1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

hijackthis log

Discussion in 'Malware and Virus Removal Archive' started by razrback, 2007/10/19.

  1. 2007/10/19
    razrback

    razrback Inactive Thread Starter

    Joined:
    2007/10/19
    Messages:
    2
    Likes Received:
    0
    I am posting my log file from hijack this. I am a beginner so I am not sure which ones to check. I use Windows 2000 and my computer is really slow. Thanks in advance for any help you can give me.

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 12:56:34 PM, on 10/19/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINNT\avgagent.exe
    C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\hkcmd.exe
    C:\WINNT\tppaldr.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\WINNT\System32\DLA\DLACTRLW.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\DOCUME~1\WSEWAR~1.DOC\LOCALS~1\Temp\JobMonitor\JobMonitor.exe
    C:\Documents and Settings\wseward.DOCSOLUTIONS\Desktop\HiJackThis_v2.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\tppaldr.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe "
    O4 - HKLM\..\Run: [DLA] C:\WINNT\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [EFI Job Monitor] C:\WINNT\system32\rundll32.exe C:\WINNT\system32\spool\DRIVERS\W32X86\3\efjm.dll,run
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
    O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DOCUMENTSOLUTIONS.COM
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4E59FE9F-6A61-4F30-97A9-16CE6FAD8C71}: NameServer = 205.152.132.23,205.152.37.23
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = DOCUMENTSOLUTIONS.COM
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = DOCUMENTSOLUTIONS.COM
    O20 - Winlogon Notify: avgwlntf - C:\WINNT\SYSTEM32\avgwlntf.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll
    O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Remote Support Service (AvgAgent) (avgagent) - Unknown owner - avgagent.exe (file missing)
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    O24 - Desktop Component 0: (no name) - (no file)

    --
    End of file - 6373 bytes
     
    razrback,
    #1
  2. 2007/10/20
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS razrback :)

    Lets use another tool that will give us a closer look at a few things.

    Note: You must be logged onto an account with administrator privileges to complete the following.

    Download Deckard's System Scanner (dss.exe) to your desktop.
    • Close all applications and windows.
    • Double click on dss.exe to run it and follow the prompts.
    • When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.
    Post the contents of main.txt only for now.
     
    noahdfear,
    #2


  3. to hide this advert.

  4. 2007/10/22
    razrback

    razrback Inactive Thread Starter

    Joined:
    2007/10/19
    Messages:
    2
    Likes Received:
    0
    here is Deckard's Main log

    Deckard's System Scanner v20071014.68
    Run by wseward on 2007-10-22 14:51:38
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    Backed up registry hives.
    Performed disk cleanup.

    Total Physical Memory: 254 MiB (256 MiB recommended).


    -- HijackThis Clone ------------------------------------------------------------


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2007-10-22 14:57:45
    Platform: Windows 2000 Service Pack 4 (5.00.2195)
    MSIE: Internet Explorer (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\SYSTEM32\SMSS.EXE
    C:\WINNT\SYSTEM32\WINLOGON.EXE
    C:\WINNT\SYSTEM32\SERVICES.EXE
    C:\WINNT\SYSTEM32\LSASS.EXE
    C:\WINNT\SYSTEM32\SVCHOST.EXE
    C:\WINNT\SYSTEM32\spoolsv.exe
    C:\Program Files\intel\ASF Agent\ASFAgent.exe
    C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    C:\WINNT\avgagent.exe
    C:\Program Files\Grisoft\AVG7\avgrssvc.exe
    C:\Program Files\Grisoft\AVG7\avgrssvc.exe
    C:\Program Files\Grisoft\AVG7\avgemc.exe
    C:\WINNT\SYSTEM32\SVCHOST.EXE
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\Grisoft\AVG7\avgrssvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINNT\SYSTEM32\regsvc.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\WINNT\SYSTEM32\mstask.exe
    C:\Program Files\RealVNC\VNC4\winvnc4.exe
    C:\WINNT\SYSTEM32\SVCHOST.EXE
    C:\WINNT\explorer.exe
    C:\WINNT\SYSTEM32\hkcmd.exe
    C:\WINNT\Tppaldr.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\WINNT\SYSTEM32\DLA\DLACTRLW.EXE
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\WINNT\SYSTEM32\WBEM\WinMgmt.exe
    C:\WINNT\SYSTEM32\CTFMON.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\DOCUME~1\WSEWAR~1.DOC\LOCALS~1\Temp\JobMonitor\JobMonitor.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Documents and Settings\wseward.DOCSOLUTIONS\Desktop\dss.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\tppaldr.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe "
    O4 - HKLM\..\Run: [DLA] C:\WINNT\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [EFI Job Monitor] C:\WINNT\system32\rundll32.exe C:\WINNT\system32\spool\DRIVERS\W32X86\3\efjm.dll,run
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
    O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O16 - DPF: {31564D57-0000-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/wmvax.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38272.3719328704
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{4E59FE9F-6A61-4F30-97A9-16CE6FAD8C71}: NameServer = 205.152.132.23,205.152.37.23
    O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = DOCUMENTSOLUTIONS.COM
    O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: Domain = DOCUMENTSOLUTIONS.COM
    O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = DOCUMENTSOLUTIONS.COM
    O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
    O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
    O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
    O20 - Winlogon Notify: avgwlntf - C:\WINNT\system32\avgwlntf.dll
    O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\intel\ASF Agent\ASFAgent.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Remote Support Service (AvgAgent) (avgagent) - GRISOFT, s.r.o. - C:\WINNT\avgagent.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\SYSTEM32\dmadmin.exe
    O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\SYSTEM32\NMSSvc.Exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\winvnc4.exe
    O24 - Desktop Component 0: -

    --
    End of file - 7648 bytes

    -- HijackThis Fixed Entries (C:\Documents and Settings\wseward.DOCSOLUTIONS\Desktop\backups\) --------------------------------------------------------------------------------

    backup-20071019-124549-117 O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\System32\DLA\DLASHX_W.DLL
    backup-20071019-124549-153 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    backup-20071019-124549-325 O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    backup-20071019-124549-678 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    backup-20071019-124549-713 O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    backup-20071019-124549-890 O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 omci (OMCI WDM Device Driver) - c:\winnt\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
    R2 NetAlrt - c:\winnt\system32\drivers\netalrt.sys <Not Verified; Intel Corporation; Intel Alert on LAN® 2>
    R2 Parclass - c:\winnt\system32\drivers\parclass.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT(TM) Operating System>
    R2 PlatAlrt - c:\winnt\system32\drivers\platalrt.sys <Not Verified; Intel Corporation; Intel Alert on LAN® 2>
    R2 Sentinel - c:\winnt\system32\drivers\sentinel.sys
    R3 BicWdm (BIC device driver) - c:\winnt\system32\drivers\bicwdm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
    R3 pfc (Padus ASPI Shell) - c:\winnt\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

    S3 Dot4Print (Print Class Driver for IEEE-1284.4 hpoipr07) - c:\winnt\system32\drivers\hpoipr07.sys (file missing)
    S3 DVXUSBKS (DVXCEL Streaming Class Driver) - c:\winnt\system32\drivers\dvxusbks.sys <Not Verified; Dazzle Multimedia; DVXCEL Streaming Class Driver>
    S3 DVXUSBLD - c:\winnt\system32\drivers\dvxusbld.sys <Not Verified; Dazzle Multimedia; DVXCEL Loader Driver>
    S3 hpoid407 (IEEE-1284.4 Driver hpoid407) - c:\winnt\system32\drivers\hpoid407.sys <Not Verified; HP; HP Dot4 Windows 2000>
    S3 hpoius07 (USB to IEEE-1284.4 Translation Driver hpoius07) - c:\winnt\system32\drivers\hpoius07.sys <Not Verified; HP; HP Dot4Usb Windows 2000>
    S3 NMSCFG (NIC Management Service Configuration Driver) - c:\winnt\system32\drivers\nmscfg.sys <Not Verified; Intel Corporation; Intel(R) NMSCFG Driver>
    S3 SbcpHid - c:\winnt\system32\drivers\sbcphid.sys
    S3 TPPFX (Memorex External Drive 98SE USB 2.0 Drivers Setup) - c:\winnt\system32\drivers\tppfx.sys <Not Verified; Cypress Semiconductor; TPP Storage Adapter>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 ASFAgent (ASF Agent) - c:\program files\intel\asf agent\asfagent.exe <Not Verified; Intel Corporation; Intel® PRO Alerting Suite ASF 1.0 Compatible>
    R2 Iap - c:\program files\dell\openmanage\client\iap.exe <Not Verified; Dell Computer Corporation; OpenManage Client Instrumentation>
    R2 WinVNC4 (VNC Server Version 4) - "c:\program files\realvnc\vnc4\winvnc4.exe" -service <Not Verified; RealVNC Ltd.; VNC Server 4.0>

    S3 NMSSvc (Intel(R) NMS) - c:\winnt\system32\nmssvc.exe <Not Verified; Intel Corporation; NMS>
    S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Files created between 2007-09-22 and 2007-10-22 -----------------------------

    2007-10-18 11:05:34 0 d-------- C:\color canon 4080 print drivers
    2007-10-13 09:20:35 0 dr-h----- C:\$VAULT$.AVG
    2007-10-13 09:19:32 5279759 -----n--- C:\AVG7QT.DAT
    2007-10-12 15:04:53 0 d-------- C:\Documents and Settings\wseward.DOCSOLUTIONS\Application Data\AVG7
    2007-10-12 15:02:46 0 d-------- C:\Documents and Settings\Default User\Application Data\AVG7
    2007-10-12 15:01:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-10-12 15:01:54 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7


    -- Find3M Report ---------------------------------------------------------------

    2007-10-22 11:05:52 0 d-------- C:\Documents and Settings\wseward.DOCSOLUTIONS\Application Data\AdobeUM
    2007-10-18 13:57:12 0 d-------- C:\Program Files\DesignPro
    2007-10-12 13:54:52 0 d-------- C:\Program Files\Symantec
    2007-10-12 13:54:52 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2007-09-06 14:39:20 0 d-------- C:\Program Files\Kodak
    2007-08-24 09:54:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-08-22 15:54:04 0 d-------- C:\Documents and Settings\wseward.DOCSOLUTIONS\Application Data\PEERNET
    2007-08-22 15:53:32 0 d-------- C:\Program Files\TIFF Image Printer 7.0
    2007-08-22 15:45:09 0 --a------ C:\WINNT\system32\PNTIF6


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager "= "mobsync.exe" [06/19/03 02:05p C:\WINNT\SYSTEM32\mobsync.exe]
    "IgfxTray "= "C:\WINNT\system32\igfxtray.exe" [02/10/04 11:55a]
    "HotKeysCmds "= "C:\WINNT\system32\hkcmd.exe" [02/10/04 11:51a]
    "TPP Auto Loader "= "C:\WINNT\tppaldr.exe" [06/24/02 11:20a]
    "NWEReboot "=" " []
    "ISUSPM Startup "= "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [09/11/06 04:40a]
    "ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [09/11/06 04:40a]
    "@ "=" " []
    "RoxWatchTray "= "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [04/09/07 07:50p]
    "DLA "= "C:\WINNT\System32\DLA\DLACTRLW.EXE" [11/06/06 05:20a]
    "AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [10/12/07 03:25p]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EFI Job Monitor "=" C:\WINNT\system32\spool\DRIVERS\W32X86\3\efjm.dll,run" []
    "ctfmon.exe "= "ctfmon.exe" [02/20/01 02:09p C:\WINNT\SYSTEM32\CTFMON.EXE]
    "WizDir30 "=" " []
    "ISUSPM "= "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [09/11/06 04:40a]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "^SetupICWDesktop "=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "internat.exe "=internat.exe

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [10/23/2003 11:37:56 PM]
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [10/25/2005 3:20:59 PM]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} "= C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
    avgwlntf.dll 10/12/07 03:02p 9216 C:\WINNT\SYSTEM32\avgwlntf.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
    @= "Driver "




    -- End of Deckard's System Scanner: finished at 2007-10-22 14:58:57 ------------
     
    razrback,
    #3
  5. 2007/10/22
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    I see nothing in those logs to suggest an infection as the cause of sluggishness. I would recommend you do some cleanup first.

    Download ATF Cleaner by Atribune and save it to your Desktop.
    • Double click ATF-Cleaner.exe to run the program.
    • Check the boxes to the left of:

      • Windows Temp
      • Current User Temp
      • All Users Temp
      • Temporary Internet Files
      • Prefetch
      • Java Cache
      • Recycle bin

    • The rest are optional - if you want it to remove everything check "Select All ".
    • Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.
    Reboot

    Open My Computer and right click Local Disk C: then select Properties. Click Disk Cleanup. When the options dialog populates, select all boxes and click OK.

    Have you cleaned the dust from inside the case with compressed air? It will generally buildup on the fan blades, CPU heatsink, air intake vents, etc. That can cause high temp environments which can in turn decrease performance.

    **Make sure you do not allow fans to spin under compressed air blast**

    If the above doesn't help, you might try disabling some of the startup programs to see if one or more are culprit. Easiest way to do that is with Mike Lin's Sartup Control Panel. You can figure out which startups do what, and the most general recommended action for them by searching google for the exe name. You can also identify most startups from Pacman's startup list. If in doubt about anything, you can always ask here.
     
    noahdfear,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...