1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Sluggish processing and some crashing

Discussion in 'Malware and Virus Removal Archive' started by Gideon, 2007/11/28.

Page 1 of 2
  1. 2007/11/28
    Gideon

    Gideon Inactive Thread Starter

    Joined:
    2006/08/23
    Messages:
    175
    Likes Received:
    0
    I can't seem to scan with any program I use. Scans will stop and ask if I want to send an error report. I would like to get a full scan and find the problem.
     
    Gideon,
    #1
  2. 2007/11/28
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    What scans are you referring too? Have you tried running the scans in safe mode?
     
    noahdfear,
    #2


  3. to hide this advert.

  4. 2007/11/28
    Gideon

    Gideon Inactive Thread Starter

    Joined:
    2006/08/23
    Messages:
    175
    Likes Received:
    0
    OK so... I have been using Avast antivirus to scan. I also used the links suggested in your previus post I believe it was etrust, I have also used the scan from Microtrend. It will still freeze up and not complete the scans.

    also upon using adaware the warning administrator prevents instilation pops up.
     
    Last edited: 2007/11/28
    Gideon,
    #3
  5. 2007/11/28
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    OK, antivirus scans. Try safe mode. If still no luck, we should probably take a closer look at things. My suggestion would then be to post a Deckard's main.txt log. Instructions and links available here.
     
    noahdfear,
    #4
  6. 2007/11/28
    Gideon

    Gideon Inactive Thread Starter

    Joined:
    2006/08/23
    Messages:
    175
    Likes Received:
    0
    I should have mentioned all these things were done in safe mode... Moving on to next step.
     
    Gideon,
    #5
  7. 2007/11/28
    Gideon

    Gideon Inactive Thread Starter

    Joined:
    2006/08/23
    Messages:
    175
    Likes Received:
    0
    Deckard log

    Deckard's System Scanner v20071014.68
    Run by Gideon on 2007-11-28 23:14:35
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    106: 2007-11-29 07:14:47 UTC - RP326 - Deckard's System Scanner Restore Point
    105: 2007-11-29 00:01:45 UTC - RP325 - Software Distribution Service 3.0
    104: 2007-11-28 23:23:48 UTC - RP324 - Software Distribution Service 3.0
    103: 2007-11-28 19:31:30 UTC - RP323 - Installed Battlefield 2142 Update v1.40
    102: 2007-11-28 06:22:09 UTC - RP322 - Installed DirectX


    -- First Restore Point --
    1: 2007-09-01 06:59:42 UTC - RP221 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis Clone ------------------------------------------------------------


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2007-11-28 23:16:22
    Platform: Windows XP Service Pack 2 (5.01.2600)
    MSIE: Internet Explorer (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    C:\Program Files\Saitek\Software\ProfilerU.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\Documents and Settings\Gideon\Desktop\dss.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\alg.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downl...-495c-b89f-c1c34c691085/LegitCheckControl.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} () - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4-5.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - (no file)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe


    --
    End of file - 7346 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 ABIT-IO - c:\windows\system32\drivers\abit-io.sys
    R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
    R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
    R3 SaiMini - c:\windows\system32\drivers\saimini.sys <Not Verified; Saitek; Configuration Software>
    R3 SaiNtBus - c:\windows\system32\drivers\saibus.sys <Not Verified; Saitek; Configuration Software>

    S3 DELTAFW (Service for M-Audio FW Driver (WDM)) - c:\windows\system32\drivers\deltafw.sys <Not Verified; Midiman/M-Audio; M-Audio Delta FW WDM Driver>
    S3 Fadpu16E - c:\docume~1\gideon\locals~1\temp\fadpu16e.sys (file missing)
    S3 MA_CMIDI (M-Audio USB Driver) - c:\windows\system32\drivers\ma_cmidi.sys (file missing)
    S3 UKS11LDR (M-Audio USB Keystation Loader) - c:\windows\system32\drivers\uks11ldr.sys (file missing)
    S3 USBKT1X1 (M-Audio USB Keystation) - c:\windows\system32\drivers\usbkt1x1.sys <Not Verified; Doug Fetter Software Wizardry; Midiman USB Keystation Midi Interface>
    S3 WUSB54GPV4SRV (Linksys Home Wireless-G USB Adaptor Driver) - c:\windows\system32\drivers\rt2500usb.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module>
    R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
    R2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Files created between 2007-10-28 and 2007-11-28 -----------------------------

    2007-11-28 22:46:08 0 d-------- C:\Documents and Settings\Gideon\Application Data\Uniblue
    2007-11-28 17:53:20 0 d-------- C:\Documents and Settings\Gideon\.housecall6.6
    2007-11-27 13:30:17 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
    2007-11-27 12:54:37 0 d-------- C:\Program Files\SystemRequirementsLab
    2007-11-26 22:01:40 0 dr-h----- C:\Documents and Settings\Gideon\Application Data\SecuROM
    2007-11-26 21:54:57 0 d-------- C:\Program Files\GameSpy
    2007-11-26 21:52:44 669184 --a------ C:\WINDOWS\system32\pbsvc.exe
    2007-11-26 15:38:33 0 d-------- C:\WINDOWS\SxsCaPendDel
    2007-11-19 20:46:46 0 d-------- C:\Documents and Settings\Gideon\Application Data\Corel
    2007-11-19 20:44:55 0 d-------- C:\Program Files\WordPerfect Mail
    2007-11-19 20:44:38 0 d-------- C:\Program Files\WordPerfect Office X3
    2007-11-19 20:44:38 0 d-------- C:\Program Files\Common Files\Corel
    2007-11-19 20:44:38 0 d-------- C:\Program Files\Common Files\Borland Shared
    2007-11-19 20:44:38 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Borland
    2007-11-19 20:44:37 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Corel
    2007-11-19 19:35:18 3452 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
    2007-11-19 19:35:18 88 -r-hs---- C:\WINDOWS\system32\47F0EAAE47.sys
    2007-11-06 20:17:43 0 d-------- C:\Program Files\Activision


    -- Find3M Report ---------------------------------------------------------------

    2007-11-28 23:00:21 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-28 11:31:02 0 d-------- C:\Documents and Settings\Gideon\Application Data\IGN_DLM
    2007-11-27 22:13:13 0 d-------- C:\Program Files\Lx_cats
    2007-11-27 13:51:14 0 d-------- C:\Program Files\Electronic Arts
    2007-11-27 13:42:41 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-11-27 13:42:39 0 d-------- C:\Program Files\UBISOFT
    2007-11-27 13:42:04 0 d-------- C:\Program Files\Native Instruments
    2007-11-27 13:30:18 0 d-------- C:\Program Files\Realtek
    2007-11-19 20:44:38 0 d-------- C:\Program Files\Common Files
    2007-10-04 23:27:39 233472 --a------ C:\WINDOWS\system32\REX Shared Library.dll <Not Verified; Propellerhead Software AB; REX SDK>
    2007-10-04 23:27:39 368640 --a------ C:\WINDOWS\system32\ReWire.dll <Not Verified; Propellerhead Software AB; ReWire>
    2007-10-04 17:14:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
    2007-10-04 17:14:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
    2007-10-04 17:14:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
    2007-10-04 17:14:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
    2007-10-04 17:14:00 1478656 --a------ C:\WINDOWS\system32\nview.dll
    2007-10-04 17:14:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
    2007-10-04 17:14:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
    2007-10-04 17:14:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
    2007-08-30 08:15:24 664 --a------ C:\WINDOWS\system32\d3d9caps.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [10/04/2007 05:14 PM]
    "nwiz "= "nwiz.exe" [10/04/2007 05:14 PM C:\WINDOWS\system32\nwiz.exe]
    "Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [01/23/2007 02:44 PM C:\WINDOWS\KHALMNPR.Exe]
    "Logitech Hardware Abstraction Layer "= "KHALMNPR.EXE" [01/23/2007 02:44 PM C:\WINDOWS\KHALMNPR.Exe]
    "LXCGCATS "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [07/20/2005 12:48 PM]
    "NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [10/04/2007 05:14 PM]
    "Alcmtr "= "ALCMTR.EXE" [05/03/2005 06:43 PM C:\WINDOWS\Alcmtr.exe]
    "Profiler "= "C:\Program Files\Saitek\Software\ProfilerU.exe" [08/30/2005 02:05 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]
    "Uniblue RegistryBooster 2 "= "C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

    C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [3/21/2007 3:01:55 PM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "System "= "kdlox.exe "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup "




    -- End of Deckard's System Scanner: finished at 2007-11-28 23:18:41 ------------
     
    Gideon,
    #6
  8. 2007/11/28
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Highlight and copy the bolded command below.

    sc stop Fadpu16E

    Click Start>Run and paste the command on the run box then hit enter. Then do the next command.

    sc delete Fadpu16E


    Highlight and copy the contents of the quote box below to a blank notepad. Save it to the desktop as;

    Filename: fix.reg
    Save as type: All Files (*.*)

    Double click fix.reg and allow it to merge with the registry.

    Download ATF Cleaner by Atribune and save it to your Desktop.
    • Double click ATF-Cleaner.exe to run the program.
    • Check the boxes to the left of:

      • Windows Temp
      • Current User Temp
      • All Users Temp
      • Temporary Internet Files
      • Prefetch
      • Java Cache
      • Recycle bin

    • The rest are optional - if you want it to remove everything check "Select All ".
    • Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.
    Reboot

    Try to run another scan. If it stalls again, post a new dss log please.
     
    noahdfear,
    #7
  9. 2007/11/29
    Gideon

    Gideon Inactive Thread Starter

    Joined:
    2006/08/23
    Messages:
    175
    Likes Received:
    0
    Scan failed new dss log

    Ok... I competed all of the steps and the scan failed again. It stops at this file every time....

    (C:\Documents and Settings\HP.Administrator\LocalSettings\Temp\Temporary Directory 1 for Aniutil.Zip\Aniutil.exe)

    Here is the new dss log.


    Deckard's System Scanner v20071014.68
    Run by Gideon on 2007-11-29 00:47:26
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Gideon.exe) ----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:48:01 AM, on 11/29/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Saitek\Software\ProfilerU.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\Documents and Settings\Gideon\Desktop\dss.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Gideon.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4-5.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/securityadvisor/virusinfo/webscan.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

    --
    End of file - 6300 bytes

    -- Files created between 2007-10-29 and 2007-11-29 -----------------------------

    2007-11-29 00:47:50 0 d-------- C:\Program Files\Trend Micro
    2007-11-29 00:21:12 0 d-------- C:\WINDOWS\LastGood
    2007-11-28 22:46:08 0 d-------- C:\Documents and Settings\Gideon\Application Data\Uniblue
    2007-11-28 17:53:20 0 d-------- C:\Documents and Settings\Gideon\.housecall6.6
    2007-11-27 13:30:17 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
    2007-11-27 12:54:37 0 d-------- C:\Program Files\SystemRequirementsLab
    2007-11-26 22:01:40 0 dr-h----- C:\Documents and Settings\Gideon\Application Data\SecuROM
    2007-11-26 21:54:57 0 d-------- C:\Program Files\GameSpy
    2007-11-26 21:52:44 669184 --a------ C:\WINDOWS\system32\pbsvc.exe
    2007-11-26 15:38:33 0 d-------- C:\WINDOWS\SxsCaPendDel
    2007-11-19 20:46:46 0 d-------- C:\Documents and Settings\Gideon\Application Data\Corel
    2007-11-19 20:44:55 0 d-------- C:\Program Files\WordPerfect Mail
    2007-11-19 20:44:38 0 d-------- C:\Program Files\WordPerfect Office X3
    2007-11-19 20:44:38 0 d-------- C:\Program Files\Common Files\Corel
    2007-11-19 20:44:38 0 d-------- C:\Program Files\Common Files\Borland Shared
    2007-11-19 20:44:38 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Borland
    2007-11-19 20:44:37 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Corel
    2007-11-19 19:35:18 3452 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
    2007-11-19 19:35:18 88 -r-hs---- C:\WINDOWS\system32\47F0EAAE47.sys
    2007-11-06 20:17:43 0 d-------- C:\Program Files\Activision


    -- Find3M Report ---------------------------------------------------------------

    2007-11-28 23:00:21 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-28 11:31:02 0 d-------- C:\Documents and Settings\Gideon\Application Data\IGN_DLM
    2007-11-27 22:13:13 0 d-------- C:\Program Files\Lx_cats
    2007-11-27 13:51:14 0 d-------- C:\Program Files\Electronic Arts
    2007-11-27 13:42:41 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-11-27 13:42:39 0 d-------- C:\Program Files\UBISOFT
    2007-11-27 13:42:04 0 d-------- C:\Program Files\Native Instruments
    2007-11-27 13:30:18 0 d-------- C:\Program Files\Realtek
    2007-11-19 20:44:38 0 d-------- C:\Program Files\Common Files
    2007-10-04 23:27:39 233472 --a------ C:\WINDOWS\system32\REX Shared Library.dll <Not Verified; Propellerhead Software AB; REX SDK>
    2007-10-04 23:27:39 368640 --a------ C:\WINDOWS\system32\ReWire.dll <Not Verified; Propellerhead Software AB; ReWire>
    2007-10-04 17:14:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
    2007-10-04 17:14:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
    2007-10-04 17:14:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
    2007-10-04 17:14:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
    2007-10-04 17:14:00 1478656 --a------ C:\WINDOWS\system32\nview.dll
    2007-10-04 17:14:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
    2007-10-04 17:14:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
    2007-10-04 17:14:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
    2007-08-30 08:15:24 664 --a------ C:\WINDOWS\system32\d3d9caps.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [10/04/2007 05:14 PM]
    "nwiz "= "nwiz.exe" [10/04/2007 05:14 PM C:\WINDOWS\system32\nwiz.exe]
    "Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [01/23/2007 02:44 PM C:\WINDOWS\KHALMNPR.Exe]
    "Logitech Hardware Abstraction Layer "= "KHALMNPR.EXE" [01/23/2007 02:44 PM C:\WINDOWS\KHALMNPR.Exe]
    "LXCGCATS "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [07/20/2005 12:48 PM]
    "NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [10/04/2007 05:14 PM]
    "Alcmtr "= "ALCMTR.EXE" [05/03/2005 06:43 PM C:\WINDOWS\Alcmtr.exe]
    "Profiler "= "C:\Program Files\Saitek\Software\ProfilerU.exe" [08/30/2005 02:05 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]
    "Uniblue RegistryBooster 2 "= "C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

    C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [3/21/2007 3:01:55 PM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "System "= "kdlox.exe "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup "




    -- End of Deckard's System Scanner: finished at 2007-11-29 00:48:44 ------------
     
    Gideon,
    #8
  10. 2007/11/29
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Highlight and copy the contents of the quote box below to a blank notepad. Save it to the desktop as;

    Filename: check.bat
    Save as type: All Files (*.*)

    Double click check.bat to run it. It will open check.txt when it completes. Please post it's contents if anything is listed.

    Try your antivirus scan again.
     
    noahdfear,
    #9
  11. 2007/11/29
    Gideon

    Gideon Inactive Thread Starter

    Joined:
    2006/08/23
    Messages:
    175
    Likes Received:
    0
    check.txt

    Volume in drive C is MASTER 320
    Volume Serial Number is 7425-B19B


    Will run scan now.
     
    Gideon,
    #10
  12. 2007/11/29
    Gideon

    Gideon Inactive Thread Starter

    Joined:
    2006/08/23
    Messages:
    175
    Likes Received:
    0
    Scanned again

    Same result... stopped at (C:\Documents and Settings\HP.Administrator\LocalSettings\Temp\Temporary Directory 1 for Aniutil.Zip\Aniutil.exe)
     
    Gideon,
    #11
  13. 2007/11/29
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Reboot to safe mode and logon to the Administrator account. Click Start>Run and type %temp% then hit enter. Click Edit on the menu, then Select All. Click File, then Delete. Run the scan again.
     
    noahdfear,
    #12
  14. 2007/11/29
    Gideon

    Gideon Inactive Thread Starter

    Joined:
    2006/08/23
    Messages:
    175
    Likes Received:
    0
    Nothing to delete

    I completed the steps all the way to "click file then delete" It appears that there is nothing to delete. I couldn't scan either.
     
    Gideon,
    #13
  15. 2007/11/29
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Did the folder appear empty?

    Please review the instructions for showing hidden files and folders, as well as system files. Logon to the Admin acct in safe mode again. Set Windows to show hidden and system, then repeat the above procedure.


    What are the folder names within C:\Documents and Settings?
     
    noahdfear,
    #14
  16. 2007/11/30
    Gideon

    Gideon Inactive Thread Starter

    Joined:
    2006/08/23
    Messages:
    175
    Likes Received:
    0
    Hidden files are checked

    I have completed the tasks ie: showing hidden files. In normal mode files appear when running %temp% in safe mode they do not. The folders appear to be language folders with no program to open them with. ex: Arabc.bin, Czech.bin ect.... Should I delete these?
     
    Gideon,
    #15
  17. 2007/11/30
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Yes. Delete everything in the temp folder.

    I can only suspect that the HP.Administrator is not the Administrator account ..... which is why I asked for the folder contents of C:\Documents and Settings
     
    noahdfear,
    #16
  18. 2007/11/30
    Gideon

    Gideon Inactive Thread Starter

    Joined:
    2006/08/23
    Messages:
    175
    Likes Received:
    0
    I deleted everything in the folder... How can I show you the contents of the C:\Documents and Settings folder?
     
    Gideon,
    #17
  19. 2007/12/01
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    I don't need to know if after deleting the contents of that folder your scan runs through to completion.
     
    noahdfear,
    #18
  20. 2007/12/01
    Gideon

    Gideon Inactive Thread Starter

    Joined:
    2006/08/23
    Messages:
    175
    Likes Received:
    0
    Same result... stopped at (C:\Documents and Settings\HP.Administrator\LocalSettings\Temp\Temporary Directory 1 for Aniutil.Zip\Aniutil.exe) . If I go anywhere near this folder explorer shuts down. Scan will not complete.

    BTW the folder is HP_Administrator.
     
    Gideon,
    #19
  21. 2007/12/01
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Lets do a batch for the directory listing. Delete the check.bat and check.txt files we created on the desktop.


    Highlight and copy the contents of the quote box below to a blank notepad. Save it to the desktop as;

    Filename: check.bat
    Save as type: All Files (*.*)

    Double click check.bat to run it. It will open check.txt when it completes. Please post it's contents.
     
    noahdfear,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...