really slow computer, and hijackthis log

burntdoughnuts · #1 (**permalink**) 20-08-2007, 09:58 AM

Hi. I am using Windows XP on an Acer computer that is less than a year old. I have 512MB RAM and 1.6gig Intel Celeron processor. A little over a month ago I let a friend of mine borrow my computer. That is when I had problems start. Well he says that he didnt do anything but Im not sure. The computer starts up real slow, it is less than a year old and it takes about 10 mins or so to boot up completely. Once it is booted up it takes a while for anything that i choose to do to register and actually start. Any type of media that I play, whether it be a song or video, it lags and kinda seems to skip like a scratched cd, and I dont do a lot of things at once and I have not downloaded any large files or a lot of small files. I check my task manager and it shows 61 processes. I have been recently trying to learn about which programs are most important for me to be running but its seems to be most of them all are important. I used to have an old expired Norton Antivirus but I got rid of that and put in Spyware Doctor with Antivirus protection and I update it reglularly. I have found some viruses but I dont know the extemety of them, but when I got rid of them the performance of the computer did not increase. I am currently deployed in Iraq and I dont have any means to take it somewhere to get fixed. Im not computer stupid but I do have a bit of learning to do. If I were to reformat my computer, would that fix the problem and get rid of any virus that I might have? Would I be able to put all the files that I do not want to part with in a flash drive and tansfer them back into the computer after the reformat is complete? Or would I just be putting a virus back in the computer if I do infact have a virus? Or is there any easier steps that you might be able to think about that Im not thinking of? Thank you for your help.

ps. i went on a cleaning spree and deleted a bunch of stuff (temp internet files, cookies), i also deleted my restore points on accident. oops.

burntdoughnuts · #2 (**permalink**) 20-08-2007, 09:59 AM

hijackthis log, thank you for your help:

Logfile of HijackThis v1.99.1
Scan saved at 12:32:31 PM, on 8/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\Jason\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Documents and Settings\Jason\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://focaljet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1184813561656
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

VopThis · #3 (**permalink**) 20-08-2007, 04:30 PM

You have leftover components from Norton Antivirus (no longer needed?). Accordingly, you would need to uninstall 'LiveUpdate' (Add/Remove Programs (Control Panel).

Additionally, download and run the Norton Removal Tool found here:

http://service1.symantec.com/SUPPORT...05033108162039

Reboot and post a revised HijackThis LOG and any current observations/improvements noted.

Let us see/review what is loaded on your PC:

Run HijackThis and Click Open the Misc Tools section button.
Then click the Open Uninstall Manager… button.
Click the Save list… button. Save uninstall_list to your desktop.
Open the Uninstall list file and post in your next reply, please.

burntdoughnuts · #4 (**permalink**) 20-08-2007, 05:18 PM

thanks for catching that, but im showing two live updates, does my spyware doctor have one too? well i deleted the one that was used the longest time ago, and kept the one that was dated to have been used today. should i get rid of that one too?

burntdoughnuts · #5 (**permalink**) 20-08-2007, 05:21 PM

oh, and which norton removal tool do i d/l? there seems to be several to choose from

burntdoughnuts · #6 (**permalink**) 20-08-2007, 05:49 PM

well i went ahead and downloaded the 2007 norton uninstal version because i bought my computer in 2007 and i ran that. it seems like it restarted faster but music still lags and things still "catch" a little when im doing things. here is the uninstall list you requested:

"Glest 2.0.0"
Acer eDataSecurity Management 1.00.26
Acer eLock Management
Acer Empowering Technology framework
Acer ePerformance Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Screensaver
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0
AIM 6.0
Bounce Symphony from WildGames (remove only)
DivX
DivX Converter
DivX Player
DivX Web Player
Doom Shareware for Windows 95
DVDFab Platinum 3.0.5.5 Ghosthunter release
GemMaster Mystic
Google Toolbar for Internet Explorer
HDAUDIO Soft Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB909667)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB918005)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
HP Deskjet 5400 series
HP Image Zone Express
HP Imaging Device Functions 5.0
HP Software Update
HP Solution Center & Imaging Support Tools 5.0
Intel(R) Graphics Media Accelerator Driver
InterActual Player
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 3
Launch Manager
LimeWire 4.12.11
Mario Forever 4.0
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSXML 6.0 Parser (KB933579)
NTI Backup NOW! 4.5
NTI CD & DVD-Maker
Otto
Paltalk Messenger
Paltalk Messenger Interop
PowerDVD
PowerProducer
QuickTime
Realtek High Definition Audio Driver
Security Task Manager 1.7e
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Sonic Encoders
Spyware Doctor 5.0
Synaptics Pointing Device Driver
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Media Center Edition 2005 KB912067

VopThis · #7 (**permalink**) 20-08-2007, 05:52 PM

Quote:

im showing two live updates

The RELEVANT updaters need to be identified and removed first. Run the following to help determine the relevant 'uninstall string' which would normally identify the the vendor in the FILE PATH obtained:

Quote:

Please download Deckard's System Scanner (DSS) to your desktop.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - Main.txt
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread in the HijackThis Log Help Forum.
An additional text file, Extra.txt,will also be available (by default) in the following FOLDER, C:\Deckard\System Scanner.
Please go to that FOLDER and also copy the contents of Extra.txt to your post as well.

Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

Quote:

What DSS will do:

Create a new System Restore point in Windows XP and Vista.
Clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
Check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed.

Post Logs:

DSS Scan Results: contents of:
- 1) Main.txt
- 2) Extra.txt

Quote:

which norton removal tool do i d/l?

If you locate and right click on the following file (properties) or any other available Symantec file, it may tell you what version it is part of:

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

burntdoughnuts · #8 (**permalink**) 20-08-2007, 06:24 PM

main.txt:

Deckard's System Scanner v20070819.64
Run by Jason on 2007-08-20 21:06:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
16: 2007-08-20 17:06:52 UTC - RP64 - Deckard's System Scanner Restore Point
15: 2007-08-19 18:00:14 UTC - RP63 - System Checkpoint
14: 2007-08-18 16:53:27 UTC - RP62 - System Checkpoint
13: 2007-08-15 19:04:36 UTC - RP61 - Software Distribution Service 3.0
12: 2007-08-14 00:53:17 UTC - RP60 - System Checkpoint

-- First Restore Point --
1: 2007-07-15 00:06:20 UTC - RP49 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).

-- HijackThis (run as Jason.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:09:27 PM, on 8/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\admServ.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\DOCUME~1\Jason\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Jason\Desktop\New Folder (3)\dss.exe
C:\PROGRA~1\Jason.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://focaljet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1184813561656
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 UBHelper - c:\windows\system32\drivers\ubhelper.sys
R1 OsaFsLoc - c:\windows\system32\drivers\osafsloc.sys <Not Verified; OSA Technologies; >
R2 int15.sys - c:\acer\empowering technology\erecovery\int15.sys
R2 osaio - c:\windows\system32\drivers\osaio.sys <Not Verified; OSA Technologies, An Avocent Company; Windows (R) 2000 DDK driver>
R2 osanbm - c:\windows\system32\drivers\osanbm.sys <Not Verified; Windows (R) 2000 DDK provider; OSA int15 Driver>
R3 NdisFilt (OSA NdisFilter Protocol) - c:\windows\system32\drivers\ndisfilt.sys <Not Verified; OSA Technologies; >
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 NETMNT (Acer NetMonitor Protocol) - c:\windows\system32\drivers\netmnt.sys
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AWService (AdminWorks Agent X6) - "c:\acer\empowering technology\admserv.exe" <Not Verified; Avocent Inc.; Acer Empowering framework>

S2 Symantec Core LC - "c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" (file missing)

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2007-07-20 and 2007-08-20 -----------------------------

2007-08-20 21:09:26 218112 --a------ C:\Program Files\Jason.exe <Not Verified; Soeperman Enterprises Ltd.; HijackThis>
2007-08-20 19:41:12 0 d--hs---- C:\FOUND.002
2007-08-20 16:17:51 218112 --a------ C:\Program Files\HijackThis.exe <HIJACK~1.EXE> <Not Verified; Soeperman Enterprises Ltd.; HijackThis>
2007-08-17 05:02:23 3413 --a------ C:\WINDOWS\system32\xtemp2.exe
2007-08-17 05:02:21 3413 --a------ C:\WINDOWS\system32\xtemp1.exe
2007-08-16 20:30:41 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-08-16 20:30:27 0 d-------- C:\Program Files\Security Task Manager
2007-08-15 23:18:25 0 d-------- C:\Program Files\MSXML 6.0
2007-08-14 17:09:14 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-08-09 19:31:50 0 d-------- C:\Program Files\Pocket Tanks Deluxe
2007-08-01 02:01:25 0 d-------- C:\WINDOWS\Sun
2007-08-01 02:01:25 0 d-------- C:\Documents and Settings\Jason\Application Data\Sun
2007-08-01 01:39:53 0 d-------- C:\Documents and Settings\Jason\Application Data\.gaim
2007-08-01 01:37:41 0 d-------- C:\Program Files\Paltalk Messenger Interop
2007-07-22 18:24:35 0 d-------- C:\Program Files\InterActual
2007-07-21 23:53:22 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-07-21 20:10:38 0 d-------- C:\Program Files\Spyware Doctor
2007-07-21 20:10:38 0 d-------- C:\Documents and Settings\Jason\Application Data\PC Tools
2007-07-21 20:09:14 73728 ---hs---- C:\WINDOWS\system32\memsys.dll
2007-07-21 06:01:26 0 d-------- C:\Documents and Settings\Jason\Application Data\Uniblue

-- Find3M Report ---------------------------------------------------------------

2007-08-20 21:09:28 7756 --a------ C:\Program Files\hijackthis.log <HIJACK~1.LOG>
2007-08-20 20:36:42 12 --a------ C:\WINDOWS\bthservsdp.dat
2007-07-11 06:06:30 188 --a------ C:\WINDOWS\system32\eDataSecurity.dat
2007-07-09 08:05:16 199 --a------ C:\Documents and Settings\Jason\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
2007-07-09 06:48:56 0 d-------- C:\Documents and Settings\Jason\Application Data\IrfanView
2007-06-28 06:50:16 0 d-------- C:\Documents and Settings\Jason\Application Data\Paltalk
2007-06-28 06:50:12 0 d-------- C:\Program Files\Paltalk Messenger

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [08/10/2006 07:29 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/03/2006 01:07 PM]
"RTHDCPL"="RTHDCPL.EXE" [06/28/2006 02:54 PM C:\WINDOWS\RTHDCPL.exe]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.exe" [08/10/2004 08:00 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.exe" [08/10/2004 08:00 PM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScI nst.exe" [08/10/2004 08:00 PM]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [07/20/2006 10:15 PM]
"LaunchApp"="Alaunch" []
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.e xe" [08/10/2004 08:00 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [03/23/2006 12:17 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [03/23/2006 12:17 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [03/23/2006 12:13 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/11/2005 11:12 PM]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [01/24/2006 06:00 PM]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 01:56 PM]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [12/27/2005 03:50 PM]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [12/21/2005 03:02 PM]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 PM C:\WINDOWS\Alcmtr.exe]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [10/24/2005 04:45 PM]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [05/22/2006 12:54 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/01/2006 03:57 PM]
"WildTangent CDA"="C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" [03/28/2005 05:24 PM]
"SkyTel"="SkyTel.EXE" [05/16/2006 06:04 PM C:\WINDOWS\SkyTel.exe]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [05/15/2006 11:15 AM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:56 AM C:\WINDOWS\system32\bthprops.cpl]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 08:00 PM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [11/07/2006 07:29 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [07/13/2007 05:43 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\R oyale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale. theme

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9232f6d0-37a4-11dc-b34e-0016cfc0d6c9}]
Auto\command- F:\boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

*Newly Created Service* - INT15.SYS

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{990B770D-62AE-5421-DA6D-16033B76258C}]
%SystemRoot%\system32\winup.exe

-- End of Deckard's System Scanner: finished at 2007-08-20 21:10:12 ------------

burntdoughnuts · #9 (**permalink**) 20-08-2007, 06:25 PM

extra.txt:

Deckard's System Scanner v20070819.64
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) M CPU 420 @ 1.60GHz
Percentage of Memory in Use: 62%
Physical Memory (total/avail): 502.04 MiB / 190.44 MiB
Pagefile Memory (total/avail): 1225.83 MiB / 949.34 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1963.34 MiB

C: is Fixed (FAT32) - 34.57 GiB total, 20.62 GiB free.
D: is Fixed (FAT32) - 35.06 GiB total, 17.8 GiB free.
E: is CDROM (No Media)

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

AV: Spyware Doctor with AntiVirus v (PC Tools)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Paltalk Messenger\\Paltalk.exe"="C:\\Program Files\\Paltalk Messenger\\Paltalk.exe:*:Enabled:Paltalk 9.1"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jason\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CRAMERLAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jason
LOGONSERVER=\\CRAMERLAPTOP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOW S\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MU VEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jason\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jason\LOCALS~1\Temp
USERDOMAIN=CRAMERLAPTOP
USERNAME=Jason
USERPROFILE=C:\Documents and Settings\Jason
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Jason (admin)
greg
Administrator (admin)
Guest (guest)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
"Glest 2.0.0" --> "C:\Program Files\Glest_2.0.0\unins000.exe"
Acer eDataSecurity Management 1.00.26 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E431C518-2EE2-471E-9234-BE995C36D513}\setup.exe" -l0x9 -removeonly
Acer eLock Management --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}
Acer Empowering Technology framework --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{15B70821-7893-4607-805A-BB80F3EA8279}
Acer ePerformance Management --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DEE08946-40F0-4890-853E-60A6C3306041}
Acer ePower Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x9
Acer ePresentation Management --> C:\WINDOWS\UnInst32.exe AcerePrj.UNI
Acer eSettings Management --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}
Acer GridVista --> C:\WINDOWS\UnInst32.exe GridV.UNI
Acer Screensaver --> MsiExec.exe /I{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AIM 6.0 --> C:\Program Files\AIM6\uninst.exe
Bounce Symphony from WildGames (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D6949518-A562-4307-A554-AC60D1E2A589\Uninstall.exe"
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Doom Shareware for Windows 95 --> C:\Program Files\Doom Shareware for Windows 95\uninstl.exe /S C:\Program Files\Doom Shareware for Windows 95
DVDFab Platinum 3.0.5.5 Ghosthunter release --> "C:\Program Files\DVDFab Platinum 3\unins000.exe"
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BF A&SUBSYS_1025007F\HXFSETUP.EXE -U -IWstAzlK.inf
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\s puninst.exe"
HijackThis 1.99.1 --> C:\DOCUME~1\Jason\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunins t.exe"
HP Deskjet 5400 series --> C:\Program Files\HP\Digital Imaging\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2I D PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Launch Manager --> C:\WINDOWS\UnInst32.exe LManager.UNI
LimeWire 4.12.11 --> "C:\Program Files\LimeWire\uninstall.exe"
Mario Forever 4.0 --> C:\Program Files\Mario Forever\uninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu ninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spunin st.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NTI Backup NOW! 4.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B06B842F-2450-494F-BBDE-217CDC151A37}\setup.exe" -l0x9 -uninst -removeonly
NTI CD & DVD-Maker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
Paltalk Messenger --> "C:\WINDOWS\Paltalk Messenger\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
Paltalk Messenger Interop --> "C:\Program Files\Paltalk Messenger Interop\uninstall.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.EXE" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Security Task Manager 1.7e --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Spyware Doctor 5.0 --> C:\Program Files\Spyware Doctor\unins000.exe
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUnin stall
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst .exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunin st.exe"
Windows XP Media Center Edition 2005 KB912067 --> "C:\WINDOWS\$NtUninstallKB912067$\spuninst\spunins t.exe"

-- Application Event Log -------------------------------------------------------

Event Record #/Type7420 / Error
Event Submitted/Written: 08/20/2007 05:50:54 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 439804484.

Event Record #/Type7419 / Error
Event Submitted/Written: 08/20/2007 05:50:36 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application paltalk.exe, version 9.88.1.205, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type7315 / Error
Event Submitted/Written: 08/19/2007 04:33:56 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 471789395.

Event Record #/Type7314 / Error
Event Submitted/Written: 08/19/2007 04:33:17 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type7265 / Error
Event Submitted/Written: 08/18/2007 05:44:18 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application paltalk.exe, version 9.88.1.205, faulting module mshtml.dll, version 7.0.6000.16525, fault address 0x00067e2e.
Processing media-specific event for [paltalk.exe!ws!]

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type52116 / Warning
Event Submitted/Written: 08/19/2007 07:34:00 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 0016CFC0D6C9. The IP address being used is 169.254.252.167.

Event Record #/Type52106 / Warning
Event Submitted/Written: 08/19/2007 07:27:54 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 0016CFC0D6C9. The IP address being used is 169.254.252.167.

Event Record #/Type52102 / Warning
Event Submitted/Written: 08/19/2007 07:24:25 PM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{583C2E90-0210-4055-8D92-7E48E5B31F21}.

Event Record #/Type52100 / Warning
Event Submitted/Written: 08/19/2007 07:23:53 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 0016CFC0D6C9. The IP address being used is 169.254.252.167.

Event Record #/Type52077 / Warning
Event Submitted/Written: 08/19/2007 07:08:21 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 0016CFC0D6C9. The IP address being used is 169.254.252.167.

-- End of Deckard's System Scanner: finished at 2007-08-20 21:10:12 ------------

VopThis · #10 (**permalink**) 20-08-2007, 07:56 PM

Quote:

CPU 0: Intel(R) Celeron(R) M CPU 420 @ 1.60GHz
Percentage of Memory in Use: 62%
Physical Memory (total/avail): 502.04 MiB / 190.44 MiB
Pagefile Memory (total/avail): 1225.83 MiB / 949.34 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1963.34 MiB

Your PC MAY perform a lot better with another 512MB of Memory. In general, the Celeron Processor is not as capable a CPU when real-time (always running) process components are added (Spyware Doctor). Onboard video (if applicable) can also be a significant performance bottleneck on available RAM memory. A dedicated video card (if possible) COULD result in significant improvements.

You are not running HijackThis (HJT) from a desired location. You really need to setup a dedicated folder for HJT items to avoid horrible clutter and/or potential lost backup issues.

It's best that the HijackThis tool NOT be located in its current location (particularly on your Desktop or in a TEMP folder). This way you can more easily undo any changes if something goes wrong.

Create a new folder in your C: Drive.
Name the FOLDER HijackThis (or HJT) such as C:\Program Files\HijackThis or C:\HJT and
Move the HijackThis.exe file into the newly created FOLDER.
Run HJT from there (and revise your shortcut accordingly).

SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.

HIDDEN FILES: To make sure you can see any and all hidden files, please follow the directions here

Submit the following file(s) to VirusTotal for their immediate evaluation and feedback. Use any of the following methods, as appropriate:

Locate FULL FILE PATH if not apparent. Use Start (BUTTON)>Search, [WINDOWS+F] keys, or F3 key (from desktop).
Copy & Paste the FULL FILE PATH into the input BOX
-- OR --
Navigate to the file in question.

Post those results in your next reply (if malware findings were indicated) for:

C:\WINDOWS\system32\xtemp2.exe
C:\WINDOWS\system32\xtemp1.exe

Quote:

J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 3

Your system has an outdated version(s) of Sun Java that could create serious security exposure issues for your PC.

Update your Java.

Older JAVA versions have vulnerabilities that malware can and are using to infect systems.

Please follow these steps to remove older version Java components.

Close any programs you may have running, ESPECIALLY your web browser
Click Start > Control Panel.
Click Add/Remove Programs.
Check any item with Java Runtime Environment (JRE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove all versions of Java.
Reboot your computer once all Java components are removed.

Download the latest version of Java Runtime Environment (JRE) 6.0 Update 2 or higher, and install it to your computer.

New Version should show as (HijackThis log):

C:\Program Files\Java\jre1.6.0_02\… or higher

POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.