TheTechGuide Forum
General Category => Tech Clinic => Topic started by: jayyap on October 22, 2007, 04:01:47 AM
-
can u help me to check whether my computer is ok?
here is HJT log files
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:01:34 PM, on 10/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\lxcrcoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1033 (http://\"https://login.live.com/ppsecure/sha1auth.srf?lc=1033\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: ʹÓÃWEBѸÀ×ÃÂÔØ - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O8 - Extra context menu item: ʹÓÃWEBѸÀ×ÃÂÔØÈ«²¿Ã´½Ó - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Æô¶¯WEBѸÀ× - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (http://\"http://my.xunlei.com\") (file missing)
O9 - Extra 'Tools' menuitem: Æô¶¯WEBѸÀ× - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (http://\"http://my.xunlei.com\") (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.Email (http://\"http://gfx1.Email\") Removed.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188542148000 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188542148000\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188542134593 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188542134593\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA29310F-4E81-4B19-BA78-4C44560F1A33}: NameServer = 202.188.0.133 202.188.1.5
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: lxcr_device - - C:\WINDOWS\System32\lxcrcoms.exe
--
End of file - 8173 bytes
-
Nothing jumping out at me
But can I take a look at the next 2 logs
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] (http://\"http://deckard.geekstogo.com/dss.exe\") to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.
Post the contents of main.txt and extra.txt
-
Deckard's System Scanner v20071014.68
Run by jayyap on 2007-10-24 18:12:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
32: 2007-10-24 10:12:54 UTC - RP59 - Deckard's System Scanner Restore Point
31: 2007-10-18 01:40:48 UTC - RP58 - Installed Java(tm) 6 Update 3
30: 2007-10-17 06:12:36 UTC - RP57 - Installed QUICKfind
29: 2007-09-29 10:53:14 UTC - RP56 - System Checkpoint
28: 2007-09-25 12:40:46 UTC - RP55 - System Checkpoint
-- First Restore Point --
1: 2007-08-31 06:19:33 UTC - RP28 - restore point
Backed up registry hives.
Performed disk cleanup.
[color=\"red\"]Total Physical Memory: 511 MiB (512 MiB recommended).[/color]
[color=\"red\"]System Drive C: has 3.35 GiB (less than 15%) free.[/color]
-- HijackThis (run as jayyap.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:51 PM, on 10/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\lxcrcoms.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\jayyap\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\jayyap.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1033 (http://\"https://login.live.com/ppsecure/sha1auth.srf?lc=1033\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.Email (http://\"http://gfx1.Email\") Removed.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188542148000 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188542148000\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188542134593 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188542134593\")
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: lxcr_device - - C:\WINDOWS\System32\lxcrcoms.exe
--
End of file - 7471 bytes
-- File Associations -----------------------------------------------------------
[color=\"red\"].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser %1,%*[/color]
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
S3 catchme - c:\docume~1\jayyap\locals~1\temp\catchme.sys (file missing)
S3 FoxAwdWINFLASH - c:\program files\superutility\foxawdwinflash.sys
S3 FXDRV - c:\program files\superutility\fxdrv.sys <Not Verified; Foxconn; FoxUtility Suite>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2007-09-24 and 2007-10-24 -----------------------------
2066-08-16 23:06:34 0 d-------- C:\Program Files\Common Files\ODBC
2066-08-16 23:06:31 0 d-------- C:\Program Files\Common Files\SpeechEngines
2066-08-16 23:06:30 0 d-------- C:\Program Files
2066-08-16 23:06:30 0 d-------- C:\Program Files\Common Files
2066-08-16 23:06:06 0 d--h----- C:\Documents and Settings\Default User\Templates
2066-08-16 23:06:06 0 dr------- C:\Documents and Settings\Default User\Start Menu
2066-08-16 23:06:06 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2066-08-16 23:06:06 0 d--h----- C:\Documents and Settings\Default User\Recent
2066-08-16 23:06:06 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2066-08-16 23:06:06 0 d--h----- C:\Documents and Settings\Default User\NetHood
2066-08-16 23:06:06 0 d-------- C:\Documents and Settings\Default User\My Documents
2066-08-16 23:06:06 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2066-08-16 23:06:06 0 d-------- C:\Documents and Settings\Default User\Favorites
2066-08-16 23:06:06 0 d-------- C:\Documents and Settings\Default User\Desktop
2066-08-16 23:06:06 0 d---s---- C:\Documents and Settings\Default User\Cookies
2066-08-16 23:06:06 0 d--h----- C:\Documents and Settings\All Users\Templates
2066-08-16 23:06:06 0 d-------- C:\Documents and Settings\All Users\Start Menu
2066-08-16 23:06:06 0 d-------- C:\Documents and Settings\All Users\Favorites
2066-08-16 23:06:06 0 dr------- C:\Documents and Settings\All Users\Documents
2066-08-16 23:06:06 0 d-------- C:\Documents and Settings\All Users\Desktop
2066-08-16 23:05:56 0 d-------- C:\WINDOWS\System32\CatRoot2
2066-08-16 23:05:56 0 d-------- C:\WINDOWS\System32\CatRoot
2066-08-16 23:05:51 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2066-08-16 23:05:51 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2066-08-16 23:05:50 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2066-08-16 23:05:50 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2066-08-16 23:05:29 0 d-------- C:\Documents and Settings
2066-08-16 23:00:35 0 d-------- C:\WINDOWS
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\WinSxS
2066-08-16 23:00:35 0 dr------- C:\WINDOWS\Web
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\twain_32
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\system32
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\wins
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\wbem
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\usmt
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\spool
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\ShellExt
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\Setup
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\ras
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\oobe
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\npp
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\mui
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\inetsrv
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\IME
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\icsxml
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\ias
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\export
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\drivers
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\drivers\etc
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\drivers\disdn
2066-08-16 23:00:35 0 dr-hs--c- C:\WINDOWS\System32\dllcache
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\dhcp
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\config
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\3com_dmi
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\3076
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\2052
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\1054
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\1042
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\1041
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\1037
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\1033
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\1031
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\1028
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\System32\1025
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\system
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\security
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\Resources
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\repair
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\mui
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\msapps
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\msagent
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\Media
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\java
2066-08-16 23:00:35 0 d--h----- C:\WINDOWS\inf
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\ime
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\Help
2066-08-16 23:00:35 0 dr--s---- C:\WINDOWS\Fonts
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\Driver Cache
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\Debug
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\Cursors
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\Connection Wizard
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\Config
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\AppPatch
2066-08-16 23:00:35 0 d-------- C:\WINDOWS\addins
2007-10-22 18:39:03 0 dr-h----- C:\Documents and Settings\jayyap\Recent
2007-10-21 19:09:30 0 d-------- C:\BackUpMSNCleaner
2007-10-17 14:12:38 160768 --a------ C:\WINDOWS\System32\ILLKRN.DLL <Not Verified; TEXTware A/S; Illuminator 2.0>
2007-10-17 14:12:38 0 d-------- C:\Program Files\TEXTware
2007-10-17 14:12:38 0 d-------- C:\Program Files\IDM
2007-10-17 14:12:37 205312 --a------ C:\WINDOWS\System32\Illprs.dll <Not Verified; TEXTware A/S; Illuminator 2.0>
2007-10-17 14:12:12 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2007-10-17 14:11:36 0 d-------- C:\WINDOWS\System32\QuickTime
2007-10-17 14:11:36 0 d-------- C:\Program Files\QuickTime
2007-10-17 14:11:25 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2007-10-17 14:09:35 0 d-------- C:\Program Files\Oxford
2007-10-10 21:28:19 0 d-------- C:\Doraemon
2007-10-10 21:27:43 327168 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-10-08 13:26:39 0 d-------- C:\Program Files\KONAMI
2007-10-06 13:12:09 0 --a------ C:\WINDOWS\System32\cid_store.dat
2007-10-06 13:12:09 0 d-------- C:\Documents and Settings\All Users\Application Data\thunder_vod_cache
2007-10-06 13:11:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Thunder Network
2007-10-06 13:11:07 0 d-------- C:\Program Files\Thunder Network
2007-10-06 13:02:14 2560 --a------ C:\WINDOWS\System32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2007-10-06 13:02:13 0 d-------- C:\Downloads
2007-10-06 13:02:05 0 d-------- C:\Program Files\BitComet
2007-10-04 21:28:09 0 d-------- C:\Program Files\CCleaner
2007-10-01 22:13:16 0 d--h----- C:\WINDOWS\PIF
2007-09-27 18:02:24 0 d-------- C:\Program Files\Aimersoft
2007-09-27 18:01:36 0 d-------- C:\Profiles
2007-09-24 23:27:26 69 --a------ C:\WINDOWS\System32\3gpvideoconverterb.dat
2007-09-24 23:27:26 69 --a------ C:\WINDOWS\System32\3gpvideoconvertera.dat
2007-09-24 22:40:47 394240 --a------ C:\WINDOWS\System32\Smab.dll
2007-09-24 22:40:46 70656 --a------ C:\WINDOWS\System32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
2007-09-24 22:40:46 27648 --a------ C:\WINDOWS\System32\AVSredirect.dll
2007-09-24 22:40:46 66560 --a------ C:\WINDOWS\MOTA113.exe
2007-09-24 22:40:45 217073 --a------ C:\WINDOWS\meta4.exe
2007-09-24 22:40:37 31232 -r-hs---- C:\WINDOWS\System32\msfDX.dll <Not Verified; Hans Mayerl; msfDX.dll>
2007-09-24 22:40:37 163328 -r-hs---- C:\WINDOWS\System32\flvDX.dll <Not Verified; Gabest; FLV Splitter>
2007-09-24 22:40:27 0 d-------- C:\Program Files\eRightSoft
2007-09-24 21:38:24 0 d-------- C:\temp
2007-09-24 21:38:24 0 d-------- C:\MediaOut
2007-09-24 21:38:11 0 d-------- C:\Program Files\PMPro Mobile Phone Video Converter
2007-09-24 19:45:48 0 d-------- C:\Program Files\Boilsoft MP4 Converter
2007-09-24 15:27:12 0 d-------- C:\Program Files\AviSynth 2.5
-- Find3M Report ---------------------------------------------------------------
2066-08-16 23:06:06 62 --ahs---- C:\Documents and Settings\jayyap\Application Data\desktop.ini
2007-10-20 11:31:09 0 d-------- C:\Program Files\lx_cats
2007-10-18 09:45:10 0 d-------- C:\Program Files\Java
2007-10-17 14:12:36 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-16 23:47:36 0 d-------- C:\Program Files\SpywareBlaster
2007-09-22 00:26:55 203264 --a------ C:\WINDOWS\System32\FFTD Screensaver.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2007-09-22 00:17:52 0 d-------- C:\Program Files\Xtreme Desktop
2007-09-21 22:59:00 0 d-------- C:\Program Files\MSN Messenger
2007-09-12 22:10:13 48640 --a------ C:\WINDOWS\grwprocs.dll
2007-09-12 22:10:13 405504 --a------ C:\WINDOWS\18be.scr
2007-09-12 22:10:13 397968 --a------ C:\WINDOWS\18be.dat <Not Verified; Macromedia, Inc.; Flash 5.0>
2007-09-11 18:37:24 1290 --a------ C:\WINDOWS\mozver.dat
2007-09-11 18:37:23 0 d-------- C:\Program Files\DivX
2007-09-09 19:00:40 0 d-------- C:\Program Files\NewLive All Audio To Mp3 Converter
2007-09-02 12:11:27 0 d-------- C:\Program Files\Disc2Phone
2007-09-02 10:49:40 0 d-------- C:\Documents and Settings\jayyap\Application Data\Teleca
2007-09-02 10:47:48 0 d-------- C:\Program Files\Common Files\Teleca Shared
2007-09-02 10:47:31 0 d-------- C:\Program Files\Sony Ericsson
2007-09-02 10:45:38 0 d-------- C:\Program Files\Common Files\InstallShield
2007-08-31 16:28:51 0 d-------- C:\Program Files\Electronic Arts
2007-08-29 14:41:53 0 d-------- C:\Documents and Settings\jayyap\Application Data\DivX
2007-08-24 13:28:05 0 d-------- C:\Documents and Settings\jayyap\Application Data\Google
2007-08-24 13:26:56 0 d-------- C:\Program Files\Google
2007-08-18 13:07:18 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-16 17:40:01 50688 --a------ C:\WINDOWS\System32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2007-08-16 15:20:30 0 -rahs---- C:\MSDOS.SYS
2007-08-16 15:20:30 0 -rahs---- C:\IO.SYS
2007-08-16 15:20:30 0 --a------ C:\CONFIG.SYS
2007-08-16 15:20:30 0 --a------ C:\AUTOEXEC.BAT
2007-08-16 15:17:26 21640 --a------ C:\WINDOWS\System32\emptyregdb.dat
2007-07-31 11:41:30 249344 --a------ C:\WINDOWS\Mitsubishi Lancer 2.scr
2007-07-31 11:41:30 1010460 --a------ C:\WINDOWS\creamplayer.exe <Not Verified; Macromedia, Inc.; Director MX 2004>
2007-07-31 11:41:28 1383373 --a------ C:\WINDOWS\Mitsubishi Lancer 2.bin
2007-07-31 11:40:26 249344 --a------ C:\WINDOWS\Mitsubishi Lancer.scr
2007-07-31 11:40:26 323021 --a------ C:\WINDOWS\Mitsubishi Lancer.bin
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/28/2002 09:38 PM]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [08/28/2002 09:39 PM]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [08/28/2002 09:39 PM]
"SoundMan"="SOUNDMAN.EXE" [11/11/2005 02:07 PM C:\WINDOWS\soundman.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/05/2005 09:05 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [05/15/2007 06:22 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/16/2007 06:29 PM]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [01/23/2006 01:45 AM]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [02/07/2006 01:10 PM]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [02/02/2006 04:11 PM]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [12/02/2005 02:38 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 06:06 PM]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [10/26/2005 04:17 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [08/29/2002 03:41 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
-- End of Deckard's System Scanner: finished at 2007-10-24 18:16:06 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® D CPU 2.66GHz
CPU 1: Intel® Pentium® D CPU 2.66GHz
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 510.42 MiB / 248.29 MiB
Pagefile Memory (total/avail): 1249.54 MiB / 975.21 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.19 MiB
A: is Removable (Unformatted)
C: is Fixed (NTFS) - 39.06 GiB total, 3.35 GiB free.
D: is Fixed (NTFS) - 72.72 GiB total, 66.25 GiB free.
E: is CDROM (No Media)
\\.\PHYSICALDRIVE1 - SAMSUNG HD080HJ - 74.53 GiB - 0 partitions
\\.\PHYSICALDRIVE0 - WDC WD1200JS-00MHB0 - 111.79 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 39.06 GiB - C:
\PARTITION1 - Installable File System - 72.72 GiB - D:
-- Security Center -------------------------------------------------------------
AUOptions is disabled.
Windows Internal Firewall is enabled.
Unable to create WMI object.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\jayyap\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YAP-QNI9GRX7HO5
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\jayyap
LOGONSERVER=\\YAP-QNI9GRX7HO5
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Teleca Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0407
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\jayyap\LOCALS~1\Temp
TMP=C:\DOCUME~1\jayyap\LOCALS~1\Temp
USERDOMAIN=YAP-QNI9GRX7HO5
USERNAME=jayyap
USERPROFILE=C:\Documents and Settings\jayyap
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
lihhorng (admin)
jayyap (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
???? 4.6.8 --> "C:\Program Files\TTPlayer\uninst.exe"
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
BitComet 0.93 --> C:\Program Files\BitComet\uninst.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Disc2Phone --> MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170}
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Doraemon --> C:\WINDOWS\IsUninst.exe -fC:\Doraemon\Uninst.isu
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
FFTD Screensaver --> C:\WINDOWS\System32\FFTD Screensaver.scr /u
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java(tm) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(tm) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Codec Pack 3.3.0 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lexmark 2400 Series --> C:\Program Files\Lexmark 2400 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Mitsubishi Lancer 1.0 --> C:\Program Files\Mitsubishi Lancer\uninst.exe
Mitsubishi Lancer 2 2.0 --> C:\Program Files\Mitsubishi Lancer 2\uninst.exe
Mozilla Firefox (2.0.0.8) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Need for Speedâ„¢ Carbon --> C:\Program Files\Electronic Arts\Need for Speed Carbon\EAUninstall.exe
Oxford Advanced Learner's Dictionary - 7th edition --> "C:\Program Files\Oxford\OALD7\uninstall.exe"
QUICKfind --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{593AFFA4-D08E-4272-BABB-420949D32A10}\Setup.exe" -l0x9
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\110\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x9 REMOVE
Sony Ericsson PC Suite 1.20.173 --> MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794}
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SUPER © Version 2007.bld.23 (July 4, 2007) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SuperUtility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10E33F6D-16E6-400E-BA1E-DF9F1BCD1B30}\setup.exe" -l0x9
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Winning Eleven 9 --> "C:\Program Files\KONAMI\Winning Eleven 9\unins000.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xtreme Desktop --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E742E0-DF42-4685-A210-B26445939248}\setup.exe" -l0x9 -removeonly
-- Application Event Log -------------------------------------------------------
Event Record #/Type1357 / Success
Event Submitted/Written: 10/23/2007 10:46:30 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type1350 / Success
Event Submitted/Written: 10/23/2007 08:18:46 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type1335 / Success
Event Submitted/Written: 10/23/2007 06:08:32 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type1329 / Success
Event Submitted/Written: 10/22/2007 04:43:16 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type1328 / Error
Event Submitted/Written: 10/22/2007 04:40:39 PM
Event ID/Source: 1015 / Perflib
Event Description:
The timeout waiting for the performance data collection function "PerfOS"
in the "C:\WINDOWS\System32\perfos.dll" Library to finish has expired. There may be a problem with
this extensible counter or the service it is collecting data from or the
system may have been very busy when this call was attempted.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
No Errors/Warnings found.
-- End of Deckard's System Scanner: finished at 2007-10-24 18:16:06 ------------
-
Sorry for the delay, I had to leave town for a week
Can you post a fresh hijackthis log
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:20 PM, on 11/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\lxcrcoms.exe
C:\Program Files\TTPlayer\TTPlayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1033 (http://\"https://login.live.com/ppsecure/sha1auth.srf?lc=1033\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.Email (http://\"http://gfx1.Email\") Removed.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188542148000 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188542148000\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188542134593 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188542134593\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA29310F-4E81-4B19-BA78-4C44560F1A33}: NameServer = 202.188.0.133 202.188.1.5
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: lxcr_device - - C:\WINDOWS\System32\lxcrcoms.exe
--
End of file - 7720 bytes
-
What part of the computer is slow?
The whole computer in general, or the internet?
Edit>>I just noticed some of the dates of your folders don't make sense
Can you do the following, temporarily disable Avast protection
Right click the Avast icon by the clock and stop on-access protection
Next:
Using browser Internet Explorer
Run an online virus scan at [color=\"#2E8B57\"]Kaspersky's[/color] (http://\"http://www.kaspersky.com/virusscanner\")
At the link click the button Kaspersky Online Scanner
Accept the prompt at the Welcome screen
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now under select a target to scan:
Select My Computer
- This program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
***Now click on the Save as Text button:
- Save the file to your desktop. I will need to see it later
Post back that report please
-
KASPERSKY ONLINE SCANNER REPORT Sunday, November 04, 2007 1:08:42 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/11/2007
Kaspersky Anti-Virus database records: 450877
Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true
Scan Target My Computer A:\
C:\
D:\
E:\
Scan Statistics Total number of scanned objects 89219 Number of viruses found 2 Number of infected objects 3 Number of suspicious objects 0 Duration of the scan process 00:47:58
Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\jayyap\Application Data\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped
C:\Documents and Settings\jayyap\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\jayyap\Local Settings\Application Data\Microsoft\Messenger\jay_yap89Email Removed\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\jayyap\Local Settings\Application Data\Microsoft\Messenger\jay_yap89Email Removed\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\jayyap\Local Settings\Application Data\Microsoft\Messenger\jay_yap89Email Removed\SharingMetadata\Working\database_CAC4_81B8_C481_A773\dfsr.db Object is locked skipped
C:\Documents and Settings\jayyap\Local Settings\Application Data\Microsoft\Messenger\jay_yap89Email Removed\SharingMetadata\Working\database_CAC4_81B8_C481_A773\fsr.log Object is locked skipped
C:\Documents and Settings\jayyap\Local Settings\Application Data\Microsoft\Messenger\jay_yap89Email Removed\SharingMetadata\Working\database_CAC4_81B8_C481_A773\fsrtmp.log Object is locked skipped
C:\Documents and Settings\jayyap\Local Settings\Application Data\Microsoft\Messenger\jay_yap89Email Removed\SharingMetadata\Working\database_CAC4_81B8_C481_A773\tmp.edb Object is locked skipped
C:\Documents and Settings\jayyap\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\jayyap\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\jayyap\Local Settings\Application Data\Microsoft\Windows Live Contacts\jay_yap89Email Removed\real\members.stg Object is locked skipped
C:\Documents and Settings\jayyap\Local Settings\Application Data\Microsoft\Windows Live Contacts\jay_yap89Email Removed\shadow\members.stg Object is locked skipped
C:\Documents and Settings\jayyap\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jayyap\Local Settings\History\History.IE5\MSHist012007110320071104\index.dat Object is locked skipped
C:\Documents and Settings\jayyap\Local Settings\History\History.IE5\MSHist012007110420071105\index.dat Object is locked skipped
C:\Documents and Settings\jayyap\Local Settings\Temp\~DF65B8.tmp Object is locked skipped
C:\Documents and Settings\jayyap\Local Settings\Temp\~DF9309.tmp Object is locked skipped
C:\Documents and Settings\jayyap\Local Settings\Temp\~DF9315.tmp Object is locked skipped
C:\Documents and Settings\jayyap\Local Settings\Temp\~DF9385.tmp Object is locked skipped
C:\Documents and Settings\jayyap\Local Settings\Temp\~DF9393.tmp Object is locked skipped
C:\Documents and Settings\jayyap\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jayyap\ntuser.dat Object is locked skipped
C:\Documents and Settings\jayyap\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Downloads\Linkin_Park-Minutes_To_Midnight-(Retail)-2007-SMO\10-linkin_park-in_between-.mp3.bc! Object is locked skipped
C:\Downloads\Linkin_Park-Minutes_To_Midnight-(Retail)-2007-SMO\12-linkin_park-the_little_things_give_you_away-.mp3.bc! Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\DAP\History\lihhorng\_lasthist.dat Object is locked skipped
C:\Program Files\DAP\Log\DAP_REPORT.LOG Object is locked skipped
C:\Program Files\DAP\Temp\TAG64.tmp Object is locked skipped
C:\System Volume Information\_restore{93AD4BBA-8A42-4EFB-AFA7-14D673037383}\RP29\A0002405.exe Infected: Trojan-Downloader.Win32.Zlob.cft skipped
C:\System Volume Information\_restore{93AD4BBA-8A42-4EFB-AFA7-14D673037383}\RP47\A0005083.exe Infected: Backdoor.Win32.SdBot.xd skipped
C:\System Volume Information\_restore{93AD4BBA-8A42-4EFB-AFA7-14D673037383}\RP47\A0005122.exe Infected: Backdoor.Win32.SdBot.xd skipped
C:\System Volume Information\_restore{93AD4BBA-8A42-4EFB-AFA7-14D673037383}\RP59\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_5a4.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
-
Ad-Aware 7 has been known to slow some computers
Can you try uninstalling it, reboot the computer and see if things improve
I would also like to run this tool on your computer again
If you have an older version of SDFix, delete it
Download [color=\"red\"]SDFix[/color] (http://\"http://downloads.andymanchesta.com/RemovalTools/SDFix.exe\") and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Don't do nothing with it yet
then reboot your computer in Safe Mode by doing the following :- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, the Advanced Options Menu should appear;
- Select the first option, to run Windows in Safe Mode, then press Enter.
- Choose your usual account.
You have CCleaner installed, use it and run the cleaner and clean temp files, cookies etc....
Stay in safe mode
SDFix- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
Post that report, keep me informed how things are running
I asked this before and you didn't answer me
What part of the computer is slow?
The whole computer in general, or the internet?
Give me some details
-
SDFix: Version 1.113
Run by jayyap on Sun 11/04/2007 at 12:14 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1253 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2007-11-04 12:18:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
Files with Hidden Attributes:
Tue 15 Apr 2003 49,152 A..H. --- "C:\Program Files\SuperUtility\BMPVsAWD.dll"
Tue 7 Dec 2004 24,576 A..H. --- "C:\Program Files\SuperUtility\Decode.dll"
Tue 15 Apr 2003 65,536 A..H. --- "C:\Program Files\SuperUtility\Encode.dll"
Sat 12 Nov 2005 73,812 A..H. --- "C:\Program Files\SuperUtility\FoxAwdWFlashDLL.dll"
Sat 29 Oct 2005 4,380 A..H. --- "C:\Program Files\SuperUtility\FoxAwdWINFLASH.sys"
Sat 29 Oct 2005 5,120 A..H. --- "C:\Program Files\SuperUtility\FoxAwdWINFLASH64.sys"
Tue 6 Dec 2005 135,168 A..HR --- "C:\Program Files\SuperUtility\Fxdrv.dll"
Thu 1 Jul 2004 13,440 A..H. --- "C:\Program Files\SuperUtility\Fxdrv.sys"
Fri 7 Oct 2005 36,864 A..H. --- "C:\Program Files\SuperUtility\fxexpand.EXE"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Wed 22 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Mon 24 Sep 2007 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Mon 10 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Mon 10 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Mon 10 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Mon 10 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Sun 4 Nov 2007 444 ...HR --- "C:\Documents and Settings\jayyap\Application Data\SecuROM\UserData\securom_v7_01.bak"
Finished!
sorry for that.erm...as u can see from the 1st report.my c drive is too pack already.so, i try to move some of the files to drive d.now my computer is back to the normal speed.
-
I suggest that you take a look at this page
Help! My computer is slow!
(http://\"http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html\")
Written by miekiemoes
A good guide when computer is slow and not related to malware
Run down all the steps: