1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Round 2...the Desktop...HJT log/deckards

Discussion in 'Malware and Virus Removal Archive' started by 2qwk4u, 2008/05/26.

  1. 2008/05/26
    2qwk4u

    2qwk4u Inactive Thread Starter

    Joined:
    2008/05/22
    Messages:
    24
    Likes Received:
    0
    Deckards main.txt. This computer is my daughters...and it is running as bad if not worse than my laptop was.....will you take a look at it too, please?

    Deckard's System Scanner v20071014.68
    Run by Bill on 2008-05-26 08:57:49
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    95: 2008-05-26 12:57:54 UTC - RP660 - Deckard's System Scanner Restore Point
    94: 2008-05-26 02:25:59 UTC - RP659 - System Checkpoint
    93: 2008-05-25 02:10:24 UTC - RP658 - Software Distribution Service 3.0
    92: 2008-05-24 06:03:14 UTC - RP657 - Software Distribution Service 3.0
    91: 2008-05-24 05:43:11 UTC - RP656 - Software Distribution Service 3.0


    -- First Restore Point --
    1: 2008-03-08 06:56:28 UTC - RP566 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.

    Total Physical Memory: 503 MiB (512 MiB recommended).


    -- HijackThis (run as Bill.exe) ------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:59:09 AM, on 5/26/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\COMODO\Firewall\cmdagent.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\COMODO\Firewall\cfp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Bill\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Bill.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
    O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Cait\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
    O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe (file missing)
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 7238 bytes

    -- File Associations -----------------------------------------------------------

    .reg - regfile - shell\open\command - regedit.exe "%1" %*
    .scr - scrfile - shell\open\command - "%1" %*


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
    R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft(R) ASPI Shell>

    S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
    S3 SbcpHid - c:\windows\system32\drivers\sbcphid.sys
    S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

    S2 PcCtlCom (Trend Micro Central Control Component) - c:\progra~1\trendm~1\intern~1\pcctlcom.exe (file missing)


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Intel(R) PRO/100 VE Network Connection
    Device ID: PCI\VEN_8086&DEV_1064&SUBSYS_01C41028&REV_04\4&10BD256C&0&40F0
    Manufacturer: Intel
    Name: Intel(R) PRO/100 VE Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_1064&SUBSYS_01C41028&REV_04\4&10BD256C&0&40F0
    Service: E100B


    -- Scheduled Tasks -------------------------------------------------------------

    2008-05-26 08:13:01 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
    2008-05-26 01:41:39 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


    -- Files created between 2008-04-26 and 2008-05-26 -----------------------------

    2008-05-25 15:46:06 0 d-------- C:\Documents and Settings\Tori\Application Data\Comodo
    2008-05-23 17:42:54 0 d-------- C:\Documents and Settings\Cait\Application Data\Malwarebytes
    2008-05-23 16:59:40 0 d-------- C:\Documents and Settings\Cait\Application Data\Comodo
    2008-05-23 11:09:06 0 d-------- C:\Documents and Settings\Kelli\Application Data\Comodo
    2008-05-22 14:56:43 0 d-------- C:\Documents and Settings\Bill\Application Data\Comodo
    2008-05-22 14:56:37 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
    2008-05-22 14:56:33 0 d-------- C:\Program Files\COMODO
    2008-05-22 14:51:10 0 d-------- C:\Documents and Settings\Bill\Application Data\Malwarebytes
    2008-05-22 14:51:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-22 14:51:01 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-12 07:40:41 0 d-------- C:\WINDOWS\pss


    -- Find3M Report ---------------------------------------------------------------

    2008-05-24 13:17:05 0 d-------- C:\Program Files\Dl_cats
    2008-05-23 17:32:54 0 d-------- C:\Program Files\Google
    2008-05-23 17:30:16 0 d-------- C:\Program Files\Dell
    2008-05-23 17:30:16 0 d-------- C:\Program Files\Common Files\Sonic Shared
    2008-05-23 17:26:55 0 d-------- C:\Program Files\Yahoo!
    2008-05-23 11:22:17 0 d-------- C:\Program Files\LimeWire
    2008-05-22 14:43:52 0 d-------- C:\Program Files\Trend Micro
    2008-05-20 19:47:11 0 d-------- C:\Documents and Settings\Bill\Application Data\Adobe
    2008-05-11 10:50:26 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-04-02 21:52:15 0 d-------- C:\Program Files\Sprint music manager
    2008-04-02 21:32:58 0 d-------- C:\Program Files\Samsung
    2008-03-27 12:38:20 0 d-------- C:\Program Files\AIMTunes
    2008-03-07 07:51:17 1016 --a------ C:\Documents and Settings\Bill\Application Data\wklnhst.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
    12/17/2007 12:12 PM 56360 --a------ C:\Program Files\Windows Live\Family Safety\fssbho.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DLCCCATS "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [09/14/2005 09:50 AM]
    "COMODO Firewall Pro "= "C:\Program Files\COMODO\Firewall\cfp.exe" [05/26/2008 08:55 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 06:00 AM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator "=Narrator.exe

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "swg "=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    "MySpaceIM "=C:\Program Files\MySpace\IM\MySpaceIM.exe
    "DWQueuedReporting "= "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle "=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme "=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls "= C:\WINDOWS\system32\guard32.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bill^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=C:\Documents and Settings\Bill\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    "C:\Program Files\DellSupport\DSAgnt.exe" /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
    "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
    "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    C:\WINDOWS\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
    "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    C:\WINDOWS\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    C:\WINDOWS\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    C:\WINDOWS\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Community Tools]
    "C:\Program Files\MyWebSearch\bar\2.bin\m3IMPipe.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
    C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE_OEM]
    "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
    "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regscan]
    C:\WINDOWS\system32\regscan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    "C:\Program Files\Windows Defender\MSASCui.exe" -hide


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
    AutoRun\command- E:\setup.exe




    -- End of Deckard's System Scanner: finished at 2008-05-26 08:59:44 ------------

    HJT scan:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:01:54 AM, on 5/26/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\COMODO\Firewall\cmdagent.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\COMODO\Firewall\cfp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
    O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Cait\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
    O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe (file missing)
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 7387 bytes
     
    2qwk4u,
    #1
  2. 2008/05/27
    2qwk4u

    2qwk4u Inactive Thread Starter

    Joined:
    2008/05/22
    Messages:
    24
    Likes Received:
    0
    yes, no, maybe?
     
    2qwk4u,
    #2


  3. to hide this advert.

  4. 2008/05/27
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Patience - your turn will come :) No doubt you have seen that we have only 2 analysists on the BBS - they tend to be very busy.
     
    PeteC,
    #3
  5. 2008/05/27
    2qwk4u

    2qwk4u Inactive Thread Starter

    Joined:
    2008/05/22
    Messages:
    24
    Likes Received:
    0
    no problems...I will gladly wait. Noah has done wonders with my laptop. Im just trying to get all my ducks in a row with scans and so forth. Sorry didnt mean to be pushy.


    Bill
     
    2qwk4u,
    #4
  6. 2008/05/27
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Hi Bill,

    Sorry for the wait. Lets fix the broken file associations first. Highlight and copy the bolded command below.

    "%userprofile%\desktop\dss.exe" /daft
    • Click Start>Run and paste the command in, then hit enter.
    • An interface of Deckards file association fix will open.
    • Click Scan.
    • Check the box next to the following entries, then click Fix.
      • .reg
      • .scr
    • Exit when complete.


    Next, download and run the ARIES Rootkit Remover tool according to the instructions found on that page.


    After rebooting, run another dss scan and post the main.txt log here.
     
    noahdfear,
    #5
  7. 2008/05/28
    2qwk4u

    2qwk4u Inactive Thread Starter

    Joined:
    2008/05/22
    Messages:
    24
    Likes Received:
    0
    Ok, I ran Aries, it found nothing....

    Ive rebooted, and ran dss.exe, and here are the results.....


    Deckard's System Scanner v20071014.68
    Run by Bill on 2008-05-28 07:45:52
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    Total Physical Memory: 503 MiB (512 MiB recommended).


    -- HijackThis (run as Bill.exe) ------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:45:57 AM, on 5/28/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\COMODO\Firewall\cmdagent.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\COMODO\Firewall\cfp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Bill\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Bill.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
    O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Cait\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
    O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe (file missing)
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 7355 bytes

    -- Files created between 2008-04-28 and 2008-05-28 -----------------------------

    2008-05-27 15:11:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-05-27 15:11:26 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-05-25 15:46:06 0 d-------- C:\Documents and Settings\Tori\Application Data\Comodo
    2008-05-23 17:42:54 0 d-------- C:\Documents and Settings\Cait\Application Data\Malwarebytes
    2008-05-23 16:59:40 0 d-------- C:\Documents and Settings\Cait\Application Data\Comodo
    2008-05-23 11:09:06 0 d-------- C:\Documents and Settings\Kelli\Application Data\Comodo
    2008-05-22 14:56:43 0 d-------- C:\Documents and Settings\Bill\Application Data\Comodo
    2008-05-22 14:56:37 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
    2008-05-22 14:56:33 0 d-------- C:\Program Files\COMODO
    2008-05-22 14:51:10 0 d-------- C:\Documents and Settings\Bill\Application Data\Malwarebytes
    2008-05-22 14:51:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-22 14:51:01 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-12 07:40:41 0 d-------- C:\WINDOWS\pss


    -- Find3M Report ---------------------------------------------------------------

    2008-05-24 13:17:05 0 d-------- C:\Program Files\Dl_cats
    2008-05-23 17:32:54 0 d-------- C:\Program Files\Google
    2008-05-23 17:30:16 0 d-------- C:\Program Files\Dell
    2008-05-23 17:30:16 0 d-------- C:\Program Files\Common Files\Sonic Shared
    2008-05-23 17:26:55 0 d-------- C:\Program Files\Yahoo!
    2008-05-23 11:22:17 0 d-------- C:\Program Files\LimeWire
    2008-05-22 14:43:52 0 d-------- C:\Program Files\Trend Micro
    2008-05-20 19:47:11 0 d-------- C:\Documents and Settings\Bill\Application Data\Adobe
    2008-05-11 10:50:26 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-04-02 21:52:15 0 d-------- C:\Program Files\Sprint music manager
    2008-04-02 21:32:58 0 d-------- C:\Program Files\Samsung
    2008-03-07 07:51:17 1016 --a------ C:\Documents and Settings\Bill\Application Data\wklnhst.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
    12/17/2007 12:12 PM 56360 --a------ C:\Program Files\Windows Live\Family Safety\fssbho.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DLCCCATS "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [09/14/2005 09:50 AM]
    "COMODO Firewall Pro "= "C:\Program Files\COMODO\Firewall\cfp.exe" [05/26/2008 08:55 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 06:00 AM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator "=Narrator.exe

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "swg "=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    "MySpaceIM "=C:\Program Files\MySpace\IM\MySpaceIM.exe
    "DWQueuedReporting "= "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle "=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme "=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls "= C:\WINDOWS\system32\guard32.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bill^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=C:\Documents and Settings\Bill\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    "C:\Program Files\DellSupport\DSAgnt.exe" /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
    "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
    "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    C:\WINDOWS\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
    "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    C:\WINDOWS\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    C:\WINDOWS\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    C:\WINDOWS\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Community Tools]
    "C:\Program Files\MyWebSearch\bar\2.bin\m3IMPipe.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
    C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE_OEM]
    "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
    "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regscan]
    C:\WINDOWS\system32\regscan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    "C:\Program Files\Windows Defender\MSASCui.exe" -hide


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
    AutoRun\command- E:\setup.exe




    -- End of Deckard's System Scanner: finished at 2008-05-28 07:46:27 ------------
     
    2qwk4u,
    #6
  8. 2008/05/29
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    It looks as though the service associated with the Sony rootkit (Aries) was removed. Nothing else appearing malware related in the logs, so lets get an online scan and go from there.

    Do an online scan with Kaspersky WebScanner

    Click Scan Now and Accept the agreement. You will be promted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives
        Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This will program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.

    Post the Kaspersky log here and let me know whats going on with the computer (is it sluggish? locking up? etc).
     
    noahdfear,
    #7
  9. 2008/05/30
    2qwk4u

    2qwk4u Inactive Thread Starter

    Joined:
    2008/05/22
    Messages:
    24
    Likes Received:
    0
    It takes forever....and I mean FOREVER to go anywhere or do almost anything on the internet. Its slow to load pages, its slow to search etc.

    BTW...what does this mean?

    Total Physical Memory: 503 MiB (512 MiB recommended).

    Here is the log.....

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Friday, May 30, 2008 9:32:44 AM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 30/05/2008
    Kaspersky Anti-Virus database records: 814857
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 144578
    Number of viruses found: 9
    Number of infected objects: 27
    Number of suspicious objects: 0
    Duration of the scan process: 01:31:54

    Infected Object Name / Virus Name / Last Action
    C:\Deckard\System Scanner\20080528073051\backup\DOCUME~1\Bill\LOCALS~1\Temp\Temporary Directory 1 for activmon39full.zip\amagent39.exe/file01 Infected: not-a-virus:Monitor.Win32.ActivityMonitor.391 skipped
    C:\Deckard\System Scanner\20080528073051\backup\DOCUME~1\Bill\LOCALS~1\Temp\Temporary Directory 1 for activmon39full.zip\amagent39.exe Inno: infected - 1 skipped
    C:\Deckard\System Scanner\20080528073051\backup\DOCUME~1\Bill\LOCALS~1\Temp\Temporary Directory 2 for activmon39full.zip\amagent39.exe/file01 Infected: not-a-virus:Monitor.Win32.ActivityMonitor.391 skipped
    C:\Deckard\System Scanner\20080528073051\backup\DOCUME~1\Bill\LOCALS~1\Temp\Temporary Directory 2 for activmon39full.zip\amagent39.exe Inno: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\comodo\Firewall Pro\cfplogdb.sdb Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d860224b3b943f557f23ad279349591d_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-01162008-151829.log Object is locked skipped
    C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-425f95b6-7775d8d0.zip/BnnnnBaa.class Infected: Trojan.Java.ClassLoader.as skipped
    C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-425f95b6-7775d8d0.zip/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped
    C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-425f95b6-7775d8d0.zip/Bnnnnn.class Infected: Trojan.Java.ClassLoader.as skipped
    C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-425f95b6-7775d8d0.zip ZIP: infected - 3 skipped
    C:\Documents and Settings\Bill\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Bill\Desktop\activmon39full.zip/amagent39.exe/file01 Infected: not-a-virus:Monitor.Win32.ActivityMonitor.391 skipped
    C:\Documents and Settings\Bill\Desktop\activmon39full.zip/amagent39.exe Infected: not-a-virus:Monitor.Win32.ActivityMonitor.391 skipped
    C:\Documents and Settings\Bill\Desktop\activmon39full.zip/amonitor39.exe/file17 Infected: not-a-virus:Monitor.Win32.ActivityMonitor.c skipped
    C:\Documents and Settings\Bill\Desktop\activmon39full.zip/amonitor39.exe/file19/file01 Infected: not-a-virus:Monitor.Win32.ActivityMonitor.391 skipped
    C:\Documents and Settings\Bill\Desktop\activmon39full.zip/amonitor39.exe/file19/file02 Infected: not-a-virus:Monitor.Win32.ActivityMonitor.c skipped
    C:\Documents and Settings\Bill\Desktop\activmon39full.zip/amonitor39.exe/file19/file03 Infected: not-a-virus:Monitor.Win32.ActivityMonitor.c skipped
    C:\Documents and Settings\Bill\Desktop\activmon39full.zip/amonitor39.exe/file19/file04 Infected: not-a-virus:Monitor.Win32.ActivityMonitor.c skipped
    C:\Documents and Settings\Bill\Desktop\activmon39full.zip/amonitor39.exe/file19/file05 Infected: not-a-virus:Monitor.Win32.ActivityMonitor.b skipped
    C:\Documents and Settings\Bill\Desktop\activmon39full.zip/amonitor39.exe/file19/file06 Infected: not-a-virus:Monitor.Win32.ActivityMonitor.c skipped
    C:\Documents and Settings\Bill\Desktop\activmon39full.zip/amonitor39.exe/file19 Infected: not-a-virus:Monitor.Win32.ActivityMonitor.c skipped
    C:\Documents and Settings\Bill\Desktop\activmon39full.zip/amonitor39.exe Infected: not-a-virus:Monitor.Win32.ActivityMonitor.c skipped
    C:\Documents and Settings\Bill\Desktop\activmon39full.zip ZIP: infected - 11 skipped
    C:\Documents and Settings\Bill\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Documents and Settings\Bill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Bill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Bill\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Bill\Local Settings\History\History.IE5\MSHist012008053020080531\index.dat Object is locked skipped
    C:\Documents and Settings\Bill\Local Settings\Temp\~DF1CE1.tmp Object is locked skipped
    C:\Documents and Settings\Bill\Local Settings\Temp\~DF1D03.tmp Object is locked skipped
    C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\HESUVXDK\SATC_Trl3_Med[1].flv Object is locked skipped
    C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Bill\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Bill\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Cait\My Documents\My Received Files\pic-919.zip/picture347.jpg_marie_8_23@hotmail.com Infected: Trojan.Win32.Pakes.bzd skipped
    C:\Documents and Settings\Cait\My Documents\My Received Files\pic-919.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\f313b8ed3dcd91527a7f254d\$shtdwn$.req Object is locked skipped
    C:\f313b8ed3dcd91527a7f254d\legitcheckcontrol.dll Object is locked skipped
    C:\f313b8ed3dcd91527a7f254d\spmsg.dll Object is locked skipped
    C:\f313b8ed3dcd91527a7f254d\spuninst.exe Object is locked skipped
    C:\f313b8ed3dcd91527a7f254d\update\update.exe Object is locked skipped
    C:\f313b8ed3dcd91527a7f254d\update\update.inf Object is locked skipped
    C:\f313b8ed3dcd91527a7f254d\update\update.ver Object is locked skipped
    C:\f313b8ed3dcd91527a7f254d\update\updspapi.dll Object is locked skipped
    C:\f313b8ed3dcd91527a7f254d\update\wganotify.cat Object is locked skipped
    C:\f313b8ed3dcd91527a7f254d\update\wgawizard.dll Object is locked skipped
    C:\f313b8ed3dcd91527a7f254d\update\wga_eula.txt Object is locked skipped
    C:\f313b8ed3dcd91527a7f254d\wgalogon.dll Object is locked skipped
    C:\f313b8ed3dcd91527a7f254d\wgatray.exe Object is locked skipped
    C:\Program Files\MSN Messenger\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
    C:\Program Files\MSN Messenger\riched20.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
    C:\RECYCLER\S-1-5-21-1161021558-1259434173-635931635-1006\Dc1.zip/Setup.exe Infected: not-a-virus:AdWare.Win32.Agent.zk skipped
    C:\RECYCLER\S-1-5-21-1161021558-1259434173-635931635-1006\Dc1.zip ZIP: infected - 1 skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP654\A0047716.dll Infected: not-a-virus:AdWare.Win32.Coupons skipped
    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP665\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked skipped
    C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{D804F590-36F0-4AEF-A207-CD87076CF529}.crmlog Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{D8A97FC3-1EA6-4CFB-AA97-8947D9A85834}.bin Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
    C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP665\change.log Object is locked skipped

    Scan process completed.
     
    2qwk4u,
    #8
  10. 2008/05/31
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Did you install ActivityMonitor, or have intentions of installing it? If not, delete the following file.

    C:\Documents and Settings\Bill\Desktop\activmon39full.zip

    Then check Add/Remove programs for it and uninstall it if found.

    Click Start>Run and type cmd then hit enter.
    In the command window, type or copy and paste the following command, then hit enter.

    chkdsk /r

    You should get the following message.

    Cannot lock current drive.

    Chkdsk cannot run because the volume is in use by another
    process. Would you like to schedule this volume to be
    checked the next time the system restarts? (Y/N)

    Type Y and hit enter. If prompted to restart the computer, do not aloow it just yet.

    Download ATF Cleaner by Atribune and save it to your Desktop.
    • Double click ATF-Cleaner.exe to run the program.
    • Check the boxes to the left of:

      • Windows Temp
      • Current User Temp
      • All Users Temp
      • Temporary Internet Files
      • Prefetch
      • Java Cache
      • Recycle bin

    • The rest are optional - if you want it to remove everything check "Select All ".
    • Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.
    Reboot


    Upon restart, the computer will run the checkdisk utility. Be patient as it might take a while depending on the amount of data on the drive.

    Let me know if you see any difference.

    Have you opened the case and cleaned out the dust lately, checked that all fans are working properly, etc?
     
    noahdfear,
    #9

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...