Author Topic: Slow internet (Read 1351 times)

bthrupp · « **on:** May 12, 2007, 01:01:47 PM »

Hi back again, its been a while.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' /> My internet seems to be running slower than normal especially when trying to watch videos on youtube and the like. Can you help please?

Logfile of HijackThis v1.99.1
Scan saved at 18:57:03, on 12/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\3D-Relax\3D Living Dinosaurs Trial\trioService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HijackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/clientapps/AutoSear...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/clientapps/AutoSear...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/clientapps/AutoSear...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OlStatusMon] "C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=021107 serial=DR12WCX-1309219-UZL lang=EN
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [trioService] "C:\Program Files\3D-Relax\3D Living Dinosaurs Trial\\trioService.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: olMntrService - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

guestolo · « **Reply #1 on:** May 12, 2007, 07:25:16 PM »

Just on my way out the door, in the meantime, can you do the following for me please
Download [color=\"#FF0000\"]Deckard's System Scanner[/color] to your Desktop from either of these locations:

* http://deckard.geekstogo.com/dss.exe
* http://www.techsupportforum.com/sectools/Deckard/dss.exe

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, a text file will open - Main.txt
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your reply back here
5. A folder, C:\Deckard, will also open. In it will be another text file, Extra.txt.
6. Post the contents of Extra.txt also

Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

bthrupp · « **Reply #2 on:** May 13, 2007, 08:39:39 AM »

Hi here are the results of the scan, cheers.

Deckard's System Scanner v20070426.43
Run by Admin on 2007-05-13 at 14:32:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
77: 2007-05-13 13:32:36 UTC - RP574 - Deckard's System Scanner Restore Point
76: 2007-05-12 23:45:17 UTC - RP573 - back up
75: 2007-05-11 00:54:32 UTC - RP572 - Software Distribution Service 2.0
74: 2007-05-09 17:22:56 UTC - RP571 - Installed Google Earth.
73: 2007-05-09 14:32:12 UTC - RP570 - Norton Internet Security post configuration restore point

-- First Restore Point --
1: 2007-03-20 09:32:54 UTC - RP498 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 14:34:57, on 13/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\EQ2RO08P\dss[1].exe
C:\PROGRA~1\HIJACK~1\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/clientapps/AutoSear...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/clientapps/AutoSear...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/clientapps/AutoSear...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: olMntrService - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not Verified; Matsu[censored]a Electric Industrial Co.,Ltd.; >
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R3 AR5211 (Atheros Wireless Network Adapter Service) - c:\windows\system32\drivers\ar5211.sys <Not Verified; Atheros Communications, Inc.; Atheros AR5001 Wireless Network Adapter>
R3 BoiHwsetup (Access 32bits INT15 routine) - c:\windows\system32\drivers\boihwsetup.sys <Not Verified; Quanta Computer Corp; Toshiba HwSetup Driver>
R3 CAMCAUD (Conexant AMC 3D Environmental Audio) - c:\windows\system32\drivers\camc6aud.sys <Not Verified; Conexant Systems Inc.; Conexant Audio Driver>
R3 CAMCHALA - c:\windows\system32\drivers\camc6hal.sys <Not Verified; Conexant Systems Inc.; Conexant AmcHal Driver>
R3 HSF_DPV - c:\windows\system32\drivers\hsf_dpv.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSFHWATI - c:\windows\system32\drivers\hsfhwati.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 qkbfiltr (Quanta HotKey Keyboard Filter Driver) - c:\windows\system32\drivers\qkbfiltr.sys <Not Verified; Quanta Computer, Inc.; Quanta HotKey Keyboard Filter Driver>
R3 qmofiltr (Quanta HotKey Mouse Filter Driver) - c:\windows\system32\drivers\qmofiltr.sys <Not Verified; Quanta Computer, Inc.; Quanta Mouse Filter Device Driver>
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

S3 LHidUsbK (Logitech SetPoint USB Receiver device driver) - c:\windows\system32\drivers\lhidusbk.sys <Not Verified; Logitech, Inc.; Logitech SetPoint(tm)>
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe
R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(tm)>
R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not Verified; Matsu[censored]a Electric Industrial Co., Ltd.; >
R2 olMntrService - "c:\program files\olivetti\any_way\olmntrservice.exe" <Not Verified; Olivetti; Olivetti ANY_WAY>
R2 TabletService - c:\windows\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service>

S3 License Management Service ESD - "c:\program files\common files\element5 shared\service\licence manager esd.exe"
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

-- Scheduled Tasks -------------------------------------------------------------

2007-05-13 14:03:15 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-05-13 03:30:00 426 --a------ C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job
2007-05-09 15:31:54 564 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Admin.job
2007-03-10 22:08:43 284 --a----c- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2007-04-13 and 2007-05-13 -----------------------------

2007-05-13 00:23:40 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-05-13 00:15:30 0 d-------- C:\Documents and Settings\Admin\Application Data\Smart PC Solutions
2007-05-13 00:15:25 0 d-------- C:\Program Files\Smart PC Solutions
2007-05-12 18:23:05 0 d-------- C:\Program Files\PCPitstop
2007-05-12 18:19:17 0 d-------- C:\Documents and Settings\Admin\Application Data\RegistrySmart
2007-05-12 18:06:55 0 d-------- C:\Program Files\RegistryFix
2007-05-10 20:46:42 0 d-------- C:\Documents and Settings\Admin\Application Data\Opera
2007-05-09 15:22:14 0 d-------- C:\Program Files\Norton Internet Security
2007-05-09 14:47:43 1156 --a------ C:\WINDOWS\mozver.dat
2007-05-09 14:43:00 0 --a------ C:\WINDOWS\nsreg.dat
2007-05-09 14:42:57 0 d-------- C:\Documents and Settings\Admin\Application Data\Mozilla
2007-05-08 22:46:19 0 d-------- C:\Program Files\GCH Guitar academy
2007-05-08 16:53:31 0 d-------- C:\WINDOWS\FLV Player
2007-05-07 20:58:02 0 d-------- C:\Documents and Settings\LocalService\Application Data\PC Suite
2007-05-06 21:01:08 0 d-------- C:\Program Files\Alien Skin
2007-05-06 11:49:33 13567 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
2007-05-06 11:48:48 106496 --a------ C:\WINDOWS\system32\FPXS2Pro.dll <Not Verified; FUJI PHOTO FILM CO., LTD.; FPXS2Pro.dll>
2007-05-06 11:47:30 274432 --a------ C:\WINDOWS\system32\FFTIFF16.dll <Not Verified; FUJI PHOTO FILM CO., LTD.; FUJIFILM TIFF Image Library>
2007-05-06 11:47:30 155648 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL <Not Verified; FUJI PHOTO FILM CO., LTD.; FUJIFILM CCD-RAW LIBRARY>
2007-05-06 11:46:53 81924 -----n--- C:\WINDOWS\system32\drivers\VC4CB104.SYS <Not Verified; FUJI PHOTO FILM CO.,LTD.; USB PC Camera>
2007-05-06 11:46:51 45056 -----n--- C:\WINDOWS\system32\FINFCOPY.dll <Not Verified; FUJIFILM; FUJIFILM FINFCOPY>
2007-05-06 11:46:51 65536 -----n--- C:\WINDOWS\system32\FINFCHECK.dll <Not Verified; FUJIFILM; FUJIFILM FINFCHECK>
2007-05-06 11:46:51 0 d-------- C:\Program Files\REGSHAVE
2007-05-06 11:46:50 69632 -----n--- C:\WINDOWS\system32\FREGSHEX.DLL <Not Verified; FUJIFILM; FUJIFILM Fregshave>
2007-05-06 11:46:50 45056 -----n--- C:\WINDOWS\system32\FCLKBTN.DLL <Not Verified; FUJIFILM; FUJIFILM FCLKBTN>
2007-05-05 21:50:17 0 d-------- C:\Program Files\FLV Hosting
2007-05-05 21:37:42 0 d-------- C:\Program Files\Common Files\SolidWorks Shared
2007-05-05 21:37:40 0 d-------- C:\Program Files\Bluebeam Software
2007-05-05 21:37:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Bluebeam Software
2007-05-05 21:35:15 0 d-------- C:\Program Files\SolidWorks
2007-05-05 21:35:15 0 d-------- C:\Program Files\Common Files\Solidworks Data
2007-05-05 21:34:44 0 d-------- C:\Program Files\QuickTime
2007-05-05 21:32:54 0 d-------- C:\Program Files\Common Files\Teleca Shared
2007-05-05 21:32:06 0 d-------- C:\Documents and Settings\Admin\Application Data\Nokia Multimedia Player
2007-05-05 21:30:37 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2007-05-05 21:30:37 0 d-------- C:\Program Files\Autodesk
2007-05-05 21:30:36 0 d-------- C:\Program Files\Xvid
2007-05-05 19:23:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2007-05-05 19:05:13 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-05-05 18:41:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-05-04 19:25:47 0 d-------- C:\Program Files\PIXELA
2007-05-04 19:23:59 0 d-------- C:\Documents and Settings\Admin\Application Data\FUJIFILM
2007-05-04 19:23:12 0 d-------- C:\Program Files\FinePixViewer
2007-05-01 22:29:34 0 d-------- C:\Documents and Settings\Admin\Application Data\Nokia Multimedia Player(2)
2007-05-01 22:25:43 332 --a------ C:\WINDOWS\desctemp.dat
2007-04-27 19:18:52 0 dr------- C:\Documents and Settings\LocalService\My Documents
2007-04-27 19:02:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth(2)
2007-04-27 18:02:32 0 dr------- C:\Documents and Settings\NetworkService\My Documents
2007-04-27 17:11:23 0 d-------- C:\Program Files\IVT Corporation
2007-04-25 22:40:06 0 d-------- C:\Program Files\QuickTime(2)
2007-04-25 17:37:33 0 d-------- C:\Program Files\Common Files\Solidworks Data(2)
2007-04-25 17:37:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Bluebeam Software(2)
2007-04-21 13:27:44 0 d-------- C:\Program Files\FLV Player

-- Find3M Report ---------------------------------------------------------------

2007-05-13 14:00:25 24743 --a----c- C:\WINDOWS\system32\tablet.dat
2007-05-13 00:04:19 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-05-13 00:04:15 0 d-------- C:\Program Files\DivX
2007-05-10 20:50:57 0 d-------- C:\Documents and Settings\Admin\Application Data\Adobe
2007-05-10 13:24:03 0 d-------- C:\Program Files\Morpheus
2007-05-09 20:53:36 0 d-------- C:\Documents and Settings\Admin\Application Data\SolidWorks
2007-05-09 19:31:45 0 d-------- C:\Program Files\eMule
2007-05-09 18:23:16 0 d-------- C:\Program Files\Google
2007-05-09 15:36:28 0 d-------- C:\Program Files\Symantec
2007-05-08 22:12:33 1942 --ahs--c- C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-07 21:04:36 0 d-------- C:\Program Files\Common Files\PCSuite
2007-05-07 21:04:12 0 d-------- C:\Documents and Settings\Admin\Application Data\PC Suite
2007-05-05 21:32:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-05 15:16:56 75 --a----c- C:\WINDOWS\Verbal
2007-05-05 15:16:56 76 --a----c- C:\WINDOWS\Spatial
2007-05-05 15:16:56 78 --a----c- C:\WINDOWS\Numerical
2007-05-05 15:16:56 75 --a----c- C:\WINDOWS\Memory
2007-05-05 15:16:56 74 --a----c- C:\WINDOWS\Logic
2007-05-05 15:16:43 89 --a----c- C:\WINDOWS\Times New Roman
2007-05-05 15:16:43 194 --a----c- C:\WINDOWS\False
2007-05-05 15:16:43 1454 --a----c- C:\WINDOWS
2007-05-02 06:48:27 17108 --a----c- C:\Documents and Settings\Admin\Application Data\wklnhst.dat
2007-04-27 18:44:42 0 d-------- C:\Documents and Settings\Admin\Application Data\Nokia
2007-04-25 17:39:12 0 d-------- C:\Program Files\Common Files\Bluebeam Software
2007-04-02 21:10:33 0 d-------- C:\Documents and Settings\Admin\Application Data\Sony Ericsson
2007-04-01 01:18:01 0 d-------- C:\Program Files\PKR
2007-03-28 18:49:11 0 d-------- C:\Program Files\MorpheusBar
2007-03-23 21:30:15 0 d-------- C:\Program Files\DIMIN
2007-03-23 20:47:03 0 d-------- C:\Program Files\iTunes
2007-03-23 20:46:53 0 d-------- C:\Program Files\iPod
2007-02-23 05:29:49 200704 --a----c- C:\WINDOWS\system32\ssldivx.dll <Not Verified; The OpenSSL Project, http://www.openssl.org/; The OpenSSL Toolkit>
2007-02-23 05:29:49 1044480 --a----c- C:\WINDOWS\system32\libdivx.dll <Not Verified; The OpenSSL Project, http://www.openssl.org/; The OpenSSL Toolkit>
2007-02-15 04:51:03 33 --a----c- C:\Documents and Settings\Admin\Application Data\pcouffin.log
2007-02-15 04:51:02 47360 --a----c- C:\Documents and Settings\Admin\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-02-15 04:51:02 1144 --a----c- C:\Documents and Settings\Admin\Application Data\pcouffin.inf
2007-02-15 04:51:02 7176 --a----c- C:\Documents and Settings\Admin\Application Data\pcouffin.cat
2007-02-15 04:51:02 81920 --a----c- C:\Documents and Settings\Admin\Application Data\ezpinst.exe

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75}   C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}   C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6}   C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Toshiba Hotkey Utility"="\"C:\\Program Files\\Toshiba\\Windows Utilities\\Hotkey.exe\" /lang en"
"SmoothView"="C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe"
"PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=dword:00000000
"SynchronousUserGroupPolicy"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{C4ECF849-0510-1033-1114-050511030161}"="\"C:\\Program Files\\Common Files\\{C4ECF849-0510-1033-1114-050511030161}\\Update.exe\" mc-110-12-0000272"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages   REG_MULTI_SZ    msv1_0
Security Packages   REG_MULTI_SZ    kerberosmsv1_0schannelwdigest
Notification Packages   REG_MULTI_SZ    scecli

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter   REG_MULTI_SZ    HTTPFilter
LocalService   REG_MULTI_SZ    AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService   REG_MULTI_SZ    DnsCache
DcomLaunch   REG_MULTI_SZ    DcomLaunchTermService
rpcss   REG_MULTI_SZ    RpcSs
imgsvc   REG_MULTI_SZ    StiSvc
termsvcs   REG_MULTI_SZ    TermService
WudfServiceGroup   REG_MULTI_SZ    WUDFSvc
bthsvcs   REG_MULTI_SZ    BthServ

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac20e766-4ee6-11db-814f-00c09fab2a4f}]
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST

-- End of Deckard's System Scanner: finished at 2007-05-13 at 14:35:58 ---------

guestolo · « **Reply #3 on:** May 13, 2007, 09:09:51 AM »

I can see some problems, but before we tackle them
Can you post the contents of the other log also>>Extra.txt

Located here
C:\Deckard\System Scanner\extra.txt

bthrupp · « **Reply #4 on:** May 13, 2007, 11:49:59 AM »

Here you go.

Deckard's System Scanner v20070426.43
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® M processor 1.30GHz
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 1150.17 MiB / 690.03 MiB
Pagefile Memory (total/avail): 2751.64 MiB / 2393.28 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1942.87 MiB

C: is Fixed (NTFS) - 55.88 GiB total, 10.46 GiB free.
D: is CDROM (CDFS)

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton Internet Security v2007 (Symantec Corporation)
AV: Norton Internet Security v2007 (Symantec Corporation)

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Admin\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=L20-217
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Admin
LOGONSERVER=\\L20-217
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\backburner 2\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Admin\LOCALS~1\Temp
TMP=C:\DOCUME~1\Admin\LOCALS~1\Temp
USERDOMAIN=L20-217
USERNAME=Admin
USERPROFILE=C:\Documents and Settings\Admin
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Admin (admin)
Administrator (admin)
Guest (new local, guest)

-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
517142 - ZBrush (Windows) (Shared Components) --> C:\Program Files\Common Files\element5 Shared\Uninstall\517142 ZBrush Windows\B1FFA000\UninstApplet.exe /uninstall
AC97 Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_FF311179\HXFSETUP.EXE -U -ItosEW6mk.INF
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Photoshop CS2 -->
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
advertismen --> rundll32.exe C:\WINDOWS\system32\pushow23.dll Uninstall
AiO_Scan -->
AiOSoftware -->
Alien Skin Snap Art Demo --> C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\SNAPAR~1\Unwise32.exe C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\SNAPAR~1\INSTALL.LOG
ANY_WAY simple -->
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Atheros Client Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}\setup.exe" -l0x9
Atheros Wireless LAN MiniPCI card Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}\setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
AutoUpdate -->
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Before You Know It --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96C74760-AFF3-4A73-AC87-44D454C61786}\setup.exe" -l0x9
Before You Know It --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEDE81B5-A288-4C4C-8808-78C23F31F5B1}\setup.exe" -l0x9
Before You Know It --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB23A760-FD01-431E-9F65-B5C121387B64}\setup.exe" -l0x9
Before You Know It --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D85383D8-6A49-4999-9FD5-64853EC9031C}\setup.exe" -l0x9
Before You Know It --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA5A3EBC-7B79-4378-B37C-D474FD3A5A4C}\setup.exe" -l0x9
Before You Know It --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC001C0E-56AD-46A0-A8BB-8DADFBEC020E}\setup.exe" -l0x9
Before You Know It 3.6 Lite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14B9F63D-33C4-4EEF-A4D0-B4C79C70E44A}\Setup.exe" -l0x9
Brain Trainer --> "C:\Program Files\Mindscape\Brain Trainer\Uninstall.exe" "C:\Program Files\Mindscape\Brain Trainer\install.log" -u
BufferChm -->
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
Command & Conquer Generals -->
Command & Conquer Generals --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Conexant AC-Link Audio --> C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -ItosEW6a.INF
Corel Painter IX --> MsiExec.exe /I{A0383B7D-81A2-49D3-BE06-C0FD9EFB9DFC}
CP_Package_Variety1 -->
CP_Package_Variety2 -->
CP_Package_Variety3 -->
Destinations -->
DeviceManagementQFolder -->
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DocProc -->
DVD-RAM Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime90\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver
eMule --> "C:\Program Files\eMule\Uninstall.exe"
eSupportQFolder -->
EXPStudio Audio Editor FREE 3.98 --> C:\WINDOWS\EXPStudio Audio Editor FREE 3.98 Uninstaller.exe
Fax -->
FinePixViewer Resource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE" -l0x9
FinePixViewer Ver.5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE" -l0x9
Fix My Registry v2.3 --> "C:\Program Files\Smart PC Solutions\Fix My Registry\unins000.exe"
FLV Player --> "C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
FLV Player Ver 1.00 --> "C:\Program Files\FLV Hosting\FLV Player\unins000.exe"
FretPro V.2.00 --> "C:\Program Files\FretPro\setup\uninst.exe"
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
GCH Guitar academy --> C:\Program Files\GCH Guitar academy\uninstall.exe
Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 1.99.1 --> C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX01.562\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HPProductAssistant -->
ImageMixer VCD2 LE for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B093990A-AAF2-44AC-9216-14BB7A2189B6}\SETUP.EXE" -l0x9
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD for TOSHIBA --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iPod for Windows 2006-06-28 -->
iPod for Windows 2006-06-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
LimeWire 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\100\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x9 UNINSTALL -removeonly
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Magic ISO Maker v4.6 (build 0122) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office OneNote 2003 --> MsiExec.exe /I{91A10409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Microsoft Windows Media Video 9 VCM --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.3) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
NewCopy -->
Nokia Connectivity Cable Driver --> MsiExec.exe /X{0FF1922C-B6C4-40BB-AF30-BEF75A482444}
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_0_0_86\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Pacific Poker --> C:\PROGRA~1\PACIFI~1\UNWISE.EXE C:\PROGRA~1\PACIFI~1\INSTALL.LOG
PC Connectivity Solution --> MsiExec.exe /I{AB2347E4-153B-4194-AA3B-97C0A662B369}
PIF DESIGNER2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0A7124DF-F8A4-405B-904F-CFD3D3DFB5AE}\SETUP.EXE" -l0x9 anything
PKR --> "C:\Program Files\PKR\uninstall-pkr.exe"
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
Readme -->
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x9 REMOVE
Scan -->
ScannerCopy -->
ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\SETUP.EXE" ADDREMOVEDLG
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Smart PC v4.0 --> "C:\Program Files\Smart PC Solutions\Smart PC\unins000.exe"
SolidWorks 2006 SP0 --> MsiExec.exe /I{BF3F8318-54C2-47A9-8124-DA391A9F4DF0}
SolutionCenter -->
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Status -->
Symantec Real Time Storage Protection Component -->
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab --> C:\Program Files\Common Files\SystemRequirementsLab\Uninstall.exe
Tablet --> C:\Program Files\Tablet\Remove.exe /u
The Sims Deluxe Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\setup.exe" -l0009
TOSHIBA Assist --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9
TOSHIBA ConfigFree --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
Toshiba Hotkey Utility -->
TOSHIBA Manuals --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EB6332B-AF02-457C-A31C-835458C5B48B}\setup.exe" -l0x9 -removeonly
TOSHIBA PC Diagnostic Tool --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
Toshiba Touchpad Utility -->
Toshiba Touchpad Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA} /l1033
Toshiba Utility -->
Toshiba Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{099D12EC-0321-4CAC-A0CC-33D020156FCD} /l1033
TOSHIBA Zooming Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\setup.exe"
Touch and Launch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\Setup.exe" -l0x9
TrayApp -->
Unload -->
WebFldrs XP -->
WebReg -->
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8\pccswpddriver.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Hotfix - KB895181 --> "C:\WINDOWS\$NtUninstallKB895181$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
ZBrush2 --> "C:\Program Files\Pixologic\ZBrush2\UninstallerData\Uninstall ZBrush2.exe"
ZyXEL USB ADSL Modem/Router --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BE3BF62-D432-4D47-A712-CD4DF91CABFB}\Setup.exe" -l0x9

-- End of Deckard's System Scanner: finished at 2007-05-13 at 14:35:58 ---------

guestolo · « **Reply #5 on:** May 13, 2007, 12:33:30 PM »

Can you Print these instructions please, or save them too a text file on desktop for reference

Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop
Ensure to copy from REGEDIT4 and down in the code box

Code: [Select]

REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{C4ECF849-0510-1033-1114-050511030161}"=-

We will need this in a bit

Download this file - Combofix.exe and save it ONLY to your desktop
We will be needing this in a bit

Download RemAdvertisemen.exe to your desktop
Again, we will need this in a bit

Can I have you disable Windows Defender's protections please
We don't need it interfering in any fixes that we try
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
Keep this disabled till we have you clear please

[color=\"blue\"]Your Java Runtime Environment is out of date.[/color] Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

[color=\"blue\"]Updating Java:[/color]

Download the latest version of Java(tm) SE Runtime Environment 6 Update 1.
Scroll down to where it says "Java Runtime Environment (JRE) 6u1, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement[/i]".
The page will refresh.
Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop (13.16 MB).
Close any programs you may have running - especially any web browsers.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.

This would include
J2SE Runtime Environment 5.0 Update 6
Don't install the new version yet

Keep all other unnecessary applications closed, including your web browser

Double click on fix.reg and allow to add/merge to the registry at the prompt

RemAdvertisemen

Double click on RemAdvertisemen.exe on your desktop
Click the Start Removal button and wait for the
"Done Removal! Please reboot your computer now." message.
Once you see that Click OK and then reboot your computer.

Back in Windows

Go ahead and install the latest version of Java from the installer on the desktop
Allow internet access if prompted by your Firewall
After installation you can delete the installer on desktop

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Can you post back here the following please

1. Post the log from Combofix
2. Post a fresh hijackthis log

bthrupp · « **Reply #6 on:** May 13, 2007, 01:52:13 PM »

Hi just one problem, i cant open remadvertisemen.exe i get a prompt telling me that it is not a valid win32 application.

guestolo · « **Reply #7 on:** May 13, 2007, 02:23:13 PM »

Quote

not a valid win32 application

Is that the whole error message that you receive???
Try disabling your AV protection
Redownload remadvertisemen.exe and try again

EDIT>>Another thought, also try saving remadvertisemen.exe to a different location
Such as the C: directory
So you now have C:\remadvertisemen.exe

bthrupp · « **Reply #8 on:** May 13, 2007, 02:54:41 PM »

not to worry got it sorted out!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' />

"Admin" - 2007-05-13 20:45:46 Service Pack 2
ComboFix 07-05.13.V - Running from: "C:\Documents and Settings\Admin\Desktop\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Admin\Desktop.\internet explorer.lnk
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\components

((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-13 ))))))))))))))))))))))))))))))))))

2007-05-13 14:31   <DIR>   d--------   C:\Deckard
2007-05-13 00:23   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-13 00:15   <DIR>   d--------   C:\Program Files\Smart PC Solutions
2007-05-13 00:15   <DIR>   d--------   C:\DOCUME~1\Admin\APPLIC~1\Smart PC Solutions
2007-05-12 18:23   <DIR>   d--------   C:\Program Files\PCPitstop
2007-05-12 18:19   <DIR>   d--------   C:\DOCUME~1\Admin\APPLIC~1\RegistrySmart
2007-05-12 18:06   <DIR>   d--------   C:\Program Files\RegistryFix
2007-05-10 20:46   <DIR>   d--------   C:\DOCUME~1\Admin\APPLIC~1\Opera
2007-05-09 16:06   22,112   -ra------   C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-05-09 15:22   <DIR>   d--------   C:\Program Files\Norton Internet Security
2007-05-09 15:20   48,776   --a------   C:\WINDOWS\system32\S32EVNT1.DLL
2007-05-09 15:20   115,000   --a------   C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-05-09 14:47   1,156   --a------   C:\WINDOWS\mozver.dat
2007-05-09 14:43   0   --a------   C:\WINDOWS\nsreg.dat
2007-05-08 22:46   <DIR>   d--------   C:\Program Files\GCH Guitar academy
2007-05-08 16:53   <DIR>   d--------   C:\WINDOWS\FLV Player
2007-05-07 20:58   <DIR>   d--------   C:\DOCUME~1\LOCALS~1\APPLIC~1\PC Suite
2007-05-07 20:50   38,016   --a------   C:\WINDOWS\system32\drivers\bthmodem.sys
2007-05-07 20:34   8,192   --a------   C:\WINDOWS\system32\wshirda.dll
2007-05-07 20:34   59,648   --a------   C:\WINDOWS\system32\drivers\rfcomm.sys
2007-05-07 20:34   27,136   --a------   C:\WINDOWS\system32\irmon.dll
2007-05-07 20:34   17,024   --a------   C:\WINDOWS\system32\drivers\BthEnum.sys
2007-05-07 20:34   152,576   --a------   C:\WINDOWS\system32\irftp.exe
2007-05-07 20:34   100,992   --a------   C:\WINDOWS\system32\drivers\bthpan.sys
2007-05-07 20:33   274,304   --a------   C:\WINDOWS\system32\drivers\bthport.sys
2007-05-07 20:33   18,944   --a------   C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-05-06 21:01   <DIR>   d--------   C:\Program Files\Alien Skin
2007-05-06 11:49   13,567   --a------   C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2007-05-06 11:48   106,496   --a------   C:\WINDOWS\system32\FPXS2Pro.dll
2007-05-06 11:47   274,432   --a------   C:\WINDOWS\system32\FFTIFF16.dll
2007-05-06 11:47   155,648   --a------   C:\WINDOWS\system32\FFRAFLIB.DLL
2007-05-06 11:46   81,924   ---------   C:\WINDOWS\system32\drivers\VC4CB104.SYS
2007-05-06 11:46   69,632   ---------   C:\WINDOWS\system32\FREGSHEX.DLL
2007-05-06 11:46   65,536   ---------   C:\WINDOWS\system32\FINFCHECK.dll
2007-05-06 11:46   45,056   ---------   C:\WINDOWS\system32\FINFCOPY.dll
2007-05-06 11:46   45,056   ---------   C:\WINDOWS\system32\FCLKBTN.DLL
2007-05-06 11:46   <DIR>   d--------   C:\Program Files\REGSHAVE
2007-05-05 21:50   <DIR>   d--------   C:\Program Files\FLV Hosting
2007-05-05 21:37   <DIR>   d--------   C:\Program Files\Common Files\SolidWorks Shared
2007-05-05 21:37   <DIR>   d--------   C:\Program Files\Bluebeam Software
2007-05-05 21:37   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluebeam Software
2007-05-05 21:35   <DIR>   d--------   C:\Program Files\SolidWorks
2007-05-05 21:35   <DIR>   d--------   C:\Program Files\Common Files\Solidworks Data
2007-05-05 21:34   <DIR>   d--------   C:\Program Files\QuickTime
2007-05-05 21:32   <DIR>   d--------   C:\Program Files\Common Files\Teleca Shared
2007-05-05 21:32   <DIR>   d--------   C:\DOCUME~1\Admin\APPLIC~1\Nokia Multimedia Player
2007-05-05 21:30   <DIR>   d--------   C:\Program Files\Xvid
2007-05-05 21:30   <DIR>   d--------   C:\Program Files\Common Files\Autodesk Shared
2007-05-05 21:30   <DIR>   d--------   C:\Program Files\Autodesk
2007-05-05 19:23   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
2007-05-05 19:05   664   --a------   C:\WINDOWS\system32\d3d9caps.dat
2007-05-05 18:41   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-05-04 19:25   <DIR>   d--------   C:\Program Files\PIXELA
2007-05-04 19:23   <DIR>   d--------   C:\Program Files\FinePixViewer
2007-05-04 19:23   <DIR>   d--------   C:\DOCUME~1\Admin\APPLIC~1\FUJIFILM
2007-05-01 22:29   <DIR>   d--------   C:\DOCUME~1\Admin\APPLIC~1\Nokia Multimedia Player(2)
2007-05-01 22:25   332   --a------   C:\WINDOWS\desctemp.dat
2007-04-27 19:02   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth(2)
2007-04-27 17:11   <DIR>   d--------   C:\Program Files\IVT Corporation
2007-04-25 22:40   <DIR>   d--------   C:\Program Files\QuickTime(2)
2007-04-25 17:37   <DIR>   d--------   C:\Program Files\Common Files\Solidworks Data(2)
2007-04-25 17:37   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluebeam Software(2)
2007-04-21 13:27   <DIR>   d--------   C:\Program Files\FLV Player

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-13 19:42:26   --------   d-----w   C:\Program Files\Common Files\Symantec Shared
2007-05-13 19:32:30   24,743   -c--a-w   C:\WINDOWS\system32\tablet.dat
2007-05-13 14:26:51   --------   d-----w   C:\Program Files\eMule
2007-05-12 23:04:15   --------   d-----w   C:\Program Files\DivX
2007-05-10 12:24:03   --------   d-----w   C:\Program Files\Morpheus
2007-05-09 19:53:36   --------   d-----w   C:\DOCUME~1\Admin\APPLIC~1\SolidWorks
2007-05-09 17:23:16   --------   d-----w   C:\Program Files\Google
2007-05-09 14:36:28   --------   d-----w   C:\Program Files\Symantec
2007-05-08 21:12:33   1,942   -csha-w   C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-07 20:04:36   --------   d-----w   C:\Program Files\Common Files\PCSuite
2007-05-07 20:04:12   --------   d-----w   C:\DOCUME~1\Admin\APPLIC~1\PC Suite
2007-05-05 20:32:17   --------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-05-02 05:48:27   17,108   -c--a-w   C:\DOCUME~1\Admin\APPLIC~1\wklnhst.dat
2007-04-27 17:44:42   --------   d-----w   C:\DOCUME~1\Admin\APPLIC~1\Nokia
2007-04-25 16:39:12   --------   d-----w   C:\Program Files\Common Files\Bluebeam Software
2007-04-02 20:10:33   --------   d-----w   C:\DOCUME~1\Admin\APPLIC~1\Sony Ericsson
2007-04-01 00:18:01   --------   d-----w   C:\Program Files\PKR
2007-03-28 17:49:11   --------   d-----w   C:\Program Files\MorpheusBar
2007-03-23 20:30:15   --------   d-----w   C:\Program Files\DIMIN
2007-03-23 19:47:03   --------   d-----w   C:\Program Files\iTunes
2007-03-23 19:46:53   --------   d-----w   C:\Program Files\iPod
2007-03-20 14:21:26   127,034   -c----r   C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-03-17 13:43:01   292,864   ----a-w   C:\WINDOWS\system32\winsrv.dll
2007-03-10 21:08:39   --------   d-----w   C:\Program Files\Apple Software Update
2007-03-08 15:36:28   577,536   ----a-w   C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28   40,960   -c--a-w   C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28   281,600   ----a-w   C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48   1,843,584   ----a-w   C:\WINDOWS\system32\win32k.sys
2007-03-08 02:28:10   --------   d-----w   C:\DOCUME~1\Admin\APPLIC~1\DassaultSystemes
2007-03-07 14:22:23   --------   d-----w   C:\DOCUME~1\Admin\APPLIC~1\SolidWorksExplorer
2007-03-06 19:50:45   --------   d-----w   C:\Program Files\MagicISO
2007-03-06 17:53:44   --------   d-----w   C:\DOCUME~1\Admin\APPLIC~1\U3
2007-02-23 04:29:49   200,704   -c--a-w   C:\WINDOWS\system32\ssldivx.dll
2007-02-23 04:29:49   1,044,480   -c--a-w   C:\WINDOWS\system32\libdivx.dll
2007-02-15 03:51:02   81,920   -c--a-w   C:\DOCUME~1\Admin\APPLIC~1\ezpinst.exe
2007-02-15 03:51:02   47,360   -c--a-w   C:\DOCUME~1\Admin\APPLIC~1\pcouffin.sys
2007-02-06 19:53:33   21   -c--a-w   C:\WINDOWS\clofghls.dll
2007-02-05 20:17:02   185,344   ----a-w   C:\WINDOWS\system32\upnphost.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75}=C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll [2006-09-05 22:18]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Toshiba Hotkey Utility"="\"C:\\Program Files\\Toshiba\\Windows Utilities\\Hotkey.exe\" /lang en"
"SmoothView"="C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe"
"PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 21:05]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 22:44]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 22:43]
"Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2005-08-01 22:25]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 10:31]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 10:56]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [])
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 18:15]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 20:05]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 22:32]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 C:\WINDOWS\system32\bthprops.cpl])
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 18:22]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 11:26]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=dword:00000000
"SynchronousUserGroupPolicy"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages   msv1_0
Security Packages   kerberosmsv1_0schannelwdigest
Notification Packages   scecli

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter   HTTPFilter
LocalService   AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService   DnsCache
DcomLaunch   DcomLaunchTermService
rpcss   RpcSs
imgsvc   StiSvc
termsvcs   TermService
WudfServiceGroup   WUDFSvc
bthsvcs   BthServ

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac20e766-4ee6-11db-814f-00c09fab2a4f}]
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Admin.job
C:\WINDOWS\tasks\RegistrySmart Scheduled Scan.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-13 20:50:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 2007-05-13 20:50:44
C:\ComboFix-quarantined-files.txt ... 2007-05-13 20:50

Logfile of HijackThis v1.99.1
Scan saved at 20:52:53, on 13/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/clientapps/AutoSear...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/clientapps/AutoSear...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: olMntrService - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

guestolo · « **Reply #9 on:** May 13, 2007, 03:06:04 PM »

Quote

not to worry got it sorted out!

How did you manage to get it running, just for future reference

How are things running on your end now?

Can you delete this folder if found
C:\Program Files\Common Files\{C4ECF849-0510-1033-1114-050511030161} <-this folder

Also: Did you install Pacific Poker intentionally?

bthrupp · « **Reply #10 on:** May 13, 2007, 03:33:59 PM »

I turned off the AV and tried again. i installed the poker intentionally but i can't seem to get rid of it. I don't think there is much change yet. I can't find C:\Program Files\Common Files\{C4ECF849-0510-1033-1114-050511030161 to delete it.

guestolo · « **Reply #11 on:** May 13, 2007, 11:08:45 PM »

Can you try going to START>>RUN>>copy and paste the following
and then click OK

C:\PROGRA~1\PACIFI~1\UNWISE.EXE C:\PROGRA~1\PACIFI~1\INSTALL.LOG

See if the program uninstalls, if not carry on

Do a "System scan only" with Hijackthis and put a check next to these entries:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/clientapps/AutoSear...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/clientapps/AutoSear...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe (file missing)

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer
Find and delete this folder if found
C:\PROGRAM FILES\PACIFIC POKER <-this folder

Let's try another scanner please and see if we pick up anything
First, disable Symantec's Auto protection
Using Internet Explorer, run this online scanner
http://www.kaspersky.com/virusscanner
Click on "Kaspersky Online Scanner"
A new smaller window will pop up. Press on "Accept". After reading the contents.
Now Kaspersky will update the anti-virus database. Let it run.
Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
Then click on "My Computer", and the scan will start.
Once finished, save the log as "KAV.txt" to the desktop.

Reboot your computer

Post back with the Kaspersky log.

bthrupp · « **Reply #12 on:** May 15, 2007, 01:05:13 PM »

Here are the results of the scan.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, May 15, 2007 6:56:52 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 15/05/2007
Kaspersky Anti-Virus database records: 320946
-------------------------------------------------------------------------------

Scan Settings:
   Scan using the following antivirus database: extended
   Scan Archives: true
   Scan Mail Bases: true

Scan Target - My Computer:
   C:\
   D:\

Scan Statistics:
   Total number of scanned objects: 102803
   Number of viruses found: 5
   Number of infected objects: 12 / 0
   Number of suspicious objects: 0
   Duration of the scan process: 02:46:51

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\UserData\index.dat   Object is locked   skipped
C:\Documents and Settings\Admin\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat   Object is locked   skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\sy3tatm7.default\Cache\_CACHE_001_   Object is locked   skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\sy3tatm7.default\Cache\_CACHE_002_   Object is locked   skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\sy3tatm7.default\Cache\_CACHE_003_   Object is locked   skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\sy3tatm7.default\Cache\_CACHE_MAP_   Object is locked   skipped
C:\Documents and Settings\Admin\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\Admin\Local Settings\History\History.IE5\MSHist012007051520070516\index.dat   Object is locked   skipped
C:\Documents and Settings\Admin\Local Settings\Temp\hpodvd09.log   Object is locked   skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DF70D8.tmp   Object is locked   skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DF70F1.tmp   Object is locked   skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\Admin\My Documents\Miscellaneous\Vista.zip/Vista Transformation Pack 6.0.exe/WISE0030.BIN   Infected: not-a-virus:RiskTool.Win32.CloseApp.a   skipped
C:\Documents and Settings\Admin\My Documents\Miscellaneous\Vista.zip/Vista Transformation Pack 6.0.exe/WISE0053.BIN/WISE0005.BIN   Infected: not-a-virus:RiskTool.Win32.CloseApp.a   skipped
C:\Documents and Settings\Admin\My Documents\Miscellaneous\Vista.zip/Vista Transformation Pack 6.0.exe/WISE0053.BIN   Infected: not-a-virus:RiskTool.Win32.CloseApp.a   skipped
C:\Documents and Settings\Admin\My Documents\Miscellaneous\Vista.zip/Vista Transformation Pack 6.0.exe   Infected: not-a-virus:RiskTool.Win32.CloseApp.a   skipped
C:\Documents and Settings\Admin\My Documents\Miscellaneous\Vista.zip   ZIP: infected - 4   skipped
C:\Documents and Settings\Admin\ntuser.dat   Object is locked   skipped
C:\Documents and Settings\Admin\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-02032007-180817.log   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-05-15_Log.ALUSchedulerSvc.LiveUpdate   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\1842B23C.TMP   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\4766920B.TMP   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx   Object is locked   skipped
C:\Documents and Settings\LocalService\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG   Object is locked   skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT   Object is locked   skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG   Object is locked   skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log   Object is locked   skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log   Object is locked   skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log   Object is locked   skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log   Object is locked   skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log   Object is locked   skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log   Object is locked   skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\chandir.dat   Object is locked   skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\chandir.idx   Object is locked   skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\chn.dat   Object is locked   skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\chn.idx   Object is locked   skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\D0000000.FCS   Object is locked   skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\inuse.txt   Object is locked   skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\L0000002.FCS   Object is locked   skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\main.log   Object is locked   skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\prs.dat   Object is locked   skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\prs.idx   Object is locked   skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\prs_die.dat   Object is locked   skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\prs_die.idx   Object is locked   skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\prs_dnd.dat   Object is locked   skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\prs_dnd.idx   Object is locked   skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\prs_ext.dat   Object is locked   skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\prs_ext.idx   Object is locked   skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\prs_rcv.dat   Object is locked   skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\prs_rcv.idx   Object is locked   skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\storydb.dat   Object is locked   skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\storydb.idx   Object is locked   skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log   Object is locked   skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log   Object is locked   skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log   Object is locked   skipped
C:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP510\A0093317.DLL   Infected: not-a-virus:AdTool.Win32.MyWebSearch.as   skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP510\A0093319.DLL   Infected: not-a-virus:AdTool.Win32.MyWebSearch.i   skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP528\A0112828.exe   Infected: not-a-virus:AdTool.Win32.MyWebSearch   skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP571\A0141008.exe   Infected: not-a-virus:AdTool.Win32.MyWebSearch   skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP577\change.log   Object is locked   skipped
C:\WINDOWS\Debug\PASSWD.LOG   Object is locked   skipped
C:\WINDOWS\ModemLog_AC97 Data Fax SoftModem with SmartCP.txt   Object is locked   skipped
C:\WINDOWS\SchedLgU.Txt   Object is locked   skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log   Object is locked   skipped
C:\WINDOWS\system32\closeapp.exe   Infected: not-a-virus:RiskTool.Win32.CloseApp.a   skipped
C:\WINDOWS\system32\config\AppEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\default   Object is locked   skipped
C:\WINDOWS\system32\config\default.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\Internet.evt   Object is locked   skipped
C:\WINDOWS\system32\config\SAM   Object is locked   skipped
C:\WINDOWS\system32\config\SAM.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SecEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\software   Object is locked   skipped
C:\WINDOWS\system32\config\software.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SysEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\system   Object is locked   skipped
C:\WINDOWS\system32\config\system.LOG   Object is locked   skipped
C:\WINDOWS\system32\drivers\sptd.sys   Object is locked   skipped
C:\WINDOWS\system32\drivers\sptd4957.sys   Object is locked   skipped
C:\WINDOWS\system32\h323log.txt   Object is locked   skipped
C:\WINDOWS\system32\oobe\ISPSoftware\BTYahoo\BroadbandFromBT.exe/webcontrol/btwebcontrol.dll   Infected: not-a-virus:Dialer.Win32.BT.g   skipped
C:\WINDOWS\system32\oobe\ISPSoftware\BTYahoo\BroadbandFromBT.exe   CAB: infected - 1   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP   Object is locked   skipped
C:\WINDOWS\WindowsUpdate.log   Object is locked   skipped

Scan process completed.

guestolo · « **Reply #13 on:** May 15, 2007, 11:35:28 PM »

Looks good
Kaspersky's finds the following as possible infected
Vista.zip''

Did you intentionally install this theme??
Is this when the problems started??
Is Internet slow when wireless or hardwired?

bthrupp · « **Reply #14 on:** May 16, 2007, 11:26:42 AM »

I installed a vista theme that i downloaded from download.com a few months ago but the internet just seemed to slow down in the past month or so. Its slow on my broadband connection back home (wired). I'm at college now though using the wireless. What are the 5 viruses causing my machine to do?

guestolo · « **Reply #15 on:** May 16, 2007, 09:32:18 PM »

Quote

1. C:\Documents and Settings\Admin\My Documents\Miscellaneous\Vista.zip/Vista Transformation Pack 6.0.exe/WISE0030.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
2. C:\Documents and Settings\Admin\My Documents\Miscellaneous\Vista.zip/Vista Transformation Pack 6.0.exe/WISE0053.BIN/WISE0005.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
3. C:\Documents and Settings\Admin\My Documents\Miscellaneous\Vista.zip/Vista Transformation Pack 6.0.exe/WISE0053.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
4. C:\Documents and Settings\Admin\My Documents\Miscellaneous\Vista.zip/Vista Transformation Pack 6.0.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
5. C:\Documents and Settings\Admin\My Documents\Miscellaneous\Vista.zip ZIP: infected - 4 skipped

How long have you had this theme installed and was it as the same time as the slowdowns?
Be accurate please
This isn't positively identifying it is a bad guy, but more as a risktool!!!

bthrupp · « **Reply #16 on:** May 17, 2007, 10:50:32 AM »

I can't be 100% accurate but i downloaded it early january this year. I never really noticed the slow down until about a month ago but solidworks crashes on me frequently and every time i go to the help section of a program it seems to shut down as well. I also notice a huge difference in the speed of the internet using the wireless in college even on a low signal.

guestolo · « **Reply #17 on:** May 17, 2007, 11:13:17 PM »

You may be able to check out your eventviewer to see why programs are crashing
In control panel>>Admin tools>>Event viewer>>Application
See if you get any indication where the errors are coming from
Only a guess, but some Windows themes do cause funny things to happen in Windows

the slowdown in Internet, there's no way to tell unless you hardwire back to a modem to see what your connection is like

This I don't understand

Quote

I also notice a huge difference in the speed of the internet using the wireless in college even on a low signal.

Why would you expect to have high internet speeds on a low signal?

Moe C · « **Reply #18 on:** May 18, 2007, 09:13:42 AM »

[quote name=\'guestolo\' post=\'327106\' date=\'May 17 2007, 11:13 PM\']You may be able to check out your eventviewer to see why programs are crashing
In control panel>>Admin tools>>Event viewer>>Application
See if you get any indication where the errors are coming from
Only a guess, but some Windows themes do cause funny things to happen in Windows

the slowdown in Internet, there's no way to tell unless you hardwire back to a modem to see what your connection is like

This I don't understand

Why would you expect to have high internet speeds on a low signal?[/quote]

i tihnk he means that when he is using the wireless its even faster, even on a low signal

bthrupp · « **Reply #19 on:** May 18, 2007, 12:23:36 PM »

I don't expect high speed on a low signal I'm just saying that the low signal wireless is faster than my wired broadband. I'm back home now and the internet has sped up a bit.

News:

Author Topic: Slow internet (Read 1351 times)