Old February 5th, 2009, 08:23 AM
lilonepaula
New Member
Join Date: Feb 2009
Posts: 24
Unhappy Avira bleeps,pop ups warning of trojans,virus...slow computer

Hello,I am new here and am soo glad to see there is help out here for us non computer understanding folks. I have seen other posts but know that everyones issues can be different and not to follow thier advice for thier PC. I have noticed my computer getting slower and slower and before I think I'll have to go back and wipe it all clean and lose everything I figured I'd ask for help here. My hubby thinks it is all Limewire and MySpace's fault and I will admit it sure slows it down ALOT and sometimes my page won't show for 10 minutes even!!! My computer is a little older but not that old...

Here is my HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:22:42 AM, on 2/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fast Browser SearchP\FastBrowserSearchProtection.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {811FB681-61C2-4442-9C96-9F164F619ED7} - (no file)
O2 - BHO: TBSB07183 - {6C621F09-DFF3-415A-B7D1-142678EFEB34} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Fast Browser Search - {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [FBSearch] C:\Program Files\Fast Browser SearchP\FastBrowserSearchProtection.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1228333940765
O16 - DPF: {9BA9AE56-8DFC-4994-AEA9-68BEAD35A6FA} - http://www.myfacelol.com/_downloads/.../MyFaceLOL.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/G...onGameHost.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

End of file - 4720 bytes
Thanks for any and all help you can offer. I soo appreciate your time!
Old February 6th, 2009, 05:47 AM
Jintan
Jintan Jintan is offline
Cyber Tech Help Moderator
Join Date: Dec 2004
Posts: 52,284
Welcome to CTH lilonepaula,

I agree with your husband that those are two of the top methods of getting infection on a system. The log shows a little know browser search bar that looks very suspect. I would like to check the files from that, and we will need to get more detail to look at as well here.

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"

Then right click My Computer, left click Explore, and navigate to the following hilighted folder:

C:\Program Files\Fast Browser Search

I would like you to zip a copy of that entire folder, so you can upload it for analysis. Either use a zipping software you have (such a winzip or winrar), or right click the folder, then select Send To -> Compressed (zipped) Folders, and a zipped copy of it will be created in the Program Files folder.

Then just go here, press new topic, fill in the needed details and just give a link to your post back here. Then press the browse button and then navigate to & select that new zipped folder copy on your computer.

You DO NOT need to be a member to upload, anybody can upload the files. You will not be able to see the file once uploaded.


Once you have done that Download RSIT (random's system information tool) from here to your desktop, then click on the RSIT.exe to start the scan.

If necessary allow it to locate or download a copy of HijackThis as needed.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.
Old February 6th, 2009, 08:52 PM
lilonepaula
New Member
Join Date: Feb 2009
Posts: 24
Thank you soo much for helping me!!!

Here is the log.txt one:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Mamma at 2009-02-06 13:51:32
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 63 GB (86%) free of 73 GB
Total RAM: 255 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:51:43 PM, on 2/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fast Browser SearchP\FastBrowserSearchProtection.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mamma\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mamma.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {811FB681-61C2-4442-9C96-9F164F619ED7} - (no file)
O2 - BHO: TBSB07183 - {6C621F09-DFF3-415A-B7D1-142678EFEB34} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Fast Browser Search - {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [FBSearch] C:\Program Files\Fast Browser SearchP\FastBrowserSearchProtection.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1228333940765
O16 - DPF: {9BA9AE56-8DFC-4994-AEA9-68BEAD35A6FA} - http://www.myfacelol.com/_downloads/.../MyFaceLOL.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/G...onGameHost.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

End of file - 4782 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{6C621F09-DFF3-415A-B7D1-142678EFEB34}]
TBSB07183 Class - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [2008-11-05 2435584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-01 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-01 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} - Fast Browser Search - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [2008-11-05 2435584]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"PRISMSVR.EXE"=C:\WINDOWS\system32\PRISMSVR.EX E [2003-11-20 282713]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
"FBSearch"=C:\Program Files\Fast Browser SearchP\FastBrowserSearchProtection.exe [2008-11-26 325504]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-01 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [2002-04-03 135264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-01 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\sys tem32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-02-06 13:51:32 ----D---- C:\rsit
2009-02-01 14:44:08 ----A---- C:\WINDOWS\system32\javaws.exe
2009-02-01 14:44:08 ----A---- C:\WINDOWS\system32\javaw.exe
2009-02-01 14:44:08 ----A---- C:\WINDOWS\system32\java.exe
2009-02-01 14:40:23 ----SHD---- C:\Config.Msi
2009-01-31 00:55:51 ----D---- C:\Program Files\Trend Micro
2009-01-31 00:13:50 ----SHD---- C:\found.001
2009-01-25 11:47:48 ----D---- C:\Documents and Settings\Mamma\Application Data\MySpace
2009-01-25 11:47:41 ----D---- C:\Program Files\MySpace
2009-01-25 03:06:06 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-01-25 03:05:30 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-01-25 03:04:40 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-01-25 03:02:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-01-25 03:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-01-24 00:53:31 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-01-24 00:53:30 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-01-24 00:52:41 ----D---- C:\Program Files\Windows Media Connect 2
2009-01-24 00:52:23 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-01-24 00:50:49 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-01-24 00:49:29 ----D---- C:\WINDOWS\system32\LogFiles
2009-01-24 00:49:15 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-01-14 12:10:45 ----A---- C:\WINDOWS\imsins.BAK
2009-01-14 12:10:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2008-12-24 22:33:38 ----D---- C:\Program Files\Fast Browser SearchP
2008-12-24 22:32:27 ----D---- C:\Program Files\Fast Browser Search
2008-12-14 02:45:17 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-14 02:43:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-14 02:43:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-14 02:42:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-14 02:04:29 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-12-14 02:04:28 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-12-03 16:33:33 ----D---- C:\Program Files\Executive Software
2008-12-03 15:29:54 ----D---- C:\Program Files\Windows Live Safety Center
2008-12-03 14:47:49 ----D---- C:\Program Files\Avira
2008-12-03 14:47:49 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-12-03 14:23:11 ----D---- C:\WINDOWS\pss
2008-12-03 14:12:08 ----A---- C:\WINDOWS\system32\nvuninst.exe
2008-12-03 14:07:55 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-12-01 12:36:02 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-30 23:29:27 ----SHD---- C:\found.000
2008-11-30 20:31:53 ----D---- C:\WINDOWS\ie7updates
2008-11-30 20:27:45 ----D---- C:\WINDOWS\WBEM
2008-11-30 20:24:50 ----HDC---- C:\WINDOWS\ie7
2008-11-30 20:24:03 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPI s$
2008-11-30 20:23:13 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapp ing$
2008-11-30 11:26:54 ----D---- C:\Program Files\BMA Interactive Desktop
2008-11-30 11:07:24 ----D---- C:\WINDOWS\system32\christmasdecorating_3064538 dir
2008-11-30 09:44:43 ----D---- C:\Documents and Settings\Mamma\Application Data\TERMINAL Studio
2008-11-22 22:46:12 ----D---- C:\Documents and Settings\Mamma\Application Data\DeepBurner
2008-11-22 22:35:42 ----D---- C:\Documents and Settings\Mamma\Application Data\LimeWire
2008-11-22 22:35:18 ----D---- C:\Program Files\LimeWire
2008-11-22 22:34:27 ----D---- C:\Program Files\Astonsoft
2008-11-12 03:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 03:00:41 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 03:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 3 months======

2009-02-06 13:51:30 ----D---- C:\WINDOWS\Prefetch
2009-02-06 13:44:10 ----RD---- C:\Program Files
2009-02-06 13:39:45 ----D---- C:\WINDOWS\Temp
2009-02-06 02:41:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-01 15:02:17 ----SHD---- C:\WINDOWS\Installer
2009-02-01 14:46:55 ----D---- C:\Program Files\Common Files
2009-02-01 14:46:55 ----D---- C:\Program Files\Adobe
2009-02-01 14:46:54 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-02-01 14:45:56 ----D---- C:\WINDOWS\system32
2009-02-01 14:38:38 ----D---- C:\Program Files\Java
2009-01-31 00:39:23 ----SHD---- C:\RECYCLER
2009-01-31 00:15:11 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-31 00:15:10 ----HD---- C:\WINDOWS\inf
2009-01-25 11:36:40 ----D---- C:\WINDOWS
2009-01-25 03:06:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-24 21:20:27 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-24 00:53:05 ----A---- C:\WINDOWS\win.ini
2009-01-24 00:52:40 ----D---- C:\Program Files\Windows Media Player
2009-01-24 00:52:36 ----D---- C:\WINDOWS\Help
2009-01-24 00:51:20 ----D---- C:\WINDOWS\system32\drivers
2009-01-14 12:10:29 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-14 12:09:05 ----D---- C:\WINDOWS\Debug
2009-01-09 19:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-25 21:25:10 ----D---- C:\DELL
2008-12-24 22:32:29 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-19 23:40:42 ----D---- C:\WINDOWS\system32\Macromed
2008-12-19 23:38:55 ----SH---- C:\boot.ini
2008-12-19 23:38:55 ----A---- C:\WINDOWS\system.ini
2008-12-18 12:39:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-14 02:44:59 ----D---- C:\Program Files\Internet Explorer
2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-03 14:14:09 ----D---- C:\WINDOWS\nview
2008-12-03 13:51:43 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-03 13:43:33 ----D---- C:\Documents and Settings
2008-11-30 20:33:59 ----D---- C:\WINDOWS\system32\en-us
2008-11-30 20:28:01 ----D---- C:\WINDOWS\system32\config
2008-11-30 20:27:09 ----D---- C:\WINDOWS\Media
2008-11-30 11:22:02 ----D---- C:\WINDOWS\system32\wbem
2008-11-30 11:22:02 ----D---- C:\WINDOWS\Registration
2008-11-30 11:21:17 ----D---- C:\WINDOWS\system32\Restore
2008-11-27 17:40:45 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-27 17:40:06 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-27 17:39:51 ----A---- C:\WINDOWS\SBWIN.INI
2008-11-22 02:30:27 ----D---- C:\Program Files\Oberon Media
2008-11-22 02:22:23 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-21 22:52:19 ----D---- C:\Documents and Settings\Mamma\Application Data\Pogo Games

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.6; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2003-10-20 15781]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\system32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-22 130192]
R3 DELL_A02;Dell TrueMobile 1300 USB2.0 WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\PRISMA02.sys [2003-11-11 336800]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-06-13 162816]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-22 178672]
R3 P16X;Creative SB Live! Series (WDM); C:\WINDOWS\system32\drivers\P16X.sys [2003-09-22 1330048]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 PciCon;PciCon; \??\D:\PciCon.sys []
S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\RTL8150.SYS [2006-05-10 22842]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Diskeeper;Diskeeper; C:\Program Files\Executive Software\DiskeeperLite\DKService.exe [2002-10-16 176128]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-01 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

Old February 6th, 2009, 08:54 PM
lilonepaula
New Member
Join Date: Feb 2009
Posts: 24
Smile I hope I did it right at the other site

Here is the info.txt one:

info.txt logfile of random's system information tool 1.05 2009-02-06 13:51:47

======Uninstall list======

-->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /W /U /S /R
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_acti veX.exe
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
CCleaner (remove only)-->"C:\Documents and Settings\Mamma\Desktop\CCleaner\uninst.exe"
DeepBurner v1.9.0.228-->"C:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner\install.log" -u
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Diskeeper Lite-->MsiExec.exe /X{A3F60446-48FB-48A8-B5FC-BB3430AEF806}
Fast Browser Search Protection-->C:\Program Files\Fast Browser SearchP\FbsSearchProtectionUnInstall.exe
Fast Browser Search-->regsvr32 /u /s "C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunin st.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spunin st.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spunin st.exe"
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\sp uninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationA PIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMa pping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuni nst.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\sp uninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\ spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\s puninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spunin st.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spunin st.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spunin st.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spunin st.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spunin st.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spunin st.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spunin st.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spunin st.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spunin st.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spunin st.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spunin st.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spunin st.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spunin st.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spunin st.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spunin st.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spunin st.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spunin st.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spunin st.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spunin st.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spunin st.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spunin st.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spunin st.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spunin st.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spunin st.exe"
Sound Blaster Live!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}\setup.exe" -l0x9
TrueMobile 1300 USB 2.0 WLAN-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}\setup.exe" -l0x9 -L0x9
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spunin st.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spunin st.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuni nst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst. exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spu ninst.exe"

======Security center information======

AV: Avira AntiVir PersonalEdition (disabled)

System event log

Computer Name: HOME-0B236EC7CB
Event Code: 7035
Message: The Application Layer Gateway Service service was successfully sent a start control.

Record Number: 5
Source Name: Service Control Manager
Time Written: 20090202124222.000000-360
Event Type: information

Computer Name: HOME-0B236EC7CB
Event Code: 7036
Message: The Network Location Awareness (NLA) service entered the running state.

Record Number: 4
Source Name: Service Control Manager
Time Written: 20090202124222.000000-360
Event Type: information

Computer Name: HOME-0B236EC7CB
Event Code: 7035
Message: The Network Location Awareness (NLA) service was successfully sent a start control.

Record Number: 3
Source Name: Service Control Manager
Time Written: 20090202124222.000000-360
Event Type: information

Computer Name: HOME-0B236EC7CB
Event Code: 6005
Message: The Event log service was started.

Record Number: 2
Source Name: EventLog
Time Written: 20090202124209.000000-360
Event Type: information

Computer Name: HOME-0B236EC7CB
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20090202124209.000000-360
Event Type: information

Application event log

Computer Name: HOME-0B236EC7CB
Event Code: 28
Message: The Diskeeper analysis has stopped for drive

Record Number: 529
Source Name: Diskeeper
Time Written: 20090106040148.000000-360
Event Type: information

Computer Name: HOME-0B236EC7CB
Event Code: 7
Message: The Diskeeper Engine has started for drive C:

Record Number: 528
Source Name: Diskeeper
Time Written: 20090106040137.000000-360
Event Type: information

Computer Name: HOME-0B236EC7CB
Event Code: 1002
Message: Hanging application wmplayer.exe, version, hang module hungapp, version, hang address 0x00000000.

Record Number: 527
Source Name: Application Hang
Time Written: 20090106002039.000000-360
Event Type: error

Computer Name: HOME-0B236EC7CB
Event Code: 28
Message: The Diskeeper analysis has stopped for drive

Record Number: 526
Source Name: Diskeeper
Time Written: 20090105144718.000000-360
Event Type: information

Computer Name: HOME-0B236EC7CB
Event Code: 7
Message: The Diskeeper Engine has started for drive C:

Record Number: 525
Source Name: Diskeeper
Time Written: 20090105144708.000000-360
Event Type: information

======Environment variables======

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemR oot%\System32\Wbem;C:\Program Files\Executive Software\DiskeeperLite\
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"DiskeeperIcon"=C:\Program Files\Executive Software\DiskeeperLite\

Old February 7th, 2009, 03:22 AM
Jintan
Jintan Jintan is offline
Cyber Tech Help Moderator
Join Date: Dec 2004
Posts: 52,284
I received the file, thanks. Looks like a Softomate type toolbar. I have provided the information on it for review, but so you understand what this means, look at some information here about another of Softomate's undesirable toolbars. In checking your upload I see it also brought with it a Firefox MTWBToolBar, which I understand to mean a Make the Web Better Toolbar. Since Softomate usually earns money from redirecting peoples searches, as well as include adware and spyware at times, I bet they think this makes the web better - at least for their wallets it does.

This is the only undesirable issues I see in these logs so far. I recommend you Go to Start – Settings – Control Panel. Click on Add/Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on Remove. Then close the Control Panel.

Fast Browser Search Protection
Fast Browser Search

Then right click My Computer, left click Explore, and navigate to the following hilighted folder and delete it (the entire folder):

C:\Program Files\Fast Browser Search


Reboot, and after the reboot let's go ahead an include a good current scan to just check things.

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Download Malwarebytes' Anti-Malware from Here or Here.

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.


Run a new RSIT scan and post that main log along with the Malwarebytes log please.

Run a new RSIT scan and post that main log along with the OTMoveIt log and the Malwarebytes log please.
Old February 7th, 2009, 07:15 AM
lilonepaula
New Member
Join Date: Feb 2009
Posts: 24
Malwarebytes' Anti-Malware 1.33
Database version: 1736
Windows 5.1.2600 Service Pack 3

2/7/2009 12:12:35 AM
mbam-log-2009-02-07 (00-12-35).txt

Scan type: Quick Scan
Objects scanned: 96224
Time elapsed: 30 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchho ok (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchho ok.1 (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Old February 7th, 2009, 07:16 AM
lilonepaula
New Member
Join Date: Feb 2009
Posts: 24
RSIT log

Logfile of random's system information tool 1.05 (written by random/random)
Run by Mamma at 2009-02-07 00:14:02
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 63 GB (86%) free of 73 GB
Total RAM: 255 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:12 AM, on 2/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Mamma\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mamma.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1228333940765
O16 - DPF: {9BA9AE56-8DFC-4994-AEA9-68BEAD35A6FA} -
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/G...onGameHost.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

End of file - 4476 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-01 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-01 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-01 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"PRISMSVR.EXE"=C:\WINDOWS\system32\PRISMSVR.EX E [2003-11-20 282713]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-01 136600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-01-14 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [2002-04-03 135264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-01 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\sys tem32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-02-06 23:41:19 ----D---- C:\Documents and Settings\Mamma\Application Data\Malwarebytes
2009-02-06 23:41:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-06 23:41:12 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-06 13:51:32 ----D---- C:\rsit
2009-02-01 14:44:08 ----A---- C:\WINDOWS\system32\javaws.exe
2009-02-01 14:44:08 ----A---- C:\WINDOWS\system32\javaw.exe
2009-02-01 14:44:08 ----A---- C:\WINDOWS\system32\java.exe
2009-02-01 14:40:23 ----SHD---- C:\Config.Msi
2009-01-31 00:55:51 ----D---- C:\Program Files\Trend Micro
2009-01-31 00:13:50 ----SHD---- C:\found.001
2009-01-25 11:47:48 ----D---- C:\Documents and Settings\Mamma\Application Data\MySpace
2009-01-25 11:47:41 ----D---- C:\Program Files\MySpace
2009-01-25 03:06:06 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-01-25 03:05:30 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-01-25 03:04:40 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-01-25 03:02:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-01-25 03:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-01-24 00:53:31 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-01-24 00:53:30 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-01-24 00:52:41 ----D---- C:\Program Files\Windows Media Connect 2
2009-01-24 00:52:23 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-01-24 00:50:49 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-01-24 00:49:29 ----D---- C:\WINDOWS\system32\LogFiles
2009-01-24 00:49:15 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-01-14 12:10:45 ----A---- C:\WINDOWS\imsins.BAK
2009-01-14 12:10:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2008-12-14 02:45:17 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-14 02:43:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-14 02:43:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-14 02:42:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-14 02:04:29 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-12-14 02:04:28 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-12-03 16:33:33 ----D---- C:\Program Files\Executive Software
2008-12-03 15:29:54 ----D---- C:\Program Files\Windows Live Safety Center
2008-12-03 14:47:49 ----D---- C:\Program Files\Avira
2008-12-03 14:47:49 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-12-03 14:23:11 ----D---- C:\WINDOWS\pss
2008-12-03 14:12:08 ----A---- C:\WINDOWS\system32\nvuninst.exe
2008-12-03 14:07:55 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-12-01 12:36:02 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-30 23:29:27 ----SHD---- C:\found.000
2008-11-30 20:31:53 ----D---- C:\WINDOWS\ie7updates
2008-11-30 20:27:45 ----D---- C:\WINDOWS\WBEM
2008-11-30 20:24:50 ----HDC---- C:\WINDOWS\ie7
2008-11-30 20:24:03 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPI s$
2008-11-30 20:23:13 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapp ing$
2008-11-30 11:26:54 ----D---- C:\Program Files\BMA Interactive Desktop
2008-11-30 11:07:24 ----D---- C:\WINDOWS\system32\christmasdecorating_3064538 dir
2008-11-30 09:44:43 ----D---- C:\Documents and Settings\Mamma\Application Data\TERMINAL Studio
2008-11-22 22:46:12 ----D---- C:\Documents and Settings\Mamma\Application Data\DeepBurner
2008-11-22 22:35:42 ----D---- C:\Documents and Settings\Mamma\Application Data\LimeWire
2008-11-22 22:35:18 ----D---- C:\Program Files\LimeWire
2008-11-22 22:34:27 ----D---- C:\Program Files\Astonsoft
2008-11-12 03:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 03:00:41 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 03:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 3 months======

2009-02-07 00:12:30 ----D---- C:\WINDOWS\Prefetch
2009-02-06 23:41:16 ----D---- C:\WINDOWS\system32\drivers
2009-02-06 23:41:12 ----RD---- C:\Program Files
2009-02-06 23:39:31 ----D---- C:\WINDOWS\Temp
2009-02-06 23:37:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-01 15:02:17 ----SHD---- C:\WINDOWS\Installer
2009-02-01 14:46:55 ----D---- C:\Program Files\Common Files
2009-02-01 14:46:55 ----D---- C:\Program Files\Adobe
2009-02-01 14:46:54 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-02-01 14:45:56 ----D---- C:\WINDOWS\system32
2009-02-01 14:38:38 ----D---- C:\Program Files\Java
2009-01-31 00:39:23 ----SHD---- C:\RECYCLER
2009-01-31 00:15:11 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-31 00:15:10 ----HD---- C:\WINDOWS\inf
2009-01-25 11:36:40 ----D---- C:\WINDOWS
2009-01-25 03:06:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-24 21:20:27 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-24 00:53:05 ----A---- C:\WINDOWS\win.ini
2009-01-24 00:52:40 ----D---- C:\Program Files\Windows Media Player
2009-01-24 00:52:36 ----D---- C:\WINDOWS\Help
2009-01-14 12:10:29 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-14 12:09:05 ----D---- C:\WINDOWS\Debug
2009-01-09 19:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-25 21:25:10 ----D---- C:\DELL
2008-12-24 22:32:29 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-19 23:40:42 ----D---- C:\WINDOWS\system32\Macromed
2008-12-19 23:38:55 ----SH---- C:\boot.ini
2008-12-19 23:38:55 ----A---- C:\WINDOWS\system.ini
2008-12-18 12:39:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-14 02:44:59 ----D---- C:\Program Files\Internet Explorer
2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-03 14:14:09 ----D---- C:\WINDOWS\nview
2008-12-03 13:51:43 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-03 13:43:33 ----D---- C:\Documents and Settings
2008-11-30 20:33:59 ----D---- C:\WINDOWS\system32\en-us
2008-11-30 20:28:01 ----D---- C:\WINDOWS\system32\config
2008-11-30 20:27:09 ----D---- C:\WINDOWS\Media
2008-11-30 11:22:02 ----D---- C:\WINDOWS\system32\wbem
2008-11-30 11:22:02 ----D---- C:\WINDOWS\Registration
2008-11-30 11:21:17 ----D---- C:\WINDOWS\system32\Restore
2008-11-27 17:40:45 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-27 17:40:06 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-27 17:39:51 ----A---- C:\WINDOWS\SBWIN.INI
2008-11-22 02:30:27 ----D---- C:\Program Files\Oberon Media
2008-11-22 02:22:23 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-21 22:52:19 ----D---- C:\Documents and Settings\Mamma\Application Data\Pogo Games

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.6; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2003-10-20 15781]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\system32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-22 130192]
R3 DELL_A02;Dell TrueMobile 1300 USB2.0 WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\PRISMA02.sys [2003-11-11 336800]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-06-13 162816]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-22 178672]
R3 P16X;Creative SB Live! Series (WDM); C:\WINDOWS\system32\drivers\P16X.sys [2003-09-22 1330048]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 PciCon;PciCon; \??\D:\PciCon.sys []
S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\RTL8150.SYS [2006-05-10 22842]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Diskeeper;Diskeeper; C:\Program Files\Executive Software\DiskeeperLite\DKService.exe [2002-10-16 176128]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-01 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

Old February 7th, 2009, 07:24 AM
lilonepaula
New Member
Join Date: Feb 2009
Posts: 24

I saw that fast browser in my add/remove about a week ago and thought I had removed it. I guess it was hidden or something. I have this diskeeper lite that was installed (along with Avira) when I took my computer in to have power cord repaired. It tells me almost every other day that my fragment level has accumulated over 10000 in 1 day or something similair to that. What does that mean? What can I do to keep the fragments down?
I know my hubby is right about a few sites I visit but I know lots of people who go to the same sites and seem to have no problems. I don't know if it is b/c my computer is old,my pages have too much on them and thus run slower or what. He says more RAM would do my computer a world of good and I really hope that is all that is needed. Some pages take 10 minutes...seriously,10 minutes to fully load and start. The sites I visit that are slow are MySpace,Pogo & limewire. But mainly MySpace. Sometimes checking my mail there,etc. is just not worth it. I do have a music player on my page that plays videos along with music so it may be bandwidth or just my computer..? Thank you for helping and giving such clear step by step instructions. Oh and I dont have a messenger or use any but see in the log messenger and extra button and things I just dont recognize. I wanted to get rid of things in add/delete that I wasnt familiar with but am afraid that they may be needed to keep the computer running. Any and all suggestions are welcomed and appreciated.
Old February 7th, 2009, 08:37 AM
lilonepaula
New Member
Join Date: Feb 2009
Posts: 24
I just noticed that at the top of this browser page it has the IE search bar but to the right of it there is another search area that says fast browser search. Is it attached to this updated version of IE? If so I can do w/o this version as I dont really like the new IE. It was updated when I took my computer to shop.
Old February 7th, 2009, 01:37 PM
Jintan
Jintan Jintan is offline
Cyber Tech Help Moderator
Join Date: Dec 2004
Posts: 52,284
Were you using IE and seeing that other right side search option or Firefox?

IE7 can be uninstalled through Add/Remove Programs (Windows Internet Explorer 7), and your system will then go back to IE6. However, IE7 is really a more secure browser than IE6 for a number of reasons. And included tabs, which are not in IE6. But yes, these are truly just user preference choices. Your upload was helpful, and as you can see here that Softomate Fast Browser Search toolbar you have now removed has been added to the list so others will be warned about it.
Old February 8th, 2009, 04:58 AM
lilonepaula
New Member
Join Date: Feb 2009
Posts: 24

Yes,it is IE7 updated from 6. Do you use IE 7 and if so does yours show a fast browser search box to the right? I am not sure how to do a screen shot to show you but I dont think it is suppose to be there. Also,did a Kaspersky check and this is what it showed:
C:\Documents and Settings\Mamma\Desktop\kaspersky infect report.html
And here is detection that Avira found:

Special detection EXP/ASF.GetCodec.Gen

EXP/ASF.GetCodec.Gen is a detection for multimedia files that contain a special command to download new codecs. Normally, codecs are required to play video or audio formats. This mechanism got hijacked by malware, which simply downloads Trojans instead of a real new codec. ASF, WMA and WMV files are affected, a recent Trojan converts MP3 files into the ASF file format and adds a command to download malicious code. The Wimad Trojan family also uses this method.

General Method of propagation:
• No own spreading routine


It was previously detected as:
• SPR/ASF.GetCodec.Gen

Side effects:
• Makes use of software vulnerability

So,the fast browser thing was all that was spotted that was wrong with computer? What about the overload of fragments that the diskeeper lite (what is that anyways) pops up with almost daily? It still loads certain pages super slow~like 10 minutes to load. When I pasted all those logs do they show you what type and year computer I have? Or RAM and all the detail stuff? What do you think? I need more RAM? I really do not have alot of things running for it to be soo slow. Sure,Id love a new computer but we are not in the lucky group of income tax refunders. Just trying to get by with what we have for now. Any help,ideas would be appreciated. Thanks for all!

Last edited by lilonepaula; February 8th, 2009 at 05:00 AM.
Old February 8th, 2009, 05:53 AM
Jintan
Jintan Jintan is offline
Cyber Tech Help Moderator
Join Date: Dec 2004
Posts: 52,284
These aren't quite system hardware or device analysis logs, though they do show you have plenty of hard drive space, but really could benefit from increasing the RAM from the current 255 MB. Once we are done here you may want to ask for help on that in the CTH Hardware forum. Here are some details on Diskeeper Lite, and in truth if neither of you all there have a solid knowledge of it's uses then you may want to just uninstall it. IE7 does not normally include that fast browser search box, and by the name similarities it is may be something that unwanted toolbar left behind. We can check with a different scan for that. As for what your antivirus software is doing, it is really only just looking through another security software's log file and commenting on it. Looks like at some point a Kaspersky scan you all did located perhaps a fake codec Wimad altered music file. We can check on that as well.

Click here and download sUBs' dds.scr to your desktop, then click that to run the scan. A window will open while the scan runs, and when it completes two logs will open in Notepad - DDS.txt and Attach.txt. An additional message box will open that you can just X close.

Save those two log files to your desktop (go to File - Save As and browse to your desktop to save each), but just post the DDS.txt one for now.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Then Go here and run the Kaspersky online scan, and post back the log it creates.

To use the scan, accept the agreement and make sure you allow the ActiveX object to download and install (check the "yellow bar" at the top if needed to allow this). Once the Database download is completed, under Scan in the left column click My Computer to start the scan. This may take a very long time, so allow the scan to run and perhaps find something else to do.

When the scan completes click View Scan Report. Then click Save Report As, and using the dropdown box save the report as "Files of Type: -> Text file (.txt)" to a location where you can find it again. Use any name you wish for the log.

Then locate that log and copy/paste those contents back here please.

The scan requires a good bit of database downloading and can take quite a while to complete.
Old February 8th, 2009, 05:59 AM
lilonepaula
New Member
Join Date: Feb 2009
Posts: 24
DDS (Ver_09-02-01.01) - NTFSx86
Run by Mamma at 22:58:45.67 on Sat 02/07/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.77 [GMT -6:00]

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mamma\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page =
uSearch Bar =
mSearchAssistant =
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PRISMSVR.EXE] "c:\windows\system32\PRISMSVR.EXE" /APPLY
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228333940765
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9BA9AE56-8DFC-4994-AEA9-68BEAD35A6FA}
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-12-3 11840]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-12-3 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-12-3 151297]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-12-3 52032]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;c:\windows\system32\drivers\RTL8150.SYS [2008-12-3 22842]

=============== Created Last 30 ================

2009-02-06 23:41 <DIR> --d----- c:\docume~1\mamma\applic~1\Malwarebytes
2009-02-06 23:41 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-06 23:41 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-06 23:41 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-06 23:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-01 14:44 73,728 a------- c:\windows\system32\javacpl.cpl
2009-01-31 00:55 <DIR> --d----- c:\program files\Trend Micro
2009-01-31 00:13 <DIR> --dsh--- C:\found.001
2009-01-25 11:47 <DIR> --d----- c:\docume~1\mamma\applic~1\MySpace
2009-01-25 11:47 <DIR> --d----- c:\program files\MySpace
2009-01-24 00:52 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-01-24 00:49 <DIR> --d----- c:\windows\system32\LogFiles

==================== Find3M ====================

2009-02-01 14:43 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-11 04:57 333,952 a------- c:\windows\system32\drivers\srv.sys

============= FINISH: 22:58:57.17 ===============
Old February 8th, 2009, 06:03 AM
lilonepaula
New Member
Join Date: Feb 2009
Posts: 24
Oh,ok. Thats how you get the Kaspersky to save as a txt file. I ran this late last night and it took over an hour and I posted on the thread above what it found. But were you saying it was a false scan? I used the link from this website to go there and run the scan and it came back with the music file as corrupt.

So the IE browser I am using is a fake one created by the Fast browser thing? I will wait to hear from you about the scan I did to see if I need to delete it and get correct one or diff. version or if the search bar itself can be removed...? I am soo lost with all of this.

The diskeeper lite was installed by comp. shop but I really do not know what it is for. Just that it pops up alot saying we are over our fragments and it shows something like 10,000 over so it has me worried but I do not know what to change to help that situation. I will delete it but is that going to take care of the fragment problem it talks about?

Thanks again and again :-)

Last edited by lilonepaula; February 8th, 2009 at 06:08 AM.
Old February 8th, 2009, 03:37 PM
Jintan
Jintan Jintan is offline
Cyber Tech Help Moderator
Join Date: Dec 2004
Posts: 52,284
I don't see a Kaspersky log posted yet here. What I was indicating is that your one scan was just reading info it picked out of another scan's log, so we are checking now with Kaspersky to see what that was all about.

That Diskkeeper software is a sorta hyper-defragmenter, and your system already has the Windows Defrag built-in, so this really does not sound like a software you all are gaining any benefits from there.

I will check more on this search issue and post back after, but post the Kaspersky log please.
