TheTechGuide Forum
General Category => Tech Clinic => Topic started by: Boozapian on October 28, 2006, 08:02:59 PM
-
I've been having a lot of problems lately and am not sure what to do. My internet connection is very spotty- it's not the broadband connection, that is coming in strong, but for some reason my computer keeps going offline. Also, strange things are happening with the cursor- I'll be typing and then it will suddenly jump a few lines up. And in general, my computer performance is very slow.
I have tried running my antivirus program, Norton's, but it doesn't find anything. I also tried running Spybot, which did find a few problems, but took care of them. Still, I continue to have problems. I also tried running TrojanHunter, but it didn't find anything either. Any suggestions are greatly appreciated, other than running the programs above, I'm not sure what to do. Thank you!
-
Thank you again, and here is the HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 9:11:21 PM, on 10/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\apache2054\Apache2\bin\Apache.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\apache2054\Apache2\bin\Apache.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MICROS~4\Office\OUTLOOK.EXE
C:\Program Files\TrojanHunter 4.6\TrojanHunter.exe
C:\HJT\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: BounceBack Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab (http://\"https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab\")
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab (http://\"https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab\")
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab (http://\"http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab\")
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab\")
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab\")
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab\")
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab (http://\"http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab\")
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab (http://\"https://webdl.symantec.com/activex/symdlmgr.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab (http://\"http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab\")
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab (http://\"https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab\")
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab (http://\"http://chat.msn.com/controls/msnchat45.cab\")
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - C:\apache2054\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\Ewido anti-spyware 4.0\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
-
I'm not seeing anything bad in the log
Any new programs installed lately?
Can we check the following
I'll look at it the first chance I get
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/combofix.exe\") and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post the log from combofix please
-
No, I don't believe I have installed any new programs recently. Here is the Combofix log that you requested:
06-10-29 8:28:42.66 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\bszip.dll
((((((((((((((((((((((((((((((( Files Created from 2006-09-29 to 2006-10-29 ))))))))))))))))))))))))))))))))))
No new files created in this timespan
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-28 20:31 -------- d-------- C:\Documents and Settings\Evelyn Wilkerson\Application Data\TrojanHunter
2006-10-28 19:46 -------- d-------- C:\Program Files\TrojanHunter 4.6
2006-10-28 11:04 -------- d-------- C:\Program Files\Lx_cats
2006-10-23 14:58 -------- d-------- C:\Program Files\Norton SystemWorks
2006-10-22 13:38 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-16 06:30 -------- d-------- C:\Program Files\Yahoo!
2006-10-14 10:09 -------- d-------- C:\Program Files\Google
2006-10-04 16:40 -------- d-------- C:\Program Files\Norton Internet Security
2006-09-25 07:18 -------- d-------- C:\Documents and Settings\Evelyn Wilkerson\Application Data\Google
2006-09-24 12:09 737280 --------- C:\WINDOWS\iun6002.exe
2006-09-20 10:56 -------- d-------- C:\Program Files\Ewido anti-spyware 4.0
2006-09-13 00:01 1084416 --------- C:\WINDOWS\system32\msxml3.dll
2006-09-12 21:20 -------- d-------- C:\Program Files\Symantec
2006-09-11 20:47 -------- d-------- C:\Program Files\CleanUp!
2006-09-11 15:53 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-11 15:53 -------- d-------- C:\Program Files\Common Files
2006-09-11 15:50 -------- d-------- C:\Program Files\Citrix
2006-09-11 13:38 -------- d-------- C:\Program Files\Norton AntiVirus
2006-09-11 12:50 -------- d-------- C:\Documents and Settings\Evelyn Wilkerson\Application Data\Symantec
2006-09-11 10:17 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-09-02 14:10 -------- d-------- C:\Program Files\SpywareBot
2006-08-25 10:45 617472 --------- C:\WINDOWS\system32\comctl32.dll
2006-08-21 07:21 16896 --------- C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --------- C:\WINDOWS\system32\fltmc.exe
2006-08-16 06:58 100352 --------- C:\WINDOWS\system32\6to4svc.dll
2006-08-07 15:02 534208 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-08-07 15:02 161472 --a------ C:\WINDOWS\system32\SymRedir.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe /tray"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"hpWirelessAssistant"=hex(2):22,25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,\
48,50,51,5c,48,50,20,57,69,72,65,6c,65,73,73,20,41,73,73,69,73,74,61,6e,74,\
5c,48,50,20,57,69,72,65,6c,65,73,73,20,41,73,73,69,73,74,61,6e,74,2e,65,78,\
65,22,00
"FaxCenterServer"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s"
@=""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"LXBUCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXBUtime.dll,_RunDLLEntry@16"
"lxbumon.exe"="\"C:\\Program Files\\Lexmark 6200 Series\\lxbumon.exe\""
"EzPrint"="\"C:\\Program Files\\Lexmark 6200 Series\\ezprint.exe\""
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.6\\THGuard.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Evelyn Wilkerson.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec Drmc.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 06-10-29 8:30:06.41
C:\ComboFix.txt ... 06-10-29 08:30
C:\ComboFix2.txt ... 06-10-29 08:27
Thank you Guestolo!
-
I see you ran combofix twice
Can you navigate to the following and copy and paste back the contents of it please
C:\ComboFix2.txt
Do you, or did you have Spywarebot installed?
Is it in your add/remove programs?
Can you also supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
-
[quote name=\'guestolo\' post=\'229204\' date=\'Oct 29 2006, 09:28 AM\']Do you, or did you have Spywarebot installed?
Is it in your add/remove programs?
Can you also supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents[/quote]
I have Spybot S&D 1.4 installed, and yes, it is in my add/remove programs.
Here is the Combofix2.txt log:
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Evelyn Wilkerson\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\bszip.dll
((((((((((((((((((((((((((((((( Files Created from 2006-09-29 to 2006-10-29 ))))))))))))))))))))))))))))))))))
No new files created in this timespan
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-28 20:31 -------- d-------- C:\Documents and Settings\Evelyn Wilkerson\Application Data\TrojanHunter
2006-10-28 19:46 -------- d-------- C:\Program Files\TrojanHunter 4.6
2006-10-28 11:04 -------- d-------- C:\Program Files\Lx_cats
2006-10-23 14:58 -------- d-------- C:\Program Files\Norton SystemWorks
2006-10-22 13:38 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-16 06:30 -------- d-------- C:\Program Files\Yahoo!
2006-10-14 10:09 -------- d-------- C:\Program Files\Google
2006-10-04 16:40 -------- d-------- C:\Program Files\Norton Internet Security
2006-09-25 07:18 -------- d-------- C:\Documents and Settings\Evelyn Wilkerson\Application Data\Google
2006-09-24 12:09 737280 --------- C:\WINDOWS\iun6002.exe
2006-09-20 10:56 -------- d-------- C:\Program Files\Ewido anti-spyware 4.0
2006-09-13 00:01 1084416 --------- C:\WINDOWS\system32\msxml3.dll
2006-09-12 21:20 -------- d-------- C:\Program Files\Symantec
2006-09-11 20:47 -------- d-------- C:\Program Files\CleanUp!
2006-09-11 15:53 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-11 15:53 -------- d-------- C:\Program Files\Common Files
2006-09-11 15:50 -------- d-------- C:\Program Files\Citrix
2006-09-11 13:38 -------- d-------- C:\Program Files\Norton AntiVirus
2006-09-11 12:50 -------- d-------- C:\Documents and Settings\Evelyn Wilkerson\Application Data\Symantec
2006-09-11 10:17 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-09-02 14:10 -------- d-------- C:\Program Files\SpywareBot
2006-08-25 10:45 617472 --------- C:\WINDOWS\system32\comctl32.dll
2006-08-21 07:21 16896 --------- C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --------- C:\WINDOWS\system32\fltmc.exe
2006-08-16 06:58 100352 --------- C:\WINDOWS\system32\6to4svc.dll
2006-08-07 15:02 534208 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-08-07 15:02 161472 --a------ C:\WINDOWS\system32\SymRedir.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe /tray"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"hpWirelessAssistant"=hex(2):22,25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,\
48,50,51,5c,48,50,20,57,69,72,65,6c,65,73,73,20,41,73,73,69,73,74,61,6e,74,\
5c,48,50,20,57,69,72,65,6c,65,73,73,20,41,73,73,69,73,74,61,6e,74,2e,65,78,\
65,22,00
"FaxCenterServer"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s"
@=""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"LXBUCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXBUtime.dll,_RunDLLEntry@16"
"lxbumon.exe"="\"C:\\Program Files\\Lexmark 6200 Series\\lxbumon.exe\""
"EzPrint"="\"C:\\Program Files\\Lexmark 6200 Series\\ezprint.exe\""
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.6\\THGuard.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Evelyn Wilkerson.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec Drmc.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 06-10-29 8:27:24.72
C:\ComboFix.txt ... 06-10-29 08:27
Here is the uninstall list from Hijackthis:
Adobe Acrobat 7.0 Professional
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop 5.5
Adobe Photoshop 7.0
Adobe Reader 7.0
Agere Systems AC'97 Modem
ALPS Touch Pad Driver
Anconia RocketSales 3 Professional
Apache HTTP Server 2.0.54
Audio CD Maker v6.0
BounceBack Express
Cabinet Planner V2.00
Canon Camera Window for ZoomBrowser EX
Canon EOS 10D WIA Driver
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities File Viewer Utility 1.3
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
CleanUp!
Click'N Design 3D
Connection Keep Alive
Core FTP LE 1.3c
CuteFTP 5.0 XP
Dynamic Email Validator
Easy Internet Sign-up
Email Address Extractor 3.0
ewido anti-spyware 4.0
Google Toolbar for Internet Explorer
HijackThis 1.99.1
HP Help and Support
HP Pavillion dv4000 User Guides
HP Wireless Assistant
Intel® Graphics Media Accelerator Driver for Mobile
InterVideo WinDVD
Ipswitch WS_FTP Home 2006
iTunes
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 4
Lexmark 6200 Series
Lexmark Fax Solutions
Live2Support
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Money 2005
Microsoft Office 2000 Premium
Microsoft Office Standard Edition 2003
Microsoft Works
Mozilla Firefox (1.5)
MSN Music Assistant
Netscape Browser (remove only)
Norton Cleanup
Norton Protection Center
Norton SystemWorks
Norton SystemWorks 2006 Basic Edition
Norton SystemWorks 2006 Basic Edition (Symantec Corporation)
Norton Utilities
NSW_DRM_COLLECTION
Panda ActiveScan
Quick Launch Buttons 5.00 D5
Quicken 2003 Deluxe
QuickTime
Real Estate Investment Analysis - Standard Edition Version 12
RealData® Real Estate Calculator, 3.0.01
REIA Lite v 11.0
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
SendBlaster
Smart Email Verifier 3.36
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy 1.4
SurfOffline (remove only)
Symantec Technical Support Web Controls
Texas Instruments PCIxx21/x515 drivers.
TextPad 4.7
TrojanHunter 4.6
uninstall
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
UserGuides
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
XviD MPEG-4 Video Codec
Yahoo! Messenger
Thank you!
-
You posted the identical log from combofix that you posted earlier
Are you trying to hide that fact?
If you try it again I will lock this topic
Please post the log I asked for, if your confused
POST BOTH LOGS
C\:Combofix.txt and C\:Combofix2.txt
-
[quote name=\'guestolo\' post=\'229648\' date=\'Oct 29 2006, 10:12 PM\']You posted the identical log from combofix that you posted earlier
Are you trying to hide that fact?
If you try it again I will lock this topic
Please post the log I asked for, if your confused
POST BOTH LOGS
C\:Combofix.txt and C\:Combofix2.txt[/quote]
No!! I'm so sorry! It wasn't intentional! I thought I posted the combofix2.txt file. Please don't lock the topic! I really need the help.
Here is the log from Combofix.txt (I'll post Combofix2.txt right below it):
Evelyn Wilkerson - 06-10-29 8:28:42.66 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Evelyn Wilkerson\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\bszip.dll
((((((((((((((((((((((((((((((( Files Created from 2006-09-29 to 2006-10-29 ))))))))))))))))))))))))))))))))))
No new files created in this timespan
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-28 20:31 -------- d-------- C:\Documents and Settings\Evelyn Wilkerson\Application Data\TrojanHunter
2006-10-28 19:46 -------- d-------- C:\Program Files\TrojanHunter 4.6
2006-10-28 11:04 -------- d-------- C:\Program Files\Lx_cats
2006-10-23 14:58 -------- d-------- C:\Program Files\Norton SystemWorks
2006-10-22 13:38 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-16 06:30 -------- d-------- C:\Program Files\Yahoo!
2006-10-14 10:09 -------- d-------- C:\Program Files\Google
2006-10-04 16:40 -------- d-------- C:\Program Files\Norton Internet Security
2006-09-25 07:18 -------- d-------- C:\Documents and Settings\Evelyn Wilkerson\Application Data\Google
2006-09-24 12:09 737280 --------- C:\WINDOWS\iun6002.exe
2006-09-20 10:56 -------- d-------- C:\Program Files\Ewido anti-spyware 4.0
2006-09-13 00:01 1084416 --------- C:\WINDOWS\system32\msxml3.dll
2006-09-12 21:20 -------- d-------- C:\Program Files\Symantec
2006-09-11 20:47 -------- d-------- C:\Program Files\CleanUp!
2006-09-11 15:53 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-11 15:53 -------- d-------- C:\Program Files\Common Files
2006-09-11 15:50 -------- d-------- C:\Program Files\Citrix
2006-09-11 13:38 -------- d-------- C:\Program Files\Norton AntiVirus
2006-09-11 12:50 -------- d-------- C:\Documents and Settings\Evelyn Wilkerson\Application Data\Symantec
2006-09-11 10:17 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-09-02 14:10 -------- d-------- C:\Program Files\SpywareBot
2006-08-25 10:45 617472 --------- C:\WINDOWS\system32\comctl32.dll
2006-08-21 07:21 16896 --------- C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --------- C:\WINDOWS\system32\fltmc.exe
2006-08-16 06:58 100352 --------- C:\WINDOWS\system32\6to4svc.dll
2006-08-07 15:02 534208 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-08-07 15:02 161472 --a------ C:\WINDOWS\system32\SymRedir.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe /tray"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"hpWirelessAssistant"=hex(2):22,25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,\
48,50,51,5c,48,50,20,57,69,72,65,6c,65,73,73,20,41,73,73,69,73,74,61,6e,74,\
5c,48,50,20,57,69,72,65,6c,65,73,73,20,41,73,73,69,73,74,61,6e,74,2e,65,78,\
65,22,00
"FaxCenterServer"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s"
@=""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"LXBUCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXBUtime.dll,_RunDLLEntry@16"
"lxbumon.exe"="\"C:\\Program Files\\Lexmark 6200 Series\\lxbumon.exe\""
"EzPrint"="\"C:\\Program Files\\Lexmark 6200 Series\\ezprint.exe\""
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.6\\THGuard.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Evelyn Wilkerson.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec Drmc.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 06-10-29 8:30:06.41
C:\ComboFix.txt ... 06-10-29 08:30
C:\ComboFix2.txt ... 06-10-29 08:27
And here is the log from combofix2.txt:
Evelyn Wilkerson - 06-10-29 8:25:36.39 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Evelyn Wilkerson\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\bszip.dll
((((((((((((((((((((((((((((((( Files Created from 2006-09-29 to 2006-10-29 ))))))))))))))))))))))))))))))))))
No new files created in this timespan
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-28 20:31 -------- d-------- C:\Documents and Settings\Evelyn Wilkerson\Application Data\TrojanHunter
2006-10-28 19:46 -------- d-------- C:\Program Files\TrojanHunter 4.6
2006-10-28 11:04 -------- d-------- C:\Program Files\Lx_cats
2006-10-23 14:58 -------- d-------- C:\Program Files\Norton SystemWorks
2006-10-22 13:38 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-16 06:30 -------- d-------- C:\Program Files\Yahoo!
2006-10-14 10:09 -------- d-------- C:\Program Files\Google
2006-10-04 16:40 -------- d-------- C:\Program Files\Norton Internet Security
2006-09-25 07:18 -------- d-------- C:\Documents and Settings\Evelyn Wilkerson\Application Data\Google
2006-09-24 12:09 737280 --------- C:\WINDOWS\iun6002.exe
2006-09-20 10:56 -------- d-------- C:\Program Files\Ewido anti-spyware 4.0
2006-09-13 00:01 1084416 --------- C:\WINDOWS\system32\msxml3.dll
2006-09-12 21:20 -------- d-------- C:\Program Files\Symantec
2006-09-11 20:47 -------- d-------- C:\Program Files\CleanUp!
2006-09-11 15:53 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-11 15:53 -------- d-------- C:\Program Files\Common Files
2006-09-11 15:50 -------- d-------- C:\Program Files\Citrix
2006-09-11 13:38 -------- d-------- C:\Program Files\Norton AntiVirus
2006-09-11 12:50 -------- d-------- C:\Documents and Settings\Evelyn Wilkerson\Application Data\Symantec
2006-09-11 10:17 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-09-02 14:10 -------- d-------- C:\Program Files\SpywareBot
2006-08-25 10:45 617472 --------- C:\WINDOWS\system32\comctl32.dll
2006-08-21 07:21 16896 --------- C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --------- C:\WINDOWS\system32\fltmc.exe
2006-08-16 06:58 100352 --------- C:\WINDOWS\system32\6to4svc.dll
2006-08-07 15:02 534208 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-08-07 15:02 161472 --a------ C:\WINDOWS\system32\SymRedir.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe /tray"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"hpWirelessAssistant"=hex(2):22,25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,\
48,50,51,5c,48,50,20,57,69,72,65,6c,65,73,73,20,41,73,73,69,73,74,61,6e,74,\
5c,48,50,20,57,69,72,65,6c,65,73,73,20,41,73,73,69,73,74,61,6e,74,2e,65,78,\
65,22,00
"FaxCenterServer"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s"
@=""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"LXBUCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXBUtime.dll,_RunDLLEntry@16"
"lxbumon.exe"="\"C:\\Program Files\\Lexmark 6200 Series\\lxbumon.exe\""
"EzPrint"="\"C:\\Program Files\\Lexmark 6200 Series\\ezprint.exe\""
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.6\\THGuard.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Evelyn Wilkerson.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec Drmc.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 06-10-29 8:27:24.72
C:\ComboFix.txt ... 06-10-29 08:27
-
I thought you posted the same log twice, I'm sorry if I was mistaken
Can i have you do the following please
SpywareBot does not have a good reputation, did you have it installed?
I see the folder in your Combofix log
C:\Program Files\SpywareBot <--Can you enter that folder, is there an uninstaller?
If not, can you delete the folder
Also, just for a double check, can you run the following tools to ensure we are seeing everything
Download and save too desktop
F-Secure Blacklight(blbeta.exe) (http://\"https://europe.f-secure.com/exclude/blacklight/blbeta.exe\")
Double click to run blbeta.exe
* Accept the user agreement.
* Click Scan.
* After the scan finishes, click on Next, then Exit.
Do not rename any files if found by blacklight, I need to see the log
BlackLight will create a log on your desktop with the name "fsbl-xxxxxxx.log".
With that log
Also
Download GMER from here:
http://www.gmer.net/gmer.zip (http://\"http://www.gmer.net/gmer.zip\")
Unzip it to the desktop.
Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for 'Show All'
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.
-
[quote name=\'guestolo\' post=\'230094\' date=\'Oct 30 2006, 07:05 PM\']SpywareBot does not have a good reputation, did you have it installed?
I see the folder in your Combofix log
C:\Program Files\SpywareBot <--Can you enter that folder, is there an uninstaller?
If not, can you delete the folder[/quote]
Hmmm... no, I didn't install SpywareBot. I did install SpyBot, but not SpywareBot. It didn't have an uninstall option, so I did as you suggested and deleted the folder in the Program Files directory.
Here is the FSBL log as you requested (when I ran the program it said it did not find anything):
10/30/06 21:36:17 [Info]: BlackLight Engine 1.0.47 initialized
10/30/06 21:36:17 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/30/06 21:36:17 [Note]: 7019 4
10/30/06 21:36:17 [Note]: 7005 0
10/30/06 21:36:22 [Note]: 7006 0
10/30/06 21:36:22 [Note]: 7011 1608
10/30/06 21:36:22 [Note]: 7026 0
10/30/06 21:36:22 [Note]: 7026 0
10/30/06 21:36:31 [Note]: FSRAW library version 1.7.1020
10/30/06 21:44:34 [Note]: 2000 1012
10/30/06 21:44:34 [Note]: 2000 1012
10/30/06 21:48:31 [Note]: 7007 0
And here is the gmer output:
GMER 1.0.12.11865 - http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2006-10-30 22:12:52
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT ZwAlertResumeThread 861EC770
SSDT ZwAlertThread 861EC4B8
SSDT ZwAllocateVirtualMemory 861F0E38
SSDT ZwCreateKey \??\C:\Program Files\Symantec\SYMEVENT.SYS
SSDT ZwCreateMutant 861EDDF0
SSDT ZwCreateThread 861F1630
SSDT ZwDeleteKey \??\C:\Program Files\Symantec\SYMEVENT.SYS
SSDT ZwDeleteValueKey \??\C:\Program Files\Symantec\SYMEVENT.SYS
SSDT ZwFreeVirtualMemory 8628B168
SSDT ZwImpersonateAnonymousToken 861EDC78
SSDT ZwImpersonateThread 861ED0C8
SSDT ZwMapViewOfSection 86473238
SSDT ZwOpenEvent 861EE238
SSDT ZwOpenProcess \??\C:\Program Files\Ewido anti-spyware 4.0\guard.sys
SSDT ZwOpenProcessToken 862459C8
SSDT ZwOpenThreadToken 86528658
SSDT ZwResumeThread 86222D90
SSDT ZwSetContextThread 861EBE90
SSDT ZwSetInformationProcess 864A2B90
SSDT ZwSetInformationThread 861EB008
SSDT ZwSetValueKey \??\C:\Program Files\Symantec\SYMEVENT.SYS
SSDT ZwSuspendProcess 861EE3B0
SSDT ZwSuspendThread 861EC340
SSDT ZwTerminateProcess \??\C:\Program Files\Ewido anti-spyware 4.0\guard.sys
SSDT ZwTerminateThread 861EC1C8
SSDT ZwUnmapViewOfSection 860EAE38
SSDT ZwWriteVirtualMemory 861F0CE8
---- Kernel code sections - GMER 1.0.12 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 9052 80501060 8 Bytes
.text ntkrnlpa.exe!ZwCallbackReturn + 9072 80501074 4 Bytes
.text ntkrnlpa.exe!ZwCallbackReturn + 9168 805010D4 4 Bytes
.text ntkrnlpa.exe!ZwCallbackReturn + 9176 805010DC 4 Bytes
.text ntkrnlpa.exe!ZwCallbackReturn + 9216 80501104 4 Bytes
.text ...
---- Registry - GMER 1.0.12 ----
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{8065E9BF-72C0-0FC1-5AFDE65F0780FDDF}\{9AEA461A-A66D-2047-6BE4E874E5E97513}\{AA471588-234B-ED0A-4D91A11ADDB01E65}@T5Z13ZW2JKQWLSY1EUWJ2RCRNB1 0x01 0x00 0x01 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{A35BAB48-4D1F-6A0B-6BCC81421932BFFC}\{F9F16A92-BF70-12AC-7ED2CC2822129D24}\{512F8077-C30C-4607-36213242EA83EF67}@526BA65ZPQS4U365YNAELLJ5XA1 0x01 0x00 0x01 0x00 ...
---- Files - GMER 1.0.12 ----
ADS C:\EvelynBAK\DANSTUFF\Dans_Images\Copy of Easter-Ninnie_and_Pa-11-March-04 014.jpg:�Q30lsldxJoudresxAaaqpcawXc
ADS C:\EvelynBAK\DANSTUFF\Dans_Images\Copy of Easter-Ninnie_and_Pa-11-March-04 014.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\EvelynBAK\DANSTUFF\Dans_Images\Copy of Easter-Ninnie_and_Pa-11-March-04 015.jpg:�Q30lsldxJoudresxAaaqpcawXc
ADS C:\EvelynBAK\DANSTUFF\Dans_Images\Copy of Easter-Ninnie_and_Pa-11-March-04 015.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\EvelynBAK\DANSTUFF\Dans_Images\Copy of Easter-Ninnie_and_Pa-11-March-04 016.jpg:�Q30lsldxJoudresxAaaqpcawXc
ADS C:\EvelynBAK\DANSTUFF\Dans_Images\Copy of Easter-Ninnie_and_Pa-11-March-04 016.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\EvelynBAK\DANSTUFF\Dans_Images\Copy of Easter-Ninnie_and_Pa-11-March-04 017.jpg:�Q30lsldxJoudresxAaaqpcawXc
ADS C:\EvelynBAK\DANSTUFF\Dans_Images\Copy of Easter-Ninnie_and_Pa-11-March-04 017.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\EvelynBAK\DANSTUFF\Dans_Images\Copy of Easter-Ninnie_and_Pa-11-March-04 018.jpg:�Q30lsldxJoudresxAaaqpcawXc
ADS C:\EvelynBAK\DANSTUFF\Dans_Images\Copy of Easter-Ninnie_and_Pa-11-March-04 018.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\EvelynBAK\DANSTUFF\Dans_Images\Copy of Easter-Ninnie_and_Pa-11-March-04 019.jpg:�Q30lsldxJoudresxAaaqpcawXc
ADS ...
---- EOF - GMER 1.0.12 ----
Thanks again for your help!
-
Can we take a look at one more log from GMER
Open GMER.exe
If the Rootkit tab is the only tab displayed
Left click on ">>>" to expand then menubar
Select the Autostart tab
This time, ensure there IS a check in Show all
Then click START
This won't take long
When it's done click on COPY
Come back here and Paste to a new reply the contents please
-
Thank you - here is the log you requested:
GMER 1.0.12.11865 - http://www.gmer.net (http://\"http://www.gmer.net\")
Autostart scan 2006-10-31 07:27:51
Windows 5.1.2600 Service Pack 2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute ("Manager@BootExecute") = autocheck autochk * /*file not found*/
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
crypt32chain@DLLName ("crypt32chain@DLLName") = crypt32.dll
cryptnet@DLLName ("cryptnet@DLLName") = cryptnet.dll
cscdll@DLLName ("cscdll@DLLName") = cscdll.dll
igfxcui@DLLName ("igfxcui@DLLName") = igfxsrvc.dll
ScCertProp@DLLName ("ScCertProp@DLLName") = wlnotify.dll
Schedule@DLLName ("Schedule@DLLName") = wlnotify.dll
sclgntfy@DLLName ("sclgntfy@DLLName") = sclgntfy.dll
SensLogn@DLLName ("SensLogn@DLLName") = WlNotify.dll
termsrv@DLLName ("termsrv@DLLName") = wlnotify.dll
WgaLogon@DLLName ("WgaLogon@DLLName") = WgaLogon.dll
wlballoon@DLLName ("wlballoon@DLLName") = wlnotify.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs =
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Apache2 /*Apache2*/@ = "C:\apache2054\Apache2\bin\Apache.exe" -k runservice
AudioSrv /*Windows Audio*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Automatic LiveUpdate Scheduler /*Automatic LiveUpdate Scheduler*/@ = "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
Browser /*Computer Browser*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
ccEvtMgr /*Symantec Event Manager*/@ = "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ccSetMgr /*Symantec Settings Manager*/@ = "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
CryptSvc /*Cryptographic Services*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch /*DCOM Server Process Launcher*/@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp /*DHCP Client*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Dnscache /*DNS Client*/@ = %SystemRoot%\system32\svchost.exe -k NetworkService
ERSvc /*Error Reporting Service*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog /*Event Log*/@ = %SystemRoot%\system32\services.exe
ewido anti-spyware 4.0 guard /*ewido anti-spyware 4.0 guard*/@ = C:\Program Files\Ewido anti-spyware 4.0\guard.exe
helpsvc /*Help and Support*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
HidServ /*HID Input Service*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanserver /*Server*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
lanmanworkstation /*Workstation*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
LmHosts /*TCP/IP NetBIOS Helper*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
NProtectService /*Norton UnErase Protection*/@ = C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe
PolicyAgent /*IPSEC Services*/@ = %SystemRoot%\system32\lsass.exe
ProtectedStorage /*Protected Storage*/@ = %SystemRoot%\system32\lsass.exe
RpcSs /*Remote Procedure Call (RPC)*/@ = %SystemRoot%\system32\svchost -k rpcss
SamSs /*Security Accounts Manager*/@ = %SystemRoot%\system32\lsass.exe
Schedule /*Task Scheduler*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
seclogon /*Secondary Logon*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS /*System Event Notification*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess /*Windows Firewall/Internet Connection Sharing (ICS)*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
ShellHWDetection /*Shell Hardware Detection*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SoundMAX Agent Service (default) /*SoundMAX Agent Service*/@ = C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
SPBBCSvc /*Symantec SPBBCSvc*/@ = "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
Speed Disk service /*Speed Disk service*/@ = C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
srservice /*System Restore Service*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
stisvc /*Windows Image Acquisition (WIA)*/@ = %SystemRoot%\system32\svchost.exe -k imgsvc
Symantec Core LC /*Symantec Core LC*/@ = C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Themes /*Themes*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks /*Distributed Link Tracking Client*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
W32Time /*Windows Time*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient /*WebClient*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
winmgmt /*Windows Management Instrumentation*/@ = %systemroot%\system32\svchost.exe -k netsvcs
wscsvc /*Security Center*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
wuauserv /*Automatic Updates*/@ = %systemroot%\system32\svchost.exe -k netsvcs
WZCSVC /*Wireless Zero Configuration*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@IgfxTrayC:\WINDOWS\system32\igfxtray.exe = C:\WINDOWS\system32\igfxtray.exe
@HotKeysCmdsC:\WINDOWS\system32\hkcmd.exe = C:\WINDOWS\system32\hkcmd.exe
@AGRSMMSGAGRSMMSG.exe = AGRSMMSG.exe
@SoundMAXPnPC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe = C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
@SoundMAXC:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray /*file not found*/ = C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray /*file not found*/
@SunJavaUpdateSchedC:\Program Files\Java\jre1.5.0_04\bin\jusched.exe = C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
@UpdateManager"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r = "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
@iTunesHelperC:\Program Files\iTunes\iTunesHelper.exe = C:\Program Files\iTunes\iTunesHelper.exe
@QuickTime Task"C:\Program Files\QuickTime\qttask.exe" -atboottime = "C:\Program Files\QuickTime\qttask.exe" -atboottime
@eabconfg.cplC:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start /*file not found*/ = C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start /*file not found*/
@CpqsetC:\Program Files\HPQ\Default Settings\cpqset.exe ??? 6 6 5 2 P??? ??B ? ????B ????� = C:\Program Files\HPQ\Default Settings\cpqset.exe ??? 6 6 5 2 P??? ??B ? ????B ????�
@hpWirelessAssistant"%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" = "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
@FaxCenterServer"C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s = "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
@ /*file not found*/ = /*file not found*/
@ccApp"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
@LXBUCATSrundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16 = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
@lxbumon.exe"C:\Program Files\Lexmark 6200 Series\lxbumon.exe" = "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
@EzPrint"C:\Program Files\Lexmark 6200 Series\ezprint.exe" = "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
@Acrobat Assistant 7.0"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" = "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@swgC:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe /*file not found*/ = C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe /*file not found*/
@Yahoo! Pager"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet = "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheck%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@SysTrayC:\WINDOWS\system32\stobject.dll = C:\WINDOWS\system32\stobject.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L
HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L
HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\system32\mshta.exe "%1" %*
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{AEB6717E-7E19-11d0-97EE-00C04FD91972}shell32.dll = shell32.dll
@{57B86673-276A-48B2-BAE7-C6DBB3020EB8}C:\Program Files\Ewido anti-spyware 4.0\shellexecutehook.dll = C:\Program Files\Ewido anti-spyware 4.0\shellexecutehook.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Multimedia File Property Sheet*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*ICM Scanner Management*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*NTFS Security Page*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*OLE Docfile Property Page*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Shell extensions for sharing*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\system32\themeui.dll = %SystemRoot%\system32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Display Adapter CPL Extension*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Display Monitor CPL Extension*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/(null) =
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*DS Security Page*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Compatibility Page*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Shell Scrap DataHandler*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Disk Copy Extension*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Shell extensions for Microsoft Windows Network objects*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*ICM Monitor Management*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*ICM Printer Management*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Shell extensions for file compression*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Web Printer Shell Extension*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Encryption Context Menu*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Briefcase*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*HyperTerminal Icon Ext*/C:\WINDOWS\system32\hticons.dll = C:\WINDOWS\system32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Fonts*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*ICC Profile*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Printers Security Page*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Shell extensions for sharing*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Crypto PKO Extension*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Crypto Sign Extension*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Network Connections*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Network Connections*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\system32\remotepg.dll = C:\WINDOWS\system32\remotepg.dll
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Shell extensions for Windows Script Host*/C:\WINDOWS\system32\wshext.dll = C:\WINDOWS\system32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Program Files\Common Files\System\Ole DB\oledb32.dll = C:\Program Files\Common Files\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Scheduled Tasks*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Taskbar and Start Menu*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Search*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Help and Support*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Help and Support*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Run...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*E-mail*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Fonts*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Administrative Tools*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Microsoft Internet Toolbar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Download Status*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Augmented Shell Folder*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Augmented Shell Folder 2*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*In-pane search*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Web Search*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Registry Tree Options Utility*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Address*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Microsoft AutoComplete*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*MRU AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Custom MRU AutoCompleted List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessible*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Track Popup Bar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Microsoft History AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Microsoft Shell Folder AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Microsoft Multiple AutoComplete List Container*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*User Assist*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Global Folder Settings*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/shdocvw.dll = shdocvw.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*IE4 Suite Splash Screen*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*ActiveX Cache Folder*/%SystemRoot%\system32\occache.dll = %SystemRoot%\system32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Subscription Folder*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Shell Application Manager*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Installed Apps Enumerator*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI+ file thumbnail extractor*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*HTML Thumbnail Extractor*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Web Publishing Wizard*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Print Ordering via the Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Shell Publishing Wizard Object*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Get a Passport Wizard*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*User Accounts*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Compressed (zipped) Folder*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{f39a0dc0-9cc8-11d0-a599-00c04fd64433} /*Channel File*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} /*Channel Shortcut*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} /*Channel Handler Object*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3da0dc0-9cc8-11d0-a599-00c04fd64437} /*Channel Menu*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} /*Channel Properties*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\system32\msieftp.dll = C:\WINDOWS\system32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Offline Files Folder*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\system32\dfsshlex.dll = C:\WINDOWS\system32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\system32\photowiz.dll = %SystemRoot%\system32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*For &People...*/C:\Program Files\Outlook Express\wabfind.dll = C:\Program Files\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{1D2680C9-0E2A-469d-B787-065558BC7D43} /*Fusion Cache*/c:\WINDOWS\system32\mscoree.dll = c:\WINDOWS\system32\mscoree.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~4\Office\MLSHEXT.DLL = C:\PROGRA~1\MICROS~4\Office\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~4\Office\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~4\Office\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
@{DEE12703-6333-4D4E-8F34-738C4DCC2E04} /*RecordNow! SendToExt*/C:\Program Files\Sonic\RecordNow!\shlext.dll = C:\Program Files\Sonic\RecordNow!\shlext.dll
@{59850401-6664-101B-B21C-00AA004BA90B} /*Microsoft Office Binder Unbind*/C:\PROGRA~1\MICROS~4\Office\1033\UNBIND.DLL = C:\PROGRA~1\MICROS~4\Office\1033\UNBIND.DLL
@{8F7261D0-D2B9-11D2-9909-00605205B24C} /*CuteFTP Shell Extension*/C:\Program Files\CuteFTP\Cuteshell.dll = C:\Program Files\CuteFTP\Cuteshell.dll
@{2F25CF20-C569-11D1-B94C-00608CB45480} /*TextPad*/C:\Program Files\TextPad 4\System\shellext.dll = C:\Program Files\TextPad 4\System\shellext.dll
@{640167b4-59b0-47a6-b335-a6b3c0695aea} /*Portable Media Devices*/%SystemRoot%\system32\Audiodev.dll = %SystemRoot%\system32\Audiodev.dll
@{cc86590a-b60a-48e6-996b-41d25ed39a1e} /*Portable Media Devices Menu*/%SystemRoot%\system32\Audiodev.dll = %SystemRoot%\system32\Audiodev.dll
@{21569614-B795-46b1-85F4-E737A8DC09AD} /*Shell Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} /*Adobe.Acrobat.ContextMenu*/C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll = C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
@{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} /*TrojanHunter Menu Shell Extension*/(null) =
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802 ("Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802")} = C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
CuteFTP@{8f7261d0-d2b9-11d2-9909-00605205b24c ("CuteFTP@{8f7261d0-d2b9-11d2-9909-00605205b24c")} = C:\Program Files\CuteFTP\Cuteshell.dll
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920 ("anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920")} = C:\Program Files\Ewido anti-spyware 4.0\context.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03 ("Files@{750fdf0e-2a26-11d1-a3ea-080036587f03")} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936 ("With@{09799AFB-AD67-11d1-ABCD-00C04FC30936")} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46 ("EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46")} = %SystemRoot%\system32\SHELL32.dll
TextPad@{2F25CF20-C569-11D1-B94C-00608CB45480 ("TextPad@{2F25CF20-C569-11D1-B94C-00608CB45480")} = C:\Program Files\TextPad 4\System\shellext.dll
WS_FTP@{797F3885-5429-11D4-8823-0050DA59922B ("WS_FTP@{797F3885-5429-11D4-8823-0050DA59922B")} = C:\Program Files\Ipswitch\WS_FTP Home\wsftpsi.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = %SystemRoot%\system32\SHELL32.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
CuteFTP@{8f7261d0-d2b9-11d2-9909-00605205b24c ("CuteFTP@{8f7261d0-d2b9-11d2-9909-00605205b24c")} = C:\Program Files\CuteFTP\Cuteshell.dll
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46 ("EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46")} = %SystemRoot%\system32\SHELL32.dll
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920 ("anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920")} = C:\Program Files\Ewido anti-spyware 4.0\context.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03 ("Files@{750fdf0e-2a26-11d1-a3ea-080036587f03")} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6 ("Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6")} = ntshrui.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\WS_FTP@{797F3885-5429-11D4-8823-0050DA59922B} = C:\Program Files\Ipswitch\WS_FTP Home\wsftpsi.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\Program Files\Spybot - Search & Destroy\SDHelper.dll = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\program files\google\googletoolbar4.dll = c:\program files\google\googletoolbar4.dll
@{AE7CD045-E861-484f-8273-0445EE161910}C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
HKCU\Control Panel\[email protected] = none /*file not found*/
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop\")
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home (http://\"http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home\")
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.com/ = http://www.google.com/ (http://\"http://www.google.com/\")
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID ("application/octet-stream@CLSID") = C:\WINDOWS\system32\mscoree.dll
application/x-complus@CLSID ("application/x-complus@CLSID") = C:\WINDOWS\system32\mscoree.dll
application/x-msdownload@CLSID ("application/x-msdownload@CLSID") = C:\WINDOWS\system32\mscoree.dll
Class Install Handler@CLSID ("Handler@CLSID") = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID ("deflate@CLSID") = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID ("gzip@CLSID") = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID ("lzdhtml@CLSID") = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID ("text/webviewhtml@CLSID") = %SystemRoot%\system32\SHELL32.dll
text/xml@CLSID ("text/xml@CLSID") = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID ("about@CLSID") = %SystemRoot%\system32\mshtml.dll
cdl@CLSID ("cdl@CLSID") = C:\WINDOWS\system32\urlmon.dll
dvd@CLSID ("dvd@CLSID") = C:\WINDOWS\system32\msvidctl.dll
file@CLSID ("file@CLSID") = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID ("ftp@CLSID") = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID ("gopher@CLSID") = C:\WINDOWS\system32\urlmon.dll
http@CLSID ("http@CLSID") = C:\WINDOWS\system32\urlmon.dll
https@CLSID ("https@CLSID") = C:\WINDOWS\system32\urlmon.dll
its@CLSID ("its@CLSID") = C:\WINDOWS\system32\itss.dll
javascript@CLSID ("javascript@CLSID") = %SystemRoot%\system32\mshtml.dll
local@CLSID ("local@CLSID") = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID ("mailto@CLSID") = %SystemRoot%\system32\mshtml.dll
mhtml@CLSID ("mhtml@CLSID") = %SystemRoot%\system32\inetcomm.dll
mk@CLSID ("mk@CLSID") = C:\WINDOWS\system32\urlmon.dll
ms-its@CLSID ("ms-its@CLSID") = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID ("ms-itss@CLSID") = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
mso-offdap11@CLSID ("mso-offdap11@CLSID") = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
res@CLSID ("res@CLSID") = %SystemRoot%\system32\mshtml.dll
sysimage@CLSID ("sysimage@CLSID") = %SystemRoot%\system32\mshtml.dll
tv@CLSID ("tv@CLSID") = C:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID ("vbscript@CLSID") = %SystemRoot%\system32\mshtml.dll
wia@CLSID ("wia@CLSID") = C:\WINDOWS\system32\wiascr.dll
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath ("000000000001@LibraryPath") = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath ("000000000002@LibraryPath") = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath ("000000000003@LibraryPath") = %SystemRoot%\System32\mswsock.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem ("000000000001@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem ("000000000002@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem ("000000000003@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem ("000000000004@PackedCatalogItem") = %SystemRoot%\system32\rsvpsp.dll
000000000005@PackedCatalogItem ("000000000005@PackedCatalogItem") = %SystemRoot%\system32\rsvpsp.dll
000000000006@PackedCatalogItem ("000000000006@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem ("000000000007@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem ("000000000008@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem ("000000000009@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem ("000000000010@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem ("000000000011@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem ("000000000012@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem ("000000000013@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem ("000000000014@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
C:\Documents and Settings\All Users\Start Menu\Programs\Startup = BounceBack Launcher.lnk
---- EOF - GMER 1.0.12 ----
-
That's not showing much
It may be programs installed
Can you do the following
1. Click Start, click Run, type msconfig in the Open box, and then click OK.
2. On the General tab, click Selective Startup, clear the Load Startup Items check box.>>Apply it
3. On the Services tab, select the Hide All Microsoft Services check box, and then click Disable All.
4. Click APPLY>>CLOSE, and then click Restart to restart your computer.
Back in Windows
We would of disabled AV and other startup entries and services
Can you ensure that Windows Firewall is enabled in the Windows Control Panel
Surf around a bit to sites that you trust
Any improvement in Internet performance and system performance?
We're just doing the above as troubleshooting steps
Definitely not going to leave the computer in this state, but hopefully help to diagnose the problem
-
I did as you suggested, but there was no improvement in Internet performance or system performance...
Thank you.
-
Can you give me your system specs. please
Eg.. Ram installed, type of processor, etc...
Right click MyComputer>>Left click Properties
You have CCleaner and CleanUp! installed on your computer
Can you run them both and clean temp files, cookies, etc....
Download>>Install [color=\"#000099\"]AVG Anti-Spyware 7.5[/color] (http://\"http://www.ewido.net/en/download/\") from Ewido networks- Load AVG-antispyware and then click the Update tab at the top. Under Manual Update click Start update.
- After the update finishes (the status bar at the bottom will display "Update successful")
- Select the "Scanner" tab
- Click the "Settings" tab and then change the recommended action to Quarantine and ensure that Automatically generate report after every scan is selected
- Click back to the "Scan" tab and then click on Complete System Scan.
- Let this scan complete, let it run uninterrupted
- AVG will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
- Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
- An AVG icon will be placed in your system tray next to your clock, can you right on it and uncheck both
"Resident Shield" and "Start with Windows"
[/list]Reboot the computer
Back in Windows
Can you post back the following please
1. Post a fresh hijackthis log
2. Post the whole report from AVG-Antispyware
3. Post system specs.
-
[quote name=\'guestolo\' post=\'230520\' date=\'Oct 31 2006, 08:27 PM\']1. Post a fresh hijackthis log
2. Post the whole report from AVG-Antispyware
3. Post system specs.[/quote]
Here is the hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 1:32:16 PM, on 11/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\apache2054\Apache2\bin\Apache.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\apache2054\Apache2\bin\Apache.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\PROGRA~1\MICROS~4\Office\OUTLOOK.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\EvelynBAK\Desktop\Downloads\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab (http://\"https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab\")
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab (http://\"https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab\")
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab (http://\"http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab\")
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab\")
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab\")
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab\")
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab (http://\"http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab\")
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab (http://\"https://webdl.symantec.com/activex/symdlmgr.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab (http://\"http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab\")
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab (http://\"https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab\")
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab (http://\"http://chat.msn.com/controls/msnchat45.cab\")
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - C:\apache2054\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Here is the AVG report:
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 9:15:05 AM 11/1/2006
+ Scan result:
C:\Documents and Settings\Evelyn Wilkerson\Cookies\evelyn wilkerson@adtech[2].txt ("wilkerson@adtech") -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Evelyn Wilkerson\Cookies\evelyn .txt"]wilkerson@atdmt[1].txt ("wilkerson@atdmt[1) -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Evelyn Wilkerson\Cookies\evelyn .txt"]wilkerson@doubleclick[1].txt ("wilkerson@doubleclick[1) -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Evelyn Wilkerson\Cookies\evelyn .txt"][email protected] ("[email protected][2)[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\RECYCLER\NPROTECT0024483.TXT -> TrackingCookie.Sexcounter : Cleaned.
C:\RECYCLER\NPROTECT0024484.TXT -> TrackingCookie.Sexcounter : Cleaned.
C:\RECYCLER\NPROTECT0024502.TXT -> TrackingCookie.Sexcounter : Cleaned.
C:\RECYCLER\NPROTECT0024503.TXT -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Evelyn Wilkerson\Cookies\evelyn .txt"][email protected][2].txt ("[email protected][2) -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
System Specs:
HP Intel Pentium Processor 1.73GHz
795 MHz, 1.0GB RAM
Thank you again!
-
Your log looks good, how long have you had Norton's Systemworks 2006 installed?
Not trying to point fingers, but I've seen many users say it can be a big resource hog and see slowdowns with it installed
although you have much Ram installed
Do you have a 1.73 Ghz processor?
Look over your hijackthis log
Anything you can remember installing recently which may cause the slowdowns??
Open taskmanager, anything using up much CPU
What is System Idle Process percentage at?
-
I have had Norton's SystemWorks installed maybe a month or so, but uninstalled it two days ago. Nothing has improved. The main problem seems to be the internet connection- the signal strength is exc. and the cable guy said it's running fine, it has something to do with our computer. The connection just keeps going down. Yes, processor is 1.73GHz.
Can't find anything on the Hijackthis log that we have installed that may be causing problems.
svchost.exe seems to be eating a lot of of mem usage, other than explorer & outlook. System idle says 28k.
Thank you!
-
Can I see a fresh hijackthis log please
-
[quote name=\'guestolo\' post=\'233736\' date=\'Nov 6 2006, 06:46 PM\']Can I see a fresh hijackthis log please[/quote]
Sure thing- here it is...
Logfile of HijackThis v1.99.1
Scan saved at 7:49:55 PM, on 11/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\apache2054\Apache2\bin\Apache.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\apache2054\Apache2\bin\Apache.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~4\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\EvelynBAK\Desktop\Downloads\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab (http://\"https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab\")
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab (http://\"https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab\")
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab (http://\"http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab\")
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab\")
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab\")
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab\")
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab (http://\"http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab\")
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab (http://\"https://webdl.symantec.com/activex/symdlmgr.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab (http://\"http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab\")
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab (http://\"https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab\")
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab (http://\"http://chat.msn.com/controls/msnchat45.cab\")
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - C:\apache2054\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
-
Can we disable a couple services related to Symantec's
I really don't want to leave you without AntiVirus software, but we are trouble shooting
Can you go to START.>>RUN>>type in
services.msc
Hit OK
In the new window, on the right hand side, double click on
the following
Automatic LiveUpdate Scheduler
In the startup type dropdown box select DISABLED
Apply and OK it
Do the same for this one
LiveUpdate
Access your windows control panel and open the Java Icon
Under the Update tab Uncheck Automatically Check for Updates
NEVER if prompted>>OK out of there
Reboot your computer
Download and unzip to it's own folder
ProcessExplorer (http://\"http://www.sysinternals.com/Utilities/ProcessExplorer.html\")
Download link is at the bottom of the page
Open Procexp.exe
Click on FILE>>SAVE AS
Save this file too desktop
Open the text file save to your desktop and click on FORMAT
UNCHECK Word Wrap if selected
Copy>>Paste back here the contents please
-
Here is the copy of the procexp.txt file:
Process PID CPU Description Company Name
System Idle Process 0 96.92
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 616 Windows NT Session Manager Microsoft Corporation
csrss.exe 684 Client Server Runtime Process Microsoft Corporation
winlogon.exe 708 Windows NT Logon Application Microsoft Corporation
services.exe 752 Services and Controller app Microsoft Corporation
svchost.exe 916 Generic Host Process for Win32 Services Microsoft Corporation
GoogleToolbarNotifier.exe 2492 GoogleToolbarNotifier Google Inc.
wmiprvse.exe 264 WMI Microsoft Corporation
svchost.exe 972 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1112 Generic Host Process for Win32 Services Microsoft Corporation
wscntfy.exe 2848 Windows Security Center Notification App Microsoft Corporation
svchost.exe 1176 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1356 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1636 Spooler SubSystem App Microsoft Corporation
Apache.exe 1900 Apache HTTP Server Apache Software Foundation
Apache.exe 420 Apache HTTP Server Apache Software Foundation
guard.exe 1920 AVG Anti-Spyware guard Anti-Malware Development a.s.
SMAgent.exe 2028 SoundMAX service agent component Analog Devices, Inc.
svchost.exe 216 Generic Host Process for Win32 Services Microsoft Corporation
wdfmgr.exe 2204 Windows User Mode Driver Manager Microsoft Corporation
alg.exe 2836 Application Layer Gateway Service Microsoft Corporation
iPodService.exe 3484 iPodService Module Apple Computer, Inc.
lxbucoms.exe 3880 Lexmark Communication System Lexmark International, Inc.
lsass.exe 764 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 2356 Windows Explorer Microsoft Corporation
SMax4PNP.exe 3280 SMax4PNP MFC Application Analog Devices, Inc.
lxbumon.exE 3408 Lexmark 6200 Series Device Monitor Lexmark International, Inc.
iTunesHelper.exe 3416 iTunesHelper Module Apple Computer, Inc.
hkcmd.exe 3488 hkcmd Module Intel Corporation
ezprint.exe 3512
eabservr.exe 3528 Quick Launch Buttons Hewlett-Packard
AGRSMMSG.exe 3588 SoftModem Messaging Applet Agere Systems
acrotray.exe 3644 AcroTray Adobe Systems Inc.
BBLauncher.exe 3840
IEXPLORE.EXE 3656 Internet Explorer Microsoft Corporation
IEXPLORE.EXE 1972 Internet Explorer Microsoft Corporation
OUTLOOK.EXE 204 Microsoft Outlook Microsoft Corporation
procexp.exe 2320 3.08 Sysinternals Process Explorer Sysinternals
Thanks for your continuing help!
-
System idle looks good, do you have 2 instances of Internet explorer open?
Are there other users on this computer that are logged in?
-
[quote name=\'guestolo\' post=\'233783\' date=\'Nov 6 2006, 08:30 PM\']System idle looks good, do you have 2 instances of Internet explorer open?
Are there other users on this computer that are logged in?[/quote]
My husband might have been also logged on, I am not sure if he was or not. I can't remember about IE... want me to rerun ProcessExplorer?
-
What I was getting at is that the system processes look normal
Nothing suspicious or high cpu useage
That was with 2 IE windows open
Are you still experiencing slow downs??
When, and if you do, run Process Explorer again and save the log and post it here
-
[quote name=\'guestolo\' post=\'233872\' date=\'Nov 7 2006, 07:29 AM\']What I was getting at is that the system processes look normal
Nothing suspicious or high cpu useage
That was with 2 IE windows open
Are you still experiencing slow downs??
When, and if you do, run Process Explorer again and save the log and post it here[/quote]
Yes, it's mostly the internet connection that is the problem- it keeps going down, even though the signal strength is excellent. The next time that happens, I'll run Process Exp again and post the log... in the meantime, should I enable the Norton's stuff that I disabled, or leave it for the time being? Thank you!
-
For the time being leave the 2 services disabled, probably won't do you any good enabling them since you already
Uninstalled Norton's
Did your version of Norton's have Firewall protection?
It didn't appear to have
Is the XP firewall enabled in the Windows control panel, if not, can you enable it
Is this a wireless connection your having problems with?
It could be interference from other items in the household
Eg.. Cordless phone, microwave
Distance to the router
As mentioned, I don't want to leave you without Antivirus for long
Just be careful with what you download, surf for a day and see if you still experience problems
We can reinstall Norton's if it wasn't the problem
If it is the problem, we can try another AV>>It will be free, but we'll see if it causes issues
EDIT>>In addition, have you ensure that you have visited Windows Updates and received all latest HIGH PRIORITY updates
Run the EXPRESS scan
-
My husband told me to disable the Norton's firewall because we have firewall protection with the router. The XP firewall is enabled when I checked it through the control panel. I WAS using a wireless connection, but even when I completely disconnect from the router and just connect directly to the cable modem it still is giving me issues. It seems like 90% of the time the connection is down, or really really slow. I did what you suggested about the Windows updates. I'm so frustrated I'm about to launch this thing out the window!
-
It's been a few days, can you do the following
Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
-
[quote name=\'guestolo\' post=\'237451\' date=\'Nov 11 2006, 06:49 PM\']It's been a few days...[/quote]
Yes, it's taken me that long to get back online!
Here is the list:
Adobe Acrobat 7.0 Professional
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop 5.5
Adobe Photoshop 7.0
Adobe Reader 7.0
Agere Systems AC'97 Modem
ALPS Touch Pad Driver
Anconia RocketSales 3 Professional
Apache HTTP Server 2.0.54
Audio CD Maker v6.0
AVG Anti-Spyware 7.5
BounceBack Express
Cabinet Planner V2.00
Canon Camera Window for ZoomBrowser EX
Canon EOS 10D WIA Driver
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities File Viewer Utility 1.3
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
CleanUp!
Click'N Design 3D
Core FTP LE 1.3c
CuteFTP 5.0 XP
Dynamic Email Validator
Easy Internet Sign-up
Email Address Extractor 3.0
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Help and Support
HP Pavillion dv4000 User Guides
HP Wireless Assistant
Intel® Graphics Media Accelerator Driver for Mobile
InterVideo WinDVD
Ipswitch WS_FTP Home 2006
iTunes
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 4
Lexmark 6200 Series
Lexmark Fax Solutions
Live2Support
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Office Standard Edition 2003
Microsoft Works
Mozilla Firefox (1.5)
MSN Music Assistant
Napster
Napster Burn Engine
Netscape Browser (remove only)
Panda ActiveScan
Quick Launch Buttons 5.00 D5
Quicken 2003 Deluxe
QuickTime
Real Estate Investment Analysis - Standard Edition Version 12
RealData® Real Estate Calculator, 3.0.01
RealPlayer
REIA Lite v 11.0
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
SendBlaster
Smart Email Verifier 3.36
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy 1.4
SurfOffline (remove only)
Symantec Technical Support Web Controls
Texas Instruments PCIxx21/x515 drivers.
TextPad 4.7
uninstall
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
UserGuides
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
XviD MPEG-4 Video Codec
Also, I posted this in a new topic because I didn't want to go off subject (not sure if it's related or not), but I tried to install Windows Media Player and when I ran the exe file it said it could not load because it could find the gdiplus.dll file.
Thanks again,
Mickapoo
-
Out of curiousity, how long have you had Email Address Extractor and/or SMART EMAIL VERIFIER installed?
Could you do the following for me
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as export.bat
Save this file on the desktop
regedit /e Export.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"
Double click on export.bat
A text file called export.txt will be placed on desktop
Copy>>Paste back here the whole contents of export.txt
Also
Create another .bat for me please
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as find.bat
Save this file on the desktop
@echo off
cd C:\WINDOWS\WinSxS
dir /s /a > C:\find.txt
notepad C:\find.txt
del /q C:\find.txt
Double click on find.bat, a text file will open, copy>>paste back here the whole contents
-
About the two email programs you mentioned, they have probably been installed a couple of months or so.
Here is the content of the export.txt file:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Event"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,b2,b5,2d,10,c6,cb,e0,46,ab,8f,e2,ad,4b,ae,a7,8f,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,5e,6b,f5,47,37,73,97,1b,\
35,d6,cf,d1,cc,3c,21,40,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,e4,\
0b,33,03,d3,0a,5a,9f,22,54,1d,c6,6b,d3,42,f1,b0,01,00,00,43,73,26,6b,2c,69,\
97,32,e0,6e,e0,c1,70,5c,35,d6,81,63,9c,a3,0a,c1,7e,74,58,da,7d,13,d4,2f,46,\
2e,f0,fe,cc,7f,3b,d0,a0,fa,e2,60,3e,eb,86,f9,f6,44,b9,f0,f2,15,88,f8,69,fc,\
d1,0c,25,55,84,52,de,ba,f6,9c,b1,8f,f9,03,ac,f6,21,dc,3f,04,ae,91,64,b9,9c,\
97,14,1c,c6,3c,cf,4a,af,98,18,69,a0,72,ea,61,c6,b5,f8,18,09,2d,a8,ab,69,b6,\
f5,b7,75,7b,c4,98,bb,a0,f1,db,47,cc,42,f9,06,42,5b,a1,e8,9d,06,36,53,f2,36,\
98,07,33,53,e4,5a,64,22,cd,77,e7,49,b4,02,fa,4f,66,35,54,3f,44,62,c7,68,ba,\
12,a9,45,ba,83,ec,f0,98,8e,82,4d,94,57,f2,39,05,6b,4b,cd,05,45,3f,4e,73,4d,\
ca,aa,a6,0c,aa,88,81,2b,27,13,dc,f8,c9,08,1e,da,fc,39,c5,85,42,eb,e8,1b,94,\
98,d9,33,45,5e,dd,2b,1a,44,7a,ed,fe,c9,14,25,96,55,ce,77,a4,9f,e7,f7,e8,97,\
00,43,3f,68,a8,6c,b3,9a,af,0a,78,b4,5a,e3,b0,62,f9,57,b1,e3,19,d0,ba,53,15,\
30,ca,72,8a,44,54,a3,a4,5f,b4,22,91,c5,c5,b6,7b,ff,47,7f,eb,4f,44,4a,2f,64,\
92,d6,c7,0c,f4,e4,82,db,27,40,52,57,18,d9,2c,cf,90,4f,43,44,e9,87,97,59,37,\
b4,7f,49,6b,7c,a4,f7,c5,99,55,40,2b,dc,40,4c,fc,84,6f,48,11,d5,be,5c,30,25,\
da,87,7e,f8,48,2a,37,a9,52,27,67,f1,ae,04,8b,d9,f8,b4,3a,be,ed,d4,29,75,1e,\
ae,16,ee,45,2c,e0,54,45,28,70,68,87,71,6b,53,da,9f,ab,b6,c2,92,88,96,f8,18,\
6a,b6,83,f9,53,8b,09,e2,ec,07,fd,ae,b1,77,b6,ea,4d,fa,e7,a9,54,e1,74,f9,58,\
48,e4,43,80,3d,ad,d7,26,12,00,3e,d4,a7,4f,6c,76,52,19,b1,ed,f0,2e,68,9b,53,\
16,14,00,00,00,8f,f2,61,84,bc,f5,7f,ed,58,08,12,75,93,e5,b4,48,8d,69,2e,56
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
Here is the content from find.bat:
Volume in drive C is Local Disk
Volume Serial Number is 329D-CAC4
Directory of C:\WINDOWS\WinSxS
10/15/2006 02:01 AM <DIR> .
10/15/2006 02:01 AM <DIR> ..
01/25/2005 09:46 AM <DIR> InstallTemp
11/01/2006 08:15 AM <DIR> Manifests
01/25/2005 09:26 AM <DIR> Policies
01/25/2005 09:46 AM <DIR> x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a
01/25/2005 09:46 AM <DIR> x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d
01/25/2005 09:26 AM <DIR> x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7
01/25/2005 09:26 AM <DIR> x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a
01/25/2005 09:26 AM <DIR> x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
10/15/2006 02:01 AM <DIR> x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
01/25/2005 09:26 AM <DIR> x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a
01/25/2005 09:26 AM <DIR> x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9
01/25/2005 09:26 AM <DIR> x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13
01/25/2005 09:26 AM <DIR> x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82
01/25/2005 09:26 AM <DIR> x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7
01/25/2005 09:26 AM <DIR> x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95
01/25/2005 09:26 AM <DIR> x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0
0 File(s) 0 bytes
Directory of C:\WINDOWS\WinSxS\InstallTemp
01/25/2005 09:46 AM <DIR> .
01/25/2005 09:46 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\WINDOWS\WinSxS\Manifests
11/01/2006 08:15 AM <DIR> .
11/01/2006 08:15 AM <DIR> ..
01/25/2005 09:46 AM 7,243 x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a.cat
01/25/2005 09:46 AM 500 x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a.Manifest
01/25/2005 09:46 AM 7,239 x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d.cat
01/25/2005 09:46 AM 3,478 x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d.Manifest
08/04/2004 03:00 AM 7,232 x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.cat
08/04/2004 03:00 AM 7,238 x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.cat
08/04/2004 03:00 AM 7,433 x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.cat
08/25/2006 11:43 AM 8,339 x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.cat
10/15/2006 02:01 AM 1,862 x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.Manifest
08/04/2004 03:00 AM 7,238 x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.cat
08/04/2004 03:00 AM 7,433 x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9.cat
08/04/2004 03:00 AM 7,236 x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.cat
08/04/2004 03:00 AM 7,431 x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82.cat
08/04/2004 03:00 AM 7,429 x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.cat
08/04/2004 03:00 AM 7,429 x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.cat
08/04/2004 03:00 AM 7,429 x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0.cat
08/04/2004 03:00 AM 7,236 x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.cat
08/04/2004 03:00 AM 7,431 x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.cat
18 File(s) 116,856 bytes
Directory of C:\WINDOWS\WinSxS\Policies
01/25/2005 09:26 AM <DIR> .
01/25/2005 09:26 AM <DIR> ..
11/01/2006 08:15 AM <DIR> x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac
11/01/2006 08:15 AM <DIR> x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510
11/01/2006 08:15 AM <DIR> x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd
11/01/2006 08:15 AM <DIR> x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f
11/01/2006 08:15 AM <DIR> x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775
11/01/2006 08:15 AM <DIR> x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3
0 File(s) 0 bytes
Directory of C:\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac
11/01/2006 08:15 AM <DIR> .
11/01/2006 08:15 AM <DIR> ..
08/04/2004 03:00 AM 7,431 1.0.2600.2180.cat
1 File(s) 7,431 bytes
Directory of C:\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510
11/01/2006 08:15 AM <DIR> .
11/01/2006 08:15 AM <DIR> ..
08/04/2004 03:00 AM 7,431 5.1.2600.2000.cat
1 File(s) 7,431 bytes
Directory of C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd
11/01/2006 08:15 AM <DIR> .
11/01/2006 08:15 AM <DIR> ..
08/04/2004 03:00 AM 7,429 5.2.2.3.cat
1 File(s) 7,429 bytes
Directory of C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f
11/01/2006 08:15 AM <DIR> .
11/01/2006 08:15 AM <DIR> ..
08/04/2004 03:00 AM 7,429 5.2.2.3.cat
1 File(s) 7,429 bytes
Directory of C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775
11/01/2006 08:15 AM <DIR> .
11/01/2006 08:15 AM <DIR> ..
08/04/2004 03:00 AM 7,429 6.0.2600.2180.cat
08/25/2006 11:43 AM 8,335 6.0.2600.2982.cat
10/15/2006 02:01 AM 621 6.0.2600.2982.Policy
3 File(s) 16,385 bytes
Directory of C:\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3
11/01/2006 08:15 AM <DIR> .
11/01/2006 08:15 AM <DIR> ..
08/04/2004 03:00 AM 7,433 7.0.2600.2180.cat
1 File(s) 7,433 bytes
Directory of C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a
01/25/2005 09:46 AM <DIR> .
01/25/2005 09:46 AM <DIR> ..
01/25/2005 09:46 AM 82,432 msxml4r.dll
1 File(s) 82,432 bytes
Directory of C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d
01/25/2005 09:46 AM <DIR> .
01/25/2005 09:46 AM <DIR> ..
01/25/2005 09:46 AM 1,233,920 msxml4.dll
1 File(s) 1,233,920 bytes
Directory of C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7
01/25/2005 09:26 AM <DIR> .
01/25/2005 09:26 AM <DIR> ..
08/04/2004 03:00 AM 74,802 atl.dll
08/04/2004 03:00 AM 995,383 mfc42.dll
08/04/2004 03:00 AM 995,384 mfc42u.dll
08/04/2004 03:00 AM 401,462 msvcp60.dll
4 File(s) 2,467,031 bytes
Directory of C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a
01/25/2005 09:26 AM <DIR> .
01/25/2005 09:26 AM <DIR> ..
08/04/2004 03:00 AM 921,088 comctl32.dll
1 File(s) 921,088 bytes
Directory of C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
01/25/2005 09:26 AM <DIR> .
01/25/2005 09:26 AM <DIR> ..
08/04/2004 03:00 AM 1,050,624 comctl32.dll
1 File(s) 1,050,624 bytes
Directory of C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
10/15/2006 02:01 AM <DIR> .
10/15/2006 02:01 AM <DIR> ..
08/25/2006 10:45 AM 1,054,208 comctl32.dll
1 File(s) 1,054,208 bytes
Directory of C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a
01/25/2005 09:26 AM <DIR> .
01/25/2005 09:26 AM <DIR> ..
08/04/2004 03:00 AM 50,688 msvcirt.dll
08/04/2004 03:00 AM 322,560 msvcrt.dll
2 File(s) 373,248 bytes
Directory of C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9
01/25/2005 09:26 AM <DIR> .
01/25/2005 09:26 AM <DIR> ..
08/04/2004 03:00 AM 54,784 msvcirt.dll
08/04/2004 03:00 AM 343,040 msvcrt.dll
2 File(s) 397,824 bytes
Directory of C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13
01/25/2005 09:26 AM <DIR> .
01/25/2005 09:26 AM <DIR> ..
08/04/2004 03:00 AM 1,700,352 GdiPlus.dll
1 File(s) 1,700,352 bytes
Directory of C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82
01/25/2005 09:26 AM <DIR> .
01/25/2005 09:26 AM <DIR> ..
08/04/2004 03:00 AM 1,712,128 GdiPlus.dll
1 File(s) 1,712,128 bytes
Directory of C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7
01/25/2005 09:26 AM <DIR> .
01/25/2005 09:26 AM <DIR> ..
08/04/2004 03:00 AM 853,504 dxmrtp.dll
1 File(s) 853,504 bytes
Directory of C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95
01/25/2005 09:26 AM <DIR> .
01/25/2005 09:26 AM <DIR> ..
08/04/2004 03:00 AM 991,232 rtcdll.dll
1 File(s) 991,232 bytes
Directory of C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc
0
01/25/2005 09:26 AM <DIR> .
01/25/2005 09:26 AM <DIR> ..
08/04/2004 03:00 AM 132,096 rtcres.dll
1 File(s) 132,096 bytes
Total Files Listed:
44 File(s) 13,140,081 bytes
68 Dir(s) 66,023,010,304 bytes free
-
I'm still quite unsure what's happening on your end
BUT, I noticed that you have Office 2000 and office 2003 installed
updated gdiplus.dll is included in Office updates
Can you make your way to this link
http://office.microsoft.com/en-us/downloads/default.aspx (http://\"http://office.microsoft.com/en-us/downloads/default.aspx\")
On the left hand of that page
Click OFFICE UPDATE under Updates
Allow to install Active X if prompted
Let it scan your computer
If there are updates
AGREE AND INSTALL all updates
Reboot the computer if prompted
This can take awhile, depending on your last visit
Keep revisiting Office Updates till you have all "Required Updates"
After which time, reboot your computer
Any help?