« previous next »
Pages: [1] 2

Author Topic: Powerful PC = Freezing  (Read 1754 times)

Offline treasurechest

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
Powerful PC = Freezing
« on: September 20, 2008, 09:18:35 AM »
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:07 PM, on 9/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Documents and Settings\All Users\Application Data\GarenaCIG\GarenaCIG.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Config\csrss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [krag] C:\WINDOWS\krag.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SystemUpdate] C:\WINDOWS\system32:Mswinxs29.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [EPSON Stylus T10 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE /FU "C:\DOCUME~1\CHARLE~1\LOCALS~1\Temp\E_S50.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Fortres Security Runtime (fsrt) - Unknown owner - C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FSRT.EXE (file missing)
O23 - Service: Garena Cafe System Information Collector (GarenaCIG) - Unknown owner - C:\Documents and Settings\All Users\Application Data\GarenaCIG\GarenaCIG.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandboxie Service (SbieSvc) - Unknown owner - C:\Program Files\Sandboxie\SbieSvc.exe (file missing)

--
End of file - 8607 bytes

P4 dual core
2gig memory

I have good specs in my pc yet i kept freezing, the num lock was still functioning (the way most users check freezing) but still I cant move anything from my pc except my cursor. I cant Alt+tab and I cant CNTRL+ALT+DEL despite its appearance it does not function anyway, futile...

Sir is there a problem with my pc? of course I know there is! http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\':P\' />

What can I do about it?
theres my log file sir
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Powerful PC = Freezing
« Reply #1 on: September 20, 2008, 09:32:31 AM »
Can I see the following please

Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< and save it to your desktop.
  • Double click on RSIT.exe to launch program.
  • Click Continue at the disclaimer screen.
  • Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
  • Once it has finished, two logs will open:  log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].
Post both those logs please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline treasurechest

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
Powerful PC = Freezing
« Reply #2 on: September 21, 2008, 04:44:30 AM »
Why is it
Logged

Offline treasurechest

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
Powerful PC = Freezing
« Reply #3 on: September 21, 2008, 04:53:48 AM »
info.txt logfile of random's system information tool 1.02 2008-09-21 18:41:20

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 4.0 Sprint-->C:\WINDOWS\bitdeins.exe C:\PROGRA~1\ABBYYF~1.0SP\bitdeins.ini
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Apple Mobile Device Support-->MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{9862B19F-4CAD-4EED-920F-2F378D84393F}
BearPaw 1200CU Plus v1.2-->C:\PROGRA~1\BEARPA~1\Driver\UNINST.EXE
CABAL Online (PH) 1.0-->C:\Program Files\e-Games\CABAL Online (PH)\uninst.exe
Call of Duty® 4 - Modern Warfare(tm) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare(tm) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare(tm)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42EDF895-158C-484E-A7F2-42B90759F281}\SETUP.EXE" -l0x9 UNINST
Catalyst Control Center - Branding-->MsiExec.exe /I{6087F45E-358C-4173-8CB1-DE0AE26FFAE1}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Crush'Em 2.0-->C:\WINDOWS\Crush'Em 2.0\UNWISE.EXE C:\WINDOWS\Crush'Em 2.0\install.log
e-Life Pal-->C:\PROGRA~1\E-LIFE~1\UNWISE.EXE C:\PROGRA~1\E-LIFE~1\INSTALL.LOG
EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{46CBBDF8-55B5-40DB-B459-7B848394309C}\Setup.exe" -l0x9 UNINST
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Stylus S20_T10_T20 Manual-->C:\Program Files\EPSON\TPMANUAL\ESS20_T10_T20\ENG\USE_G\DOCUNINS.EXE
EPSON Stylus T10 Series Printer Uninstall-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FINSEBS.EXE /R /APD /P:"EPSON Stylus T10 Series"
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
fflink-->MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
Garena-->C:\Program Files\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes-->MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
Java(tm) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
kgcbaby-->MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday-->MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn-->MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt-->MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids-->MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove-->MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday-->MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_37dac4\Setup.exe /APR-REMOVE
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Essentials-->MsiExec.exe /X{7BAA9BA8-0761-42EF-842A-23FAA5321033}
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Puzzl'Em 1.0 Beta2-->C:\WINDOWS\Puzzl'Em1.0Beta2\UNWISE.EXE C:\WINDOWS\Puzzl'Em1.0Beta2\install.log
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9  -removeonly
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
SmartPhotoRefresh-->C:\Program Files\BearPaw 1200CU Plus\UNWISE.EXE C:\Program Files\BearPaw 1200CU Plus\install.log
Sound'Em-->C:\Program Files\BearPaw 1200CU Plus\UNWISE.EXE C:\Program Files\BearPaw 1200CU Plus\install.log
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Total Video Converter 3.10-->"C:\Program Files\Total Video Converter\unins000.exe"
VIA Rhine-Family Fast-Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Virtual Sandbox 1.0-->"C:\Program Files\InstallShield Installation Information\{FE7A42F7-5203-44F5-840F-D89BF8964061}\Setup.exe" -l0x9
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VirtualSandboxName"=(None)
"VirtualSandboxInstallationDirectory"=C:\Program Files\Fortres Grand\Virtual Sandbox 1.0
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------


Logfile of random's system information tool 1.02 (written by random/random)
Run by Charles Justin at 2008-09-21 18:41:17
Microsoft Windows XP Professional Service Pack 2
System drive C: has 118 GB (77%) free of 153 GB
Total RAM: 2047 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:41:19 PM, on 9/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\Config\csrss.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Documents and Settings\All Users\Application Data\GarenaCIG\GarenaCIG.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Charles Justin\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Charles Justin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [krag] C:\WINDOWS\krag.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SystemUpdate] C:\WINDOWS\system32:Mswinxs29.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [EPSON Stylus T10 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE /FU "C:\DOCUME~1\CHARLE~1\LOCALS~1\Temp\E_S50.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Fortres Security Runtime (fsrt) - Unknown owner - C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FSRT.EXE (file missing)
O23 - Service: Garena Cafe System Information Collector (GarenaCIG) - Unknown owner - C:\Documents and Settings\All Users\Application Data\GarenaCIG\GarenaCIG.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandboxie Service (SbieSvc) - Unknown owner - C:\Program Files\Sandboxie\SbieSvc.exe (file missing)

--
End of file - 8712 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-01-31 16116224]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-17 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"krag"=C:\WINDOWS\krag.exe []
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]
"SystemUpdate"=C:\WINDOWS\system32:Mswinxs29.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"GrooveMonitor"=C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
"EPSON Stylus T10 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE [2007-11-29 188928]
"SandboxieControl"=C:\Program Files\Sandboxie\SbieCtrl.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-03-12 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\e-Games\CABAL Online (PH)\launcher\update\ESTdnheadless.exe"="C:\Program Files\e-Games\CABAL Online (PH)\launcher\update\ESTdnheadless.exe:*:Disabled:EST! download engine"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare(tm) "
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft Office 2007\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office 2007\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office 2007\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office 2007\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office 2007\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office 2007\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66fe57e0-8724-11dd-b7c7-001d60d855e0}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MyMP3.vbs


======List of files/folders created in the last 1 months======

2008-09-21 18:41:17 ----D---- C:\rsit
2008-09-20 23:08:16 ----SHD---- C:\Config.Msi
2008-09-20 23:04:07 ----D---- C:\Program Files\Microsoft Works
2008-09-20 23:03:59 ----D---- C:\Program Files\MSBuild
2008-09-20 23:03:35 ----D---- C:\Program Files\Microsoft Visual Studio
2008-09-20 23:01:12 ----D---- C:\Program Files\Microsoft Visual Studio 8
2008-09-20 23:00:21 ----D---- C:\Program Files\Microsoft Office 2007
2008-09-20 22:48:26 ----D---- C:\Program Files\Trend Micro
2008-09-20 22:39:49 ----D---- C:\WINDOWS\pss
2008-09-20 21:56:49 ----D---- C:\Program Files\Sun
2008-09-20 21:56:35 ----A---- C:\WINDOWS\system32\javaws.exe
2008-09-20 21:56:35 ----A---- C:\WINDOWS\system32\javaw.exe
2008-09-20 21:56:35 ----A---- C:\WINDOWS\system32\java.exe
2008-09-20 21:56:14 ----D---- C:\Program Files\Java
2008-09-05 14:42:53 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-05 14:26:01 ----A---- C:\WINDOWS\system32\aplib.dll
2008-09-05 14:12:54 ----A---- C:\WINDOWS\system32\Mswinxs29.exe
2008-08-30 18:13:33 ----D---- C:\Documents and Settings\All Users\Application Data\GarenaCIG
2008-08-26 19:06:04 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-08-26 19:05:45 ----D---- C:\WINDOWS\system32\LogFiles
2008-08-26 19:05:45 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2008-08-25 09:38:13 ----D---- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2008-08-24 19:55:27 ----A---- C:\WINDOWS\~GLC0000.TMP
2008-08-24 19:51:25 ----D---- C:\Program Files\e-Life Pal
2008-08-24 19:51:03 ----A---- C:\WINDOWS\MAXLINK.INI
2008-08-24 19:50:29 ----D---- C:\Program Files\ABBYY FineReader 4.0 Sprint
2008-08-24 19:48:34 ----D---- C:\WINDOWS\Crush'Em 2.0
2008-08-24 19:48:32 ----D---- C:\WINDOWS\Puzzl'Em1.0Beta2
2008-08-24 19:48:28 ----A---- C:\WINDOWS\system32\ltkrn12n.dll
2008-08-24 19:48:28 ----A---- C:\WINDOWS\system32\ltimg12n.dll
2008-08-24 19:48:28 ----A---- C:\WINDOWS\system32\ltfil12n.DLL
2008-08-24 19:48:28 ----A---- C:\WINDOWS\system32\Lfwmf12n.dll
2008-08-24 19:48:28 ----A---- C:\WINDOWS\system32\lftif12n.dll
2008-08-24 19:48:28 ----A---- C:\WINDOWS\system32\lfpcx12n.dll
2008-08-24 19:48:28 ----A---- C:\WINDOWS\system32\lflmb12n.dll
2008-08-24 19:48:28 ----A---- C:\WINDOWS\system32\lfjbg12n.dll
2008-08-24 19:48:28 ----A---- C:\WINDOWS\system32\LFJ2K12n.dll
2008-08-24 19:48:28 ----A---- C:\WINDOWS\system32\lfimg12n.dll
2008-08-24 19:48:28 ----A---- C:\WINDOWS\system32\lffax12n.dll
2008-08-24 19:48:27 ----A---- C:\WINDOWS\system32\LFCMP12n.DLL
2008-08-24 19:48:27 ----A---- C:\WINDOWS\system32\lfbmp12n.dll
2008-08-24 19:48:26 ----A---- C:\WINDOWS\system32\ps1gMiniDrv.dll
2008-08-24 19:48:26 ----A---- C:\WINDOWS\system32\MKCoInstaller.dll
2008-08-24 19:48:19 ----A---- C:\WINDOWS\system32\vb5ko.dll
2008-08-24 19:48:06 ----D---- C:\Program Files\BearPaw 1200CU Plus
2008-08-24 19:47:58 ----D---- C:\Program Files\Temp
Logged

Offline treasurechest

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
Powerful PC = Freezing
« Reply #4 on: September 21, 2008, 04:54:52 AM »
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-03-12 2870784]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 42496]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-01-31 4474368]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 FGCWL;FGCWL; \??\C:\Program Files\Fortres Grand\Virtual Sandbox 1.0\FGCWL.sys []
S3 GT680x;GrandTechICNameNT; C:\WINDOWS\System32\Drivers\gt680x.sys [2003-02-21 17504]
S3 LoveDRIVER53;LoveDRIVER53; \??\C:\DOCUME~1\CHARLE~1\LOCALS~1\Temp\Rar$EX01.734\Love Engine 0.2\Loveliss.sys []
S3 NTProcDrv;Process creation detector for NT.; \??\C:\Documents and Settings\Charles Justin\Desktop\a\NtProcDrv.sys []
S3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
Logged

Offline treasurechest

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
Powerful PC = Freezing
« Reply #5 on: September 21, 2008, 04:56:53 AM »
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-03-12 532480]
R2 EPSON_EB_RPCV4_01;EPSON V5 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE [2007-12-16 143872]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-10 113664]
R2 GarenaCIG;Garena Cafe System Information Collector; C:\Documents and Settings\All Users\Application Data\GarenaCIG\GarenaCIG.exe [2008-08-30 131072]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-08-26 66872]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-03-12 593920]
S2 fsrt;Fortres Security Runtime; C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FSRT.EXE []
S2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office 2007\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-11-28 800040]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]

-----------------EOF-----------------


======List of files/folders modified in the last 1 months======

2008-09-21 18:40:59 ----AD---- C:\WINDOWS\system32
2008-09-21 18:39:08 ----D---- C:\Program Files\Mozilla Firefox
2008-09-21 18:39:05 ----D---- C:\WINDOWS\Temp
2008-09-21 07:05:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-20 23:08:24 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-20 23:08:18 ----HD---- C:\WINDOWS\inf
2008-09-20 23:08:17 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-20 23:08:16 ----SHD---- C:\WINDOWS\Installer
2008-09-20 23:07:42 ----D---- C:\WINDOWS\SHELLNEW
2008-09-20 23:07:31 ----A---- C:\WINDOWS\win.ini
2008-09-20 23:05:18 ----D---- C:\WINDOWS\Prefetch
2008-09-20 23:05:08 ----RSD---- C:\WINDOWS\assembly
Logged

Offline treasurechest

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
Powerful PC = Freezing
« Reply #6 on: September 21, 2008, 04:58:06 AM »
2008-09-20 23:04:07 ----RD---- C:\Program Files
Logged

Offline treasurechest

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
Powerful PC = Freezing
« Reply #7 on: September 21, 2008, 05:00:29 AM »
2008-09-20 23:02:39 ----RSD---- C:\WINDOWS\Fonts
Logged

Offline treasurechest

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
Powerful PC = Freezing
« Reply #8 on: September 21, 2008, 05:01:37 AM »
Its hard to post the last few items... everytime i copy paste it, the browser always says "Method Not Implemented"
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Powerful PC = Freezing
« Reply #9 on: September 21, 2008, 10:39:31 AM »
That cut off important info
For now, can you do the following please

It appears you have a flash drive infection. Please download Flash_Disinfector by sUBs and save it to your desktop:

NOTE: In the event you already have Flash_Disinfector, this is a newer version that I need you to download.

    * Plug in your USB flash drive.
    * Double-click Flash_Disinfector.exe to run it.
    * Follow any prompts that may appear.
    * Your desktop will vanish for a while, and then reappear. This is normal.
    * Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.

NEXT:
Download this file - Combofix.exe and save it ONLY to your desktop

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
By default it will save a copy to C:\Combofix.txt
I'll need to see this log later
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back the log from Combofix and a fresh hijackthis log

NOTE: If you have trouble posting any of the logs
Can you Upload the files, simply use the Browse... UPLOAD buttons on the bottom right of a reply box
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline treasurechest

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
Powerful PC = Freezing
« Reply #10 on: September 21, 2008, 06:20:52 PM »
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:24 AM, on 9/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Documents and Settings\All Users\Application Data\GarenaCIG\GarenaCIG.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Fortres Security Runtime (fsrt) - Unknown owner - C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FSRT.EXE (file missing)
O23 - Service: Garena Cafe System Information Collector (GarenaCIG) - Unknown owner - C:\Documents and Settings\All Users\Application Data\GarenaCIG\GarenaCIG.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandboxie Service (SbieSvc) - Unknown owner - C:\Program Files\Sandboxie\SbieSvc.exe (file missing)

--
End of file - 7722 bytes


ComboFix 08-09-20.05 - Charles Justin 2008-09-22  8:09:00.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1606 [GMT -7:00]
Running from: C:\Documents and Settings\Charles Justin\Desktop\ComboFix.exe
 * Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
ADS - system32: deleted 1117894 bytes in 2 streams.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Config\csrss.exe
E:\autorun.inf
shellexecute=wscript.exe MyMP3.vbsC:\autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2008-08-22 to 2008-09-22  )))))))))))))))))))))))))))))))
.

2008-09-21 18:41 . 2008-09-21 18:41   <DIR>   d--------   C:\rsit
2008-09-20 23:04 . 2008-09-20 23:04   <DIR>   d--------   C:\Program Files\Microsoft Works
2008-09-20 23:03 . 2008-09-20 23:03   <DIR>   d--------   C:\Program Files\MSBuild
2008-09-20 23:01 . 2008-09-20 23:01   <DIR>   d--------   C:\Program Files\Microsoft Visual Studio 8
2008-09-20 23:00 . 2008-09-20 23:03   <DIR>   d--------   C:\Program Files\Microsoft Office 2007
2008-09-20 22:48 . 2008-09-20 22:48   <DIR>   d--------   C:\Program Files\Trend Micro
2008-09-20 21:56 . 2008-09-20 21:56   <DIR>   d--------   C:\Program Files\Sun
2008-09-20 21:56 . 2008-09-20 21:56   <DIR>   d--------   C:\Program Files\Java
2008-09-20 21:56 . 2008-06-10 02:32   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-09-17 07:42 . 2008-09-17 07:42   7,680   --ahs----   C:\WINDOWS\Thumbs.db
2008-09-14 22:09 . 2008-09-22 08:03   5,977   --a------   C:\logfile
2008-09-05 14:42 . 2008-09-05 14:45   <DIR>   d-a------   C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-05 14:26 . 2008-09-05 14:45   12,288   --a------   C:\WINDOWS\system32\aplib.dll
2008-09-05 14:16 . 2008-09-05 14:16   124,688   --a------   C:\WINDOWS\system32\MSWINSCK.OCX
2008-09-05 14:15 . 2008-09-06 02:45   131,488   --a------   C:\WINDOWS\system32\Mswinxs29
2008-09-05 14:12 . 2008-09-05 14:12   16,384   --a------   C:\WINDOWS\system32\Mswinxs29.exe
2008-08-30 18:13 . 2008-08-30 18:13   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\GarenaCIG
2008-08-26 19:06 . 2008-09-19 16:00   136,888   --a------   C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-26 19:06 . 2008-09-19 16:36   111,928   --a------   C:\WINDOWS\system32\PnkBstrB.exe
2008-08-26 19:05 . 2008-08-26 19:05   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
2008-08-26 19:05 . 2008-08-26 19:05   66,872   --a------   C:\WINDOWS\system32\PnkBstrA.exe
2008-08-26 18:07 . 2008-08-26 18:07   <DIR>   d--------   C:\Documents and Settings\Charles Justin\rider2
2008-08-25 09:38 . 2008-08-25 09:38   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2008-08-24 19:55 . 2008-08-24 19:55   86,400   --a------   C:\WINDOWS\~GLC0000.TMP
2008-08-24 19:51 . 2008-08-24 19:51   <DIR>   d--------   C:\Program Files\e-Life Pal
2008-08-24 19:51 . 2008-08-24 19:51   492   --a------   C:\WINDOWS\MAXLINK.INI
2008-08-24 19:50 . 2008-08-24 19:51   <DIR>   d--------   C:\Program Files\ABBYY FineReader 4.0 Sprint
2008-08-24 19:48 . 2008-08-24 19:48   <DIR>   d--------   C:\Program Files\BearPaw 1200CU Plus
2008-08-24 19:47 . 2008-08-24 19:47   <DIR>   d--------   C:\Program Files\Temp

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 04:30   ---------   d-----w   C:\Program Files\Garena
2008-09-21 06:08   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-20 03:17   ---------   d-----w   C:\Program Files\Warcraft III
2008-09-15 05:16   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-09-15 05:09   ---------   d-----w   C:\Program Files\NOS
2008-09-15 05:09   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\NOS
2008-09-14 03:27   ---------   d-----w   C:\Documents and Settings\Charles Justin\Application Data\uTorrent
2008-08-20 08:22   ---------   d-----w   C:\Documents and Settings\Stiff\Application Data\Yahoo!
2008-08-19 03:33   ---------   d-----w   C:\Documents and Settings\Charles Justin\Application Data\Apple Computer
2008-08-19 03:30   ---------   d-----w   C:\Program Files\Total Video Converter
2008-08-18 14:25   ---------   d-----w   C:\Documents and Settings\Stiff\Application Data\Ahead
2008-08-18 14:23   ---------   d-----w   C:\Documents and Settings\Stiff\Application Data\Apple Computer
2008-08-18 12:57   ---------   d-----w   C:\Documents and Settings\Stiff\Application Data\ATI
2008-08-18 08:03   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-08-18 07:56   ---------   d-----w   C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-08-11 02:09   ---------   d-----w   C:\Program Files\QuickTime
2008-08-11 02:09   ---------   d-----w   C:\Program Files\iTunes
2008-08-11 02:09   ---------   d-----w   C:\Program Files\iPod
2008-08-11 02:09   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-11 02:05   ---------   d-----w   C:\Program Files\Common Files\Apple
2008-08-11 02:05   ---------   d-----w   C:\Program Files\Apple Software Update
2008-08-11 02:05   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Apple
2008-08-10 20:23   ---------   d-----w   C:\Program Files\Hotspot Shield
2008-08-10 19:40   ---------   d-----w   C:\Program Files\Common Files\Java
2008-08-06 11:18   ---------   d-----w   C:\Documents and Settings\Charles Justin\Application Data\Ahead
2008-07-28 00:37   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\avg8
2008-07-28 00:21   ---------   d-----w   C:\Program Files\Microsoft ActiveSync
2008-07-27 19:16   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\avg8(2)
2008-07-25 16:10   237,568   ----a-w   C:\WINDOWS\system32\config\systemprofile\NTUSER(2).DAT
2008-07-05 19:32   2,829   ----a-w   C:\WINDOWS\War3Unin.pif
2008-07-05 19:32   139,264   ----a-w   C:\WINDOWS\War3Unin.exe
2008-07-05 19:07   315,392   ----a-w   C:\WINDOWS\HideWin.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-31 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-17 C:\WINDOWS\SkyTel.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-16 113664]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 282624]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\e-Games\\CABAL Online (PH)\\launcher\\update\\ESTdnheadless.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office 2007\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"=

R2 EPSON_EB_RPCV4_01;EPSON V5 Service4(01);C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE [2007-12-16 143872]
R2 GarenaCIG;Garena Cafe System Information Collector;C:\Documents and Settings\All Users\Application Data\GarenaCIG\GarenaCIG.exe  --service [ ]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 42496]
S2 fsrt;Fortres Security Runtime;C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FSRT.EXE [ ]
S3 FGCWL;FGCWL;C:\Program Files\Fortres Grand\Virtual Sandbox 1.0\FGCWL.sys [ ]
S3 LoveDRIVER53;LoveDRIVER53;C:\DOCUME~1\CHARLE~1\LOCALS~1\Temp\Rar$EX01.734\Love Engine 0.2\Loveliss.sys [ ]
S3 NTProcDrv;Process creation detector for NT.;C:\Documents and Settings\Charles Justin\Desktop\a\NtProcDrv.sys [ ]
S3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [ ]

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2D539AD7-9538-7C9B-1A95-8FFC06429141}]
C:\WINDOWS\system32:Mswinxs29.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SandboxieControl - C:\Program Files\Sandboxie\SbieCtrl.exe
HKLM-Run-krag - C:\WINDOWS\krag.exe
HKLM-Run-SystemUpdate - C:\WINDOWS\system32:Mswinxs29.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Charles Justin\Application Data\Mozilla\Firefox\Profiles\dlfeqefd.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - mail.yahoo.com
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-22 08:10:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  SystemUpdate = C:\WINDOWS\system32:Mswinxs29.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-22  8:10:53
ComboFix-quarantined-files.txt  2008-09-22 15:10:50

Pre-Run: 123,513,368,576 bytes free
Post-Run: 124,812,275,712 bytes free

162


i really cant post this
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Powerful PC = Freezing
« Reply #11 on: September 21, 2008, 07:20:19 PM »
Please download RootKitRevealer from here:
http://download.sysinternals.com/Files/RootkitRevealer.zip
Unzip it to the desktop, run it, and click Scan.
when the Scan is complete, Save a copy of the log to your C:\ folder
By clicking on File>>Save...
Post the entire contents of the log file here for me to see.
« Last Edit: September 21, 2008, 07:21:57 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline treasurechest

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
Powerful PC = Freezing
« Reply #12 on: September 22, 2008, 05:55:36 AM »
HKU\.DEFAULT\Control Panel\International   9/22/2008 8:10 AM   0 bytes   Security mismatch.
HKU\.DEFAULT\Control Panel\International\Geo   9/22/2008 8:10 AM   0 bytes   Security mismatch.
HKU\S-1-5-21-1417001333-1844823847-725345543-1003\Control Panel\International   9/22/2008 8:10 AM   0 bytes   Security mismatch.
HKU\S-1-5-21-1417001333-1844823847-725345543-1003\Control Panel\International\Geo   9/22/2008 8:10 AM   0 bytes   Security mismatch.
HKU\S-1-5-18\Control Panel\International   9/22/2008 8:10 AM   0 bytes   Security mismatch.
HKU\S-1-5-18\Control Panel\International\Geo   9/22/2008 8:10 AM   0 bytes   Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC*   7/5/2008 12:03 PM   0 bytes   Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI*   7/5/2008 12:03 PM   0 bytes   Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed   9/22/2008 7:42 PM   4 bytes   Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesSuccessful   9/22/2008 7:42 PM   4 bytes   Data mismatch between Windows API and raw hive data.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Powerful PC = Freezing
« Reply #13 on: September 22, 2008, 06:13:12 PM »
Unless I'm mistaken, I don't see any AntiVirus software on this computer
Can you do the following please

Go here and download your Free version of Avira AntiVir
http://www.download.com/Avira-AntiVir-Pers...cdlpid=10322935
Save the installer to desktop

Install Avira AntiVir from desktop
Ensure that you have it check for Updates
The first time it updates may take awhile, but allow it time

NOTE: Avira will display a single big Ad on your computer
Don't be alarmed, just click OK at the bottom of the Ad to close it

A scan of your System should then start
If a scan does not start after updating, double click on the Avira icon by the clock (the red/white umbrella)
and select "Scan system now"

Quarantine or delete everything it finds
When the scan is finished
Reboot the computer

Back in Windows
Can you post all the following back please

1. Please post the log from Avira
Open Avira again (Double click on the red Umbrella icon by the clock)
Click on REPORTS under Overview
Double click on the Scan report you just made
Then click on "Report File"
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline treasurechest

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
Powerful PC = Freezing
« Reply #14 on: September 23, 2008, 07:58:58 AM »
Avira AntiVir Personal
Report file date: Tuesday, September 23, 2008  21:18

Scanning for 1636052 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Boot mode:        Normally booted
Username:         SYSTEM
Computer name:    2ND-GEN

Version information:
BUILD.DAT     : 8.1.0.331      16934 Bytes   8/12/2008 11:46:00
AVSCAN.EXE    : 8.1.4.7       315649 Bytes   6/26/2008 17:57:53
AVSCAN.DLL    : 8.1.4.0        40705 Bytes   5/26/2008 16:56:40
LUKE.DLL      : 8.1.4.5       164097 Bytes   6/12/2008 21:44:19
LUKERES.DLL   : 8.1.4.0        12033 Bytes   5/26/2008 16:58:52
ANTIVIR0.VDF  : 6.40.0.0    11030528 Bytes   7/18/2007 19:33:34
ANTIVIR1.VDF  : 7.0.5.1      8182784 Bytes   6/24/2008 22:54:15
ANTIVIR2.VDF  : 7.0.6.153    3341312 Bytes   9/12/2008 04:16:10
ANTIVIR3.VDF  : 7.0.6.201     342016 Bytes   9/23/2008 04:16:22
Engineversion : 8.1.1.34  
AEVDF.DLL     : 8.1.0.5       102772 Bytes   2/25/2008 18:58:21
AESCRIPT.DLL  : 8.1.0.76      319867 Bytes   9/24/2008 04:17:09
AESCN.DLL     : 8.1.0.23      119156 Bytes   7/10/2008 21:44:49
AERDL.DLL     : 8.1.1.2       438644 Bytes   9/24/2008 04:17:03
AEPACK.DLL    : 8.1.2.1       364917 Bytes   7/15/2008 21:58:35
AEOFFICE.DLL  : 8.1.0.25      196986 Bytes   9/24/2008 04:16:57
AEHEUR.DLL    : 8.1.0.59     1438071 Bytes   9/24/2008 04:16:53
AEHELP.DLL    : 8.1.0.15      115063 Bytes   7/10/2008 21:44:48
AEGEN.DLL     : 8.1.0.36      315764 Bytes   9/24/2008 04:16:36
AEEMU.DLL     : 8.1.0.7       430452 Bytes   7/31/2008 17:33:21
AECORE.DLL    : 8.1.1.11      172406 Bytes   9/24/2008 04:16:29
AEBB.DLL      : 8.1.0.1        53617 Bytes   7/10/2008 21:44:48
AVWINLL.DLL   : 1.0.0.12       15105 Bytes    7/9/2008 17:40:05
AVPREF.DLL    : 8.0.2.0        38657 Bytes   5/16/2008 18:28:01
AVREP.DLL     : 8.0.0.2        98344 Bytes   9/24/2008 04:16:24
AVREG.DLL     : 8.0.0.1        33537 Bytes    5/9/2008 20:26:40
AVARKT.DLL    : 1.0.0.23      307457 Bytes   2/12/2008 17:29:23
AVEVTLOG.DLL  : 8.0.0.16      119041 Bytes   6/12/2008 21:27:49
SQLITE3.DLL   : 3.3.17.1      339968 Bytes   1/23/2008 02:28:02
SMTPLIB.DLL   : 1.2.0.23       28929 Bytes   6/12/2008 21:49:40
NETNT.DLL     : 8.0.0.1         7937 Bytes   1/25/2008 21:05:10
RCIMAGE.DLL   : 8.0.0.51     2371841 Bytes   6/12/2008 22:48:07
RCTEXT.DLL    : 8.0.52.0       86273 Bytes   6/27/2008 22:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Tuesday, September 23, 2008  21:18

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'distnoted.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceHelper.exe' - '1' Module(s) have been scanned
Scan process 'iTunes.exe' - '1' Module(s) have been scanned
Scan process 'YAHOOM~1.EXE' - '1' Module(s) have been scanned
Scan process 'Garena.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'EasyShare.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'E_FATIEBS.EXE' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'GarenaCIG.exe' - '1' Module(s) have been scanned
Scan process 'E_S40RP7.EXE' - '1' Module(s) have been scanned
Scan process 'E_S40ST7.EXE' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
47 processes with 47 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '67' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
    [WARNING]   The file could not be opened!
C:\Deckard\System Scanner\backup\DOCUME~1\CHARLE~1\LOCALS~1\Temp\@2.tmp
    [DETECTION] Is the TR/Spy.Ardamax.J Trojan
    [NOTE]      The file was deleted!
C:\Deckard\System Scanner\backup\DOCUME~1\CHARLE~1\LOCALS~1\Temp\@2A.tmp
    [DETECTION] Is the TR/Spy.Ardamax.J Trojan
    [NOTE]      The file was deleted!
C:\Deckard\System Scanner\backup\DOCUME~1\CHARLE~1\LOCALS~1\Temp\@32.tmp
    [DETECTION] Is the TR/Spy.Ardamax.J Trojan
    [NOTE]      The file was deleted!
C:\Deckard\System Scanner\backup\DOCUME~1\CHARLE~1\LOCALS~1\Temp\@34.tmp
    [DETECTION] Is the TR/Spy.Ardamax.J Trojan
    [NOTE]      The file was deleted!
C:\Deckard\System Scanner\backup\DOCUME~1\CHARLE~1\LOCALS~1\Temp\@36.tmp
    [DETECTION] Is the TR/Spy.Ardamax.J Trojan
    [NOTE]      The file was deleted!
C:\Deckard\System Scanner\backup\DOCUME~1\CHARLE~1\LOCALS~1\Temp\@38.tmp
    [DETECTION] Is the TR/Spy.Ardamax.J Trojan
    [NOTE]      The file was deleted!
C:\Deckard\System Scanner\backup\DOCUME~1\CHARLE~1\LOCALS~1\Temp\@3A.tmp
    [DETECTION] Is the TR/Spy.Ardamax.J Trojan
    [NOTE]      The file was deleted!
C:\Deckard\System Scanner\backup\DOCUME~1\CHARLE~1\LOCALS~1\Temp\@3C.tmp
    [DETECTION] Is the TR/Spy.Ardamax.J Trojan
    [NOTE]      The file was deleted!
C:\Deckard\System Scanner\backup\DOCUME~1\CHARLE~1\LOCALS~1\Temp\@3E.tmp
    [DETECTION] Is the TR/Spy.Ardamax.J Trojan
    [NOTE]      The file was deleted!
C:\Deckard\System Scanner\backup\DOCUME~1\CHARLE~1\LOCALS~1\Temp\@4.tmp
    [DETECTION] Is the TR/Spy.Ardamax.J Trojan
    [NOTE]      The file was deleted!
C:\Deckard\System Scanner\backup\DOCUME~1\CHARLE~1\LOCALS~1\Temp\@40.tmp
    [DETECTION] Is the TR/Spy.Ardamax.J Trojan
    [NOTE]      The file was deleted!
C:\Deckard\System Scanner\backup\DOCUME~1\CHARLE~1\LOCALS~1\Temp\@42.tmp
    [DETECTION] Is the TR/Spy.Ardamax.J Trojan
    [NOTE]      The file was deleted!
C:\Deckard\System Scanner\backup\DOCUME~1\CHARLE~1\LOCALS~1\Temp\@44.tmp
    [DETECTION] Is the TR/Spy.Ardamax.J Trojan
    [NOTE]      The file was deleted!
C:\Deckard\System Scanner\backup\DOCUME~1\CHARLE~1\LOCALS~1\Temp\@46.tmp
    [DETECTION] Is the TR/Spy.Ardamax.J Trojan
    [NOTE]      The file was deleted!
C:\Documents and Settings\Charles Justin\Desktop\booter.rar
   
  • Archive type: RAR

    --> booter.EXE
      [DETECTION] Contains recognition pattern of the DR/VB.dhb.1 dropper
    [NOTE]      The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\Config\csrss.exe.vir
    [DETECTION] Is the TR/Agent.141606.B Trojan
    [NOTE]      The file was deleted!
C:\System Volume Information\_restore{04D86DE6-B572-452B-92B3-2ED97D6FF192}\RP60\A0012736.exe
    [DETECTION] Is the TR/Spy.Ardamax.J Trojan
    [NOTE]      The file was deleted!
C:\System Volume Information\_restore{04D86DE6-B572-452B-92B3-2ED97D6FF192}\RP65\A0013379.exe
    [DETECTION] Is the TR/Spy.Ardamax.J Trojan
    [NOTE]      The file was deleted!
C:\System Volume Information\_restore{04D86DE6-B572-452B-92B3-2ED97D6FF192}\RP86\A0025255.EXE
    [DETECTION] Is the TR/Agent.141606.B Trojan
    [NOTE]      The file was deleted!
C:\System Volume Information\_restore{04D86DE6-B572-452B-92B3-2ED97D6FF192}\RP86\A0025262.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.688128.2 back-door program
    [NOTE]      The file was deleted!
C:\System Volume Information\_restore{04D86DE6-B572-452B-92B3-2ED97D6FF192}\RP86\A0025263.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Poison.CPD back-door program
    [NOTE]      The file was deleted!
C:\System Volume Information\_restore{04D86DE6-B572-452B-92B3-2ED97D6FF192}\RP86\A0025264.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Poison.CPD back-door program
    [NOTE]      The file was deleted!
C:\System Volume Information\_restore{04D86DE6-B572-452B-92B3-2ED97D6FF192}\RP97\A0030040.exe
    [DETECTION] Is the TR/Agent.141606.B Trojan
    [NOTE]      The file was deleted!
C:\System Volume Information\_restore{04D86DE6-B572-452B-92B3-2ED97D6FF192}\RP98\A0030180.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.688128.2 back-door program
    [NOTE]      The file was deleted!
C:\WINDOWS\system32\Mswinxs29.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Poison.CPD back-door program
    [NOTE]      The file was deleted!


End of the scan: Tuesday, September 23, 2008  21:54
Used time: 36:30 Minute(s)

The scan has been done completely.

   7886 Scanning directories
 307296 Files were scanned
     25 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
     25 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
 307270 Files not concerned
   2277 Archives were scanned
      1 Warnings
     25 Notes
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Powerful PC = Freezing
« Reply #15 on: September 23, 2008, 08:31:28 AM »
Can you run one more tool please
I want to double check that a file was removed

Download [color=\"blue\"]OTMoveIt2.exe[/color] by OldTimer:
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the entries below in Blue to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):

    ================================================

    [color=\"#0000FF\"]HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66fe57e0-8724-11dd-b7c7-001d60d855e0}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2D539AD7-9538-7C9B-1A95-8FFC06429141}
    C:\WINDOWS\system32\Mswinxs29
    C:\WINDOWS\system32\aplib.dll[/color]


    ======================================================
  • Return to OTMoveIt2, right-click on the "Paste List of Files/Folders to be Moved" window  and choose "Paste".
  • Click the red "[color=\"red\"]MoveIt![/color]" button.
  • Close OTMoveIt when it has completed.
[color=\"red\"]Note[/color]:  If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log <-indicates date_time of log

Post that log please along with a fresh hijackthis log
Let me know how things are now running
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline treasurechest

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
Powerful PC = Freezing
« Reply #16 on: September 23, 2008, 05:31:45 PM »
< HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr >
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr not found.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66fe57e0-8724-11dd-b7c7-001d60d855e0} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66fe57e0-8724-11dd-b7c7-001d60d855e0}\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2D539AD7-9538-7C9B-1A95-8FFC06429141} >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2D539AD7-9538-7C9B-1A95-8FFC06429141}\\ deleted successfully.
C:\WINDOWS\system32\Mswinxs29 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\aplib.dll
C:\WINDOWS\system32\aplib.dll NOT unregistered.
C:\WINDOWS\system32\aplib.dll moved successfully.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09242008_072950


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:30:54 AM, on 9/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Documents and Settings\All Users\Application Data\GarenaCIG\GarenaCIG.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [EPSON Stylus T10 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE /FU "C:\DOCUME~1\CHARLE~1\LOCALS~1\Temp\E_S4.tmp" /EF "HKCU"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Fortres Security Runtime (fsrt) - Unknown owner - C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FSRT.EXE (file missing)
O23 - Service: Garena Cafe System Information Collector (GarenaCIG) - Unknown owner - C:\Documents and Settings\All Users\Application Data\GarenaCIG\GarenaCIG.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandboxie Service (SbieSvc) - Unknown owner - C:\Program Files\Sandboxie\SbieSvc.exe (file missing)

--
End of file - 8736 bytes
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Powerful PC = Freezing
« Reply #17 on: September 23, 2008, 11:35:25 PM »
You forgot to answer my last request
Quote
Let me know how things are now running
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline treasurechest

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
Powerful PC = Freezing
« Reply #18 on: September 24, 2008, 05:13:19 AM »
[quote name=\'guestolo\' post=\'443411\' date=\'Sep 24 2008, 12:07 AM\']You forgot to answer my last request[/quote]
sorry,

uhm all good.. haven't experienced the freezing thing for a while now.
still lagging in Microsoft PowerPoint 2007
Logged

Offline treasurechest

  • Jr. Member
  • **
  • Posts: 54
  • Karma: +0/-0
    • View Profile
Powerful PC = Freezing
« Reply #19 on: September 24, 2008, 08:15:52 AM »
PC is running smooth as usual =) thanks sir.

the only problem is the PowerPoint2007 lagging . well ill just use powerpoint 2003 i guess
Logged
Pages: [1] 2
« previous next »