/08/2007
Kaspersky Anti-Virus database records: 383013
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 71538
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 06:35:37

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\muvee Technologies30625102314\values Object is locked skipped
C:\Documents and Settings\Jason Pennell\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Temp\~DFFA75.tmp Object is locked skipped
C:\Documents and Settings\Jason Pennell\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jason Pennell\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jason Pennell\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP330\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{375C5D97-BBAA-4191-85B9-3AA5F1289828}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

#9 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 18 August 2007 - 06:49 PM

Hi Jace,

We'll remove that Norton entry with HijackThis:

Then, open HijackThis, choose Do a system scan only and place a checkmark next to the following line:

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\


Then close all open windows apart from HijackThis, press Fix checked, OK the prompt and close HijackThis.

Those TCP/IP errors are concerning however there's no sign of malware on your computer, are you still experiencing the boot and media playback problems?

Please check the System Event log again:
  • Press Start->Run, type eventvwr.msc into the box and press OK
  • Export the System log as follows:
    • Right-click the word System in the left-hand pane
    • Select Save Log File As..., change Save as type: to Text
    • Choose a filename and save the log to your Desktop
  • Please post all the most recent events in the log, starting with the errors I posted above.
Once complete, please post the System Log information along with another HijackThis log and let me know if there has been any change in the symptoms.
ASAP & UNITE Member

#10 Jace

Jace

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 18 August 2007 - 09:25 PM

arrr... yea, the startup is still very slow and itunes especially is slow! music and the sound from videos still comes out skipping as well... the event log is posted below but when i copied and pasted it, it appears to have been put on pretty distorted...

Logfile of HijackThis v1.99.1
Scan saved at 8:19:20 PM, on 8/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\2Wire Wireless Manager\2Wire.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.up.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe


it stated that my entry was too long to include the logfile... is there a better way to include the logfile without going over the limit?

#11 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 18 August 2007 - 09:34 PM

Hi Jace,

Your HijackThis log looks good :)

You only need to post the Event Log entries between this one:

Event Submitted/Written: 08/12/2007 09:03:07 PM

and today - if you can do so without it being too long then do so.

If it's still too long, then please just post the last few days and we should be able to see what's going on from that.
ASAP & UNITE Member

#12 Jace

Jace

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 20 August 2007 - 11:34 PM

8/18/2007 5:48:01 PM Tcpip Warning None 4226 N/A JPNOTEBOOK TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. 8/17/2007 3:40:06 PM Tcpip Information None 4201 N/A JPNOTEBOOK The system detected that network adapter Broadcom 802.11a/b/g WLAN - Packet Scheduler Miniport was connected to the network, and has initiated normal operation over the network adapter. 8/17/2007 3:39:37 PM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Windows Image Acquisition (WIA) service entered the running state. 8/17/2007 6:33:22 AM Tcpip Information None 4202 N/A JPNOTEBOOK The system detected that network adapter Broadcom 802.11a/b/g WLAN - Packet Scheduler Miniport was disconnected from the network, and the adapter's network configuration has been released. If the network adapter was not disconnected, this may indicate that it has malfunctioned. Please contact your vendor for updated drivers. 8/17/2007 6:33:21 AM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Windows Image Acquisition (WIA) service entered the running state. 8/17/2007 6:33:13 AM Tcpip Information None 4201 N/A JPNOTEBOOK The system detected that network adapter Broadcom 802.11a/b/g WLAN - Packet Scheduler Miniport was connected to the network, and has initiated normal operation over the network adapter. 8/17/2007 6:33:14 AM BROWSER Information None 8033 N/A JPNOTEBOOK The browser has forced an election on network \Device\NetBT_Tcpip_{DC5C893E-A55A-4DF6-9363-5A4CD1328DBC} because a master browser was stopped. 8/17/2007 3:09:06 AM W32Time Warning None 36 N/A JPNOTEBOOK The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. 8/17/2007 1:14:19 AM Tcpip Warning None 4226 N/A JPNOTEBOOK TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. 8/16/2007 1:34:03 PM Service Control Manager Information None 7036 N/A JPNOTEBOOK The AVG E-mail Scanner service entered the running state. 8/16/2007 1:33:55 PM Service Control Manager Information None 7035 NT AUTHORITY\SYSTEM JPNOTEBOOK The AVG E-mail Scanner service was successfully sent a start control. 8/16/2007 1:33:53 PM Service Control Manager Information None 7036 N/A JPNOTEBOOK The AVG7 Alert Manager Server service entered the running state. 8/16/2007 1:33:52 PM Service Control Manager Information None 7035 NT AUTHORITY\SYSTEM JPNOTEBOOK The AVG7 Alert Manager Server service was successfully sent a start control. 8/16/2007 1:33:33 PM Service Control Manager Information None 7035 NT AUTHORITY\SYSTEM JPNOTEBOOK The AVG7 Kernel service was successfully sent a start control. 8/16/2007 1:32:56 PM Service Control Manager Information None 7036 N/A JPNOTEBOOK The AVG7 Alert Manager Server service entered the stopped state. 8/16/2007 1:32:53 PM Service Control Manager Information None 7035 NT AUTHORITY\SYSTEM JPNOTEBOOK The AVG7 Alert Manager Server service was successfully sent a stop control. 8/16/2007 1:32:48 PM Service Control Manager Information None 7036 N/A JPNOTEBOOK The AVG E-mail Scanner service entered the stopped state. 8/16/2007 1:32:46 PM Service Control Manager Information None 7035 NT AUTHORITY\SYSTEM JPNOTEBOOK The AVG E-mail Scanner service was successfully sent a stop control. 8/16/2007 1:29:53 PM W32Time Information None 35 N/A JPNOTEBOOK The time service is now synchronizing the system time with the time source time.windows.com (ntp.m|0x1|192.168.0.66:123->207.46.130.100:123). 8/16/2007 1:29:33 PM Tcpip Information None 4201 N/A JPNOTEBOOK The system detected that network adapter Broadcom 802.11a/b/g WLAN - Packet Scheduler Miniport was connected to the network, and has initiated normal operation over the network adapter. 8/16/2007 1:28:58 PM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Windows Image Acquisition (WIA) service entered the running state. 8/16/2007 7:24:32 AM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Windows Image Acquisition (WIA) service entered the running state. 8/16/2007 7:24:26 AM BROWSER Information None 8033 N/A JPNOTEBOOK The browser has forced an election on network \Device\NetBT_Tcpip_{DC5C893E-A55A-4DF6-9363-5A4CD1328DBC} because a master browser was stopped. 8/16/2007 7:24:26 AM Tcpip Information None 4202 N/A JPNOTEBOOK The system detected that network adapter Broadcom 802.11a/b/g WLAN - Packet Scheduler Miniport was disconnected from the network, and the adapter's network configuration has been released. If the network adapter was not disconnected, this may indicate that it has malfunctioned. Please contact your vendor for updated drivers. 8/16/2007 2:15:21 AM Tcpip Warning None 4226 N/A JPNOTEBOOK TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. 8/16/2007 12:09:06 AM Tcpip Information None 4201 N/A JPNOTEBOOK The system detected that network adapter Broadcom 802.11a/b/g WLAN - Packet Scheduler Miniport was connected to the network, and has initiated normal operation over the network adapter. 8/16/2007 12:08:34 AM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Windows Image Acquisition (WIA) service entered the running state. 8/15/2007 9:03:03 PM Tcpip Information None 4202 N/A JPNOTEBOOK The system detected that network adapter Broadcom 802.11a/b/g WLAN - Packet Scheduler Miniport was disconnected from the network, and the adapter's network configuration has been released. If the network adapter was not disconnected, this may indicate that it has malfunctioned. Please contact your vendor for updated drivers. 8/15/2007 9:03:02 PM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Windows Image Acquisition (WIA) service entered the running state. 8/15/2007 9:02:58 PM ipnathlp Error None 32003 N/A JPNOTEBOOK The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code. 8/15/2007 9:02:57 PM BROWSER Information None 8033 N/A JPNOTEBOOK The browser has forced an election on network \Device\NetBT_Tcpip_{DC5C893E-A55A-4DF6-9363-5A4CD1328DBC} because a master browser was stopped. 8/15/2007 9:02:54 PM Dhcp Warning None 1003 N/A JPNOTEBOOK Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0014A57DA1CC. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. 8/15/2007 9:02:54 PM Tcpip Information None 4201 N/A JPNOTEBOOK The system detected that network adapter Broadcom 802.11a/b/g WLAN - Packet Scheduler Miniport was connected to the network, and has initiated normal operation over the network adapter. 8/15/2007 4:16:06 PM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Universal Plug and Play Device Host service entered the running state. 8/15/2007 4:16:03 PM Service Control Manager Information None 7035 NT AUTHORITY\SYSTEM JPNOTEBOOK The Universal Plug and Play Device Host service was successfully sent a start control. 8/15/2007 4:00:50 PM Tcpip Information None 4201 N/A JPNOTEBOOK The system detected that network adapter Broadcom 802.11a/b/g WLAN - Packet Scheduler Miniport was connected to the network, and has initiated normal operation over the network adapter. 8/15/2007 4:00:19 PM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Windows Image Acquisition (WIA) service entered the running state. 8/15/2007 4:34:00 AM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Windows Image Acquisition (WIA) service entered the running state. 8/15/2007 4:33:54 AM BROWSER Information None 8033 N/A JPNOTEBOOK The browser has forced an election on network \Device\NetBT_Tcpip_{DC5C893E-A55A-4DF6-9363-5A4CD1328DBC} because a master browser was stopped. 8/15/2007 12:19:03 AM Tcpip Warning None 4226 N/A JPNOTEBOOK TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. 8/14/2007 8:35:34 PM Tcpip Warning None 4226 N/A JPNOTEBOOK TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. 8/14/2007 4:18:18 PM W32Time Information None 35 N/A JPNOTEBOOK The time service is now synchronizing the system time with the time source time.windows.com (ntp.m|0x1|192.168.0.66:123->207.46.130.100:123). 8/14/2007 1:50:35 PM Tcpip Warning None 4226 N/A JPNOTEBOOK TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. 8/14/2007 12:52:57 PM Tcpip Warning None 4226 N/A JPNOTEBOOK TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. 8/14/2007 12:22:53 PM Tcpip Warning None 4226 N/A JPNOTEBOOK TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. 8/14/2007 12:08:46 PM Tcpip Warning None 4226 N/A JPNOTEBOOK TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. 8/14/2007 11:22:10 AM Dhcp Error None 1002 N/A JPNOTEBOOK The IP address lease 0.0.0.0 for the Network Card with network address 0014A57DA1CC has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message). 8/14/2007 11:22:10 AM Tcpip Information None 4201 N/A JPNOTEBOOK The system detected that network adapter Broadcom 802.11a/b/g WLAN - Packet Scheduler Miniport was connected to the network, and has initiated normal operation over the network adapter. 8/14/2007 11:21:42 AM Service Control Manager Information None 7035 JPNOTEBOOK\Jason Pennell JPNOTEBOOK The PCTINDIS5 NDIS Protocol Driver service was successfully sent a start control. 8/14/2007 11:21:17 AM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Wireless Zero Configuration service entered the stopped state. 8/14/2007 11:21:16 AM Service Control Manager Information None 7035 JPNOTEBOOK\Jason Pennell JPNOTEBOOK The Wireless Zero Configuration service was successfully sent a stop control. 8/14/2007 11:20:53 AM Service Control Manager Information None 7036 N/A JPNOTEBOOK The iPod Service service entered the running state. 8/14/2007 11:20:53 AM Service Control Manager Information None 7035 NT AUTHORITY\SYSTEM JPNOTEBOOK The iPod Service service was successfully sent a start control. 8/14/2007 11:19:00 AM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Remote Access Connection Manager service entered the running state. 8/14/2007 11:18:29 AM Service Control Manager Information None 7036 N/A JPNOTEBOOK The IMAPI CD-Burning COM Service service entered the stopped state. 8/14/2007 11:18:23 AM Service Control Manager Information None 7035 JPNOTEBOOK\Jason Pennell JPNOTEBOOK The Remote Access Connection Manager service was successfully sent a start control. 8/14/2007 11:18:23 AM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Telephony service entered the running state. 8/14/2007 11:18:21 AM Service Control Manager Information None 7036 N/A JPNOTEBOOK The IMAPI CD-Burning COM Service service entered the running state. 8/14/2007 11:18:21 AM Service Control Manager Information None 7035 NT AUTHORITY\SYSTEM JPNOTEBOOK The IMAPI CD-Burning COM Service service was successfully sent a start control. 8/14/2007 11:18:11 AM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Application Layer Gateway Service service entered the running state. 8/14/2007 11:18:11 AM Service Control Manager Information None 7035 NT AUTHORITY\SYSTEM JPNOTEBOOK The Application Layer Gateway Service service was successfully sent a start control. 8/14/2007 11:18:11 AM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Fast User Switching Compatibility service entered the running state. 8/14/2007 11:18:11 AM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Network Location Awareness (NLA) service entered the running state. 8/14/2007 11:18:11 AM Service Control Manager Information None 7035 NT AUTHORITY\SYSTEM JPNOTEBOOK The Network Location Awareness (NLA) service was successfully sent a start control. 8/14/2007 11:18:11 AM Service Control Manager Information None 7035 NT AUTHORITY\SYSTEM JPNOTEBOOK The Fast User Switching Compatibility service was successfully sent a start control. 8/14/2007 11:18:11 AM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Terminal Services service entered the running state. 8/14/2007 11:18:11 AM Service Control Manager Information None 7035 NT AUTHORITY\SYSTEM JPNOTEBOOK The Terminal Services service was successfully sent a start control. 8/14/2007 11:18:11 AM Service Control Manager Error None 7000 N/A JPNOTEBOOK The PfModNT service failed to start due to the following error: The system cannot find the file specified. 8/14/2007 11:15:54 AM EventLog Information None 6005 N/A JPNOTEBOOK The Event log service was started. 8/14/2007 11:15:54 AM EventLog Information None 6009 N/A JPNOTEBOOK Microsoft ® Windows ® 5.01. 2600 Service Pack 2 Uniprocessor Free. 8/14/2007 11:12:32 AM EventLog Information None 6006 N/A JPNOTEBOOK The Event log service was stopped. 8/14/2007 11:12:09 AM Tcpip Information None 4202 N/A JPNOTEBOOK The system detected that network adapter Broadcom 802.11a/b/g WLAN - Packet Scheduler Miniport was disconnected from the network, and the adapter's network configuration has been released. If the network adapter was not disconnected, this may indicate that it has malfunctioned. Please contact your vendor for updated drivers. 8/14/2007 11:12:01 AM BROWSER Information None 8033 N/A JPNOTEBOOK The browser has forced an election on network \Device\NetBT_Tcpip_{DC5C893E-A55A-4DF6-9363-5A4CD1328DBC} because a master browser was stopped. 8/14/2007 11:11:57 AM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Ati HotKey Poller service entered the stopped state. 8/14/2007 5:58:58 AM W32Time Warning None 36 N/A JPNOTEBOOK The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. 8/14/2007 4:40:25 AM Tcpip Warning None 4226 N/A JPNOTEBOOK TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. 8/13/2007 4:19:46 PM W32Time Information None 35 N/A JPNOTEBOOK The time service is now synchronizing the system time with the time source time.windows.com (ntp.m|0x1|192.168.0.66:123->207.46.130.100:123). 8/13/2007 4:19:27 PM Tcpip Information None 4201 N/A JPNOTEBOOK The system detected that network adapter Broadcom 802.11a/b/g WLAN - Packet Scheduler Miniport was connected to the network, and has initiated normal operation over the network adapter. 8/13/2007 4:18:53 PM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Windows Image Acquisition (WIA) service entered the running state. 8/13/2007 12:20:10 PM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Windows Image Acquisition (WIA) service entered the running state. 8/13/2007 12:20:05 PM BROWSER Information None 8033 N/A JPNOTEBOOK The browser has forced an election on network \Device\NetBT_Tcpip_{DC5C893E-A55A-4DF6-9363-5A4CD1328DBC} because a master browser was stopped. 8/13/2007 8:08:11 AM Tcpip Warning None 4226 N/A JPNOTEBOOK TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. 8/13/2007 4:58:55 AM W32Time Warning None 36 N/A JPNOTEBOOK The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. 8/13/2007 12:49:49 AM Tcpip Warning None 4226 N/A JPNOTEBOOK TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. 8/12/2007 10:56:04 PM Service Control Manager Information None 7035 JPNOTEBOOK\Jason Pennell JPNOTEBOOK The F-Secure BlackLight Beta Engine Driver service was successfully sent a start control. 8/12/2007 10:52:05 PM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Universal Plug and Play Device Host service entered the running state. 8/12/2007 10:52:03 PM Service Control Manager Information None 7035 NT AUTHORITY\SYSTEM JPNOTEBOOK The Universal Plug and Play Device Host service was successfully sent a start control. 8/12/2007 9:03:07 PM Tcpip Warning None 4226 N/A JPNOTEBOOK TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. 8/12/2007 6:02:11 PM Tcpip Warning None 4226 N/A JPNOTEBOOK TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. 8/12/2007 4:49:05 PM Tcpip Warning None 4226 N/A JPNOTEBOOK TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. 8/12/2007 4:19:01 PM Tcpip Warning None 4226 N/A JPNOTEBOOK TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. 8/12/2007 4:01:40 PM Tcpip Warning None 4226 N/A JPNOTEBOOK TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. 8/12/2007 3:19:40 PM Tcpip Information None 4201 N/A JPNOTEBOOK The system detected that network adapter Broadcom 802.11a/b/g WLAN - Packet Scheduler Miniport was connected to the network, and has initiated normal operation over the network adapter. 8/12/2007 3:19:08 PM Service Control Manager Information None 7035 JPNOTEBOOK\Jason Pennell JPNOTEBOOK The PCTINDIS5 NDIS Protocol Driver service was successfully sent a start control. 8/12/2007 3:18:45 PM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Wireless Zero Configuration service entered the stopped state. 8/12/2007 3:18:43 PM Service Control Manager Information None 7035 JPNOTEBOOK\Jason Pennell JPNOTEBOOK The Wireless Zero Configuration service was successfully sent a stop control. 8/12/2007 3:18:16 PM Service Control Manager Information None 7036 N/A JPNOTEBOOK The iPod Service service entered the running state. 8/12/2007 3:18:15 PM Service Control Manager Information None 7035 NT AUTHORITY\SYSTEM JPNOTEBOOK The iPod Service service was successfully sent a start control. 8/12/2007 3:18:15 PM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Remote Access Connection Manager service entered the running state. 8/12/2007 3:17:36 PM Service Control Manager Information None 7035 JPNOTEBOOK\Jason Pennell JPNOTEBOOK The Remote Access Connection Manager service was successfully sent a start control. 8/12/2007 3:17:36 PM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Telephony service entered the running state. 8/12/2007 3:17:33 PM Service Control Manager Information None 7036 N/A JPNOTEBOOK The IMAPI CD-Burning COM Service service entered the stopped state. 8/12/2007 3:17:33 PM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Application Layer Gateway Service service entered the running state. 8/12/2007 3:17:32 PM Service Control Manager Information None 7035 NT AUTHORITY\SYSTEM JPNOTEBOOK The Application Layer Gateway Service service was successfully sent a start control. 8/12/2007 3:17:25 PM Service Control Manager Information None 7036 N/A JPNOTEBOOK The IMAPI CD-Burning COM Service service entered the running state. 8/12/2007 3:17:25 PM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Network Location Awareness (NLA) service entered the running state. 8/12/2007 3:17:25 PM Service Control Manager Information None 7035 NT AUTHORITY\SYSTEM JPNOTEBOOK The Network Location Awareness (NLA) service was successfully sent a start control. 8/12/2007 3:17:25 PM Service Control Manager Information None 7035 NT AUTHORITY\SYSTEM JPNOTEBOOK The IMAPI CD-Burning COM Service service was successfully sent a start control. 8/12/2007 3:17:23 PM Service Control Manager Information None 7035 NT AUTHORITY\SYSTEM JPNOTEBOOK The Fast User Switching Compatibility service was successfully sent a start control. 8/12/2007 3:17:06 PM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Fast User Switching Compatibility service entered the running state. 8/12/2007 3:17:06 PM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Terminal Services service entered the running state. 8/12/2007 3:17:06 PM Service Control Manager Error None 7000 N/A JPNOTEBOOK The PfModNT service failed to start due to the following error: The system cannot find the file specified. 8/12/2007 3:13:45 PM EventLog Information None 6005 N/A JPNOTEBOOK The Event log service was started. 8/12/2007 3:13:45 PM EventLog Information None 6009 N/A JPNOTEBOOK Microsoft ® Windows ® 5.01. 2600 Service Pack 2 Uniprocessor Free. 8/12/2007 3:10:44 PM EventLog Information None 6006 N/A JPNOTEBOOK The Event log service was stopped. 8/12/2007 3:10:25 PM Tcpip Information None 4202 N/A JPNOTEBOOK The system detected that network adapter Broadcom 802.11a/b/g WLAN - Packet Scheduler Miniport was disconnected from the network, and the adapter's network configuration has been released. If the network adapter was not disconnected, this may indicate that it has malfunctioned. Please contact your vendor for updated drivers. 8/12/2007 3:10:17 PM BROWSER Information None 8033 N/A JPNOTEBOOK The browser has forced an election on network \Device\NetBT_Tcpip_{DC5C893E-A55A-4DF6-9363-5A4CD1328DBC} because a master browser was stopped. 8/12/2007 3:10:09 PM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Ati HotKey Poller service entered the stopped state. 8/12/2007 3:09:11 PM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Windows Installer service entered the stopped state. 8/12/2007 3:01:02 PM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Viewpoint Manager Service service entered the stopped state. 8/12/2007 3:01:02 PM Service Control Manager Information None 7035 JPNOTEBOOK\Jason Pennell JPNOTEBOOK The Viewpoint Manager Service service was successfully sent a stop control. 8/12/2007 2:59:11 PM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Application Management service entered the running state. 8/12/2007 2:59:11 PM Service Control Manager Information None 7035 JPNOTEBOOK\Jason Pennell JPNOTEBOOK The Application Management service was successfully sent a start control. 8/12/2007 2:57:05 PM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Windows Installer service entered the running state. 8/12/2007 2:57:05 PM Service Control Manager Information None 7035 NT AUTHORITY\SYSTEM JPNOTEBOOK The Windows Installer service was successfully sent a start control. 8/12/2007 2:53:29 PM W32Time Information None 35 N/A JPNOTEBOOK The time service is now synchronizing the system time with the time source time.windows.com (ntp.m|0x1|192.168.0.66:123->207.46.130.100:123). 8/12/2007 2:53:10 PM Tcpip Information None 4201 N/A JPNOTEBOOK The system detected that network adapter Broadcom 802.11a/b/g WLAN - Packet Scheduler Miniport was connected to the network, and has initiated normal operation over the network adapter. 8/12/2007 2:52:42 PM Service Control Manager Information None 7035 JPNOTEBOOK\Jason Pennell JPNOTEBOOK The PCTINDIS5 NDIS Protocol Driver service was successfully sent a start control. 8/12/2007 2:52:40 PM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Wireless Zero Configuration service entered the stopped state. 8/12/2007 2:52:39 PM Service Control Manager Information None 7035 JPNOTEBOOK\Jason Pennell JPNOTEBOOK The Wireless Zero Configuration service was successfully sent a stop control. 8/12/2007 2:51:24 PM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Windows Image Acquisition (WIA) service entered the running state. 8/12/2007 5:45:52 AM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Windows Image Acquisition (WIA) service entered the running state. 8/12/2007 3:44:43 AM Service Control Manager Information None 7036 N/A JPNOTEBOOK The Windows Image Acquisition (WIA) service entered the running state.

#13 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 21 August 2007 - 12:20 AM

Hi Jace,

I can't see anything indicating a problem in there, the TCP/IP errors are a little concerning but they could have any number of causes and aren't necessarily related to the symptoms you are experiencing. However, I recommend you keep an eye on the System log and try to note or recall what was happening at the time of the errors to see if you can figure out the cause.

We've had a pretty thorough look at your computer and at this stage it looks clean of malware, so I'd say the slowdown has other causes.
Some suggestions for pinning it down:
  • Uninstall unnecessary applications via Start->Control Panel->Add/Remove Programs
  • Turn off unnecessary auto-starting applications. Look at your HijackThis log for programs which automatically start - many are listed in the O4 section of the log, and turn of the automatic starting functionality from within the program. Note: Please do not use HijackThis to remove the entries.
  • Use Process Explorer to monitor resources on your system. Run Process Explorer minimized and when a slowdown occurs, switch to the Process Explorer window to see which process is using a high percentage of CPU.
  • Post in the Other computer problems forum here at Tom Coyote to get more help.
Here are some tips to help you keep your computer clean:

Operating system vulnerabilities can easily be exploited by malware so please ensure your operating system is automatically kept up to date by using Windows Update:
Go to Start->Control Panel->Automatic Updates
Select Automatic and select a suitable schedule
Also, check that your antivirus and antispyware programs are set to automatically update daily.

You have a good antivirus program installed, however I recommend you also install antispyware software with real-time capabilities - this will protect you from a wider range of malware and also that it will protect you from system changes and spyware while you are working, not just removing malware after it has been installed. There are a range of paid-for and free packages available, a free one I can recommend is Windows Defender, available here:
http://www.microsoft...re/default.mspx

You should consider installing a Personal Firewall program. Even if you are behind a NAT router, I recommend you use firewall software as it will improve the security of your computer by monitoring and controlling outbound connections to the internet as well as inbound. There are various free packages available, such as Sunbelt Personal Firewall and Zone Alarm:
http://www.sunbelt-s...sonal-Firewall/
http://www.zonelabs.com/

Spywareblaster is a free program which prevents the download and installation of Internet Explorer ActiveX based malware by immunizing your system against it. You can download Spywareblaster from here and a tutorial to help you get started is available here.

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

Please take care when downloading programs. One of the easiest ways to be infected is to download freeware/shareware programs which come laden with malware - this includes allowing websites to install browser plug-ins orActiveX controls. Before downloading, it is crucial to check whether the source is reputable.
One way to check is to use McAfee SiteAdvisor. Copy the domain name into the space provided and SiteAdvisor will give you a report on the website which can help you decide if it is safe. They also have a toolbar for IE and Firefox which adds this functionality to your browser.

Find out more about how to prevent infection in the future
http://forum.malware...pic.php?p=33687

Please post back to let me know that you have read this, and if there are any further issues.
ASAP & UNITE Member

#14 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 25 August 2007 - 10:29 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
ASAP & UNITE Member

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users