PDA

View Full Version : Most of my Spyware, Malware and Virus porgrams are hanging the PC up



Bill H
2007-01-11, 20:56
In late November 2006, I purchased a P4 (3.2 Gig. Hertz, HTT type) and after installing it, I decided to check my programs to make sure that they would continue working with the new processor.

Several programs hung up the PC. Hung up in this case means that I had to unplug the PC and re-plug it in to get it to run again.

I have now returned to using my previously running Celeron (2.4 Gig. Hertz - No HTT), however the programs still Hang the PC.

I'm running Win2000 SP 4 on a clone PC with an Intel D865GLC motherboard Bios. 08/04/05 v 8.00.10 (their latest).

The programs which hang are:

Ad-Aware SE Personal (v 1.06r1)
SpybotSD (both v 1.3 and 1.4)
Xoftsoft (v 4.22)
AVG Free (v7.5.432)
SFC (v 5.000) Protected File Scanner [comes with windows]
Prime95 (v24.14) Stress tester

There are programs I haven't tried that probably will hang the PC as well.

Just before upgrading my CPU, I added one program and updated another.

The one I added was Stock Signal Pro (v 2.4 rev. 10-31). I upgraded AmiBroker (v4.7 to 4.8).

I checked with Stock Signal Pro and they claimed that they updated 2 system .dll's, but when I compared them (using a CHECKSUM generator) with the same files on another PC, they compared(i.e. no change)!

AmiBroker told me they don't change any system files. All they need is in their subdirectory. This directory is NOT in the execution path.

I've talked with Spybot's e-mail support and we tried changing several of the settings in Advanced Mode, but to no avail.

I was referred to this web site: http://forums.spybot.info/showthread.php?t=110 where I learned to run imageCFG and set the affinity to 0.

PC still hung while running SpybotSD.

In preparation to writing this post, I read the Before you Post post and found Trend Micro Online Scan and ran it.

It hung the PC up.

So I need someone's assistance to help me find out what's wrong with my PC and correct it.

tashi
2007-01-15, 09:26
Hello.

I don't know if this is a malware problem, but our helpers would need to see a log in order to make an attempt at analysis.

Can you produce a HJT log as shown in the topic here: "BEFORE you POST" (http://forums.spybot.info/showthread.php?t=288)

Then a helper will advise you as soon as available.

Cheers.

Bill H
2007-01-15, 19:34
That has been part of my problem. I don't know if it's hardware (some component on the motherboard gone bad) or if it's malware.

Thanks for asking. Here is the log you requested:

Logfile of HijackThis v1.99.1
Scan saved at 11:27:45 AM, on 1/15/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\dlcjcoms.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\12Ghosts\12popup.exe
C:\Program Files\TypeItIn\TypeItIn.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Internet and Other Programs\Anti-Virus Software\Hijacker Detection\HijackThis.exe

O2 - BHO: 12Ghosts Popup-Killer - {00000000-0007-5041-4354-0020e48020af} - C:\Program Files\12Ghosts\12popup.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: 12-Popup - {00000000-0008-5041-4354-0020e48020af} - C:\Program Files\12Ghosts\12popup.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Dimension4] C:\Program Files\D4\D4.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINNT\system32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcjmon.exe] "C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 964\memcard.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCPitStopEraser] C:\Program Files\PCPitstop\Erase\PCPitStopErase.exe /remindme
O4 - HKLM\..\Run: [PCPitstop Optimize Registration Reminder] C:\Program Files\PCPitstop\Optimize\Reminder.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: 12Ghosts Popup-Killer.lnk = C:\Program Files\12Ghosts\12popup.exe
O4 - Startup: TypeItIn.lnk = C:\Program Files\TypeItIn\TypeItIn.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7160FB1B-3DE0-4C42-81F0-41B4269990B0} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v12/ticker.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B7CF60D7-74FA-4A89-90DC-C56C9239360D} - http://files.blocks.com/SnapSheetInstall/SnapSheetsInstall.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://eurusdtrader.webex.com/client/T23L/webex/ieatgpc.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: x-atng - {7E8717B0-D862-11D5-8C9E-00010304F989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: dlcj_device - Unknown owner - C:\WINNT\system32\dlcjcoms.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


Thanks,

Bill

Bill H
2007-01-15, 20:01
tashi,

When preparing the HiJacker log, I realized that I hadn't run Sysbot in "Safe" mode.

So I re-booted into "Safe" mode and ran it. The system hung!

Bill

tashi
2007-01-20, 03:57
Hi Bill and sorry for the wait.

If you have not resolved the problem, we have this sticky topic:

If you have waited four days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836)

little eagle
2007-01-22, 05:07
Can you download HD Tune (http://security-central.us/downloads/hdtune_252.exe)

May just be running hot.

Bill H
2007-01-24, 02:00
little eagle,

I downloaded the program you referred me to and these are the results:

Benchmark:
HD Tune: MDT MD800JB-00CRA1 Benchmark

Transfer Rate Minimum : 5.4 MB/sec
Transfer Rate Maximum: 47.0 MB/sec
Transfer Rate Average : 37.1 MB/sec
Access Time : 13.7 ms
Burst Rate : 78.2 MB/sec
CPU Usage : 6.0%

Info:
HD Tune: MDT MD800JB-00CRA1 Information

Firmware version : 17.07W17
Serial number : MDT-PMA8C4128433
Capacity : 74.5 GB (~80.0 GB)
Buffer size : 8192 KB
Standard : ATA/ATAPI-5
Supported mode : UDMA Mode 5 (Ultra ATA/100)
Current mode : UDMA Mode 5 (Ultra ATA/100)

S.M.A.R.T : yes
48-bit Address : no
Read Look-Ahead : yes
Write Cache : yes
Host Protected Area : yes
Device Configuration Overlay : yes
Automatic Acoustic Management: yes
Power Management : yes
Advanced Power Management : no
Power-up in Standby : no
Security Mode : yes
Firmware Upgradable : yes

Partition : 1
Drive letter : C:\
Label : D865GLC - 80 Gig
Capacity : 76316 MB
Usage : 16.04%
Type : NTFS
Bootable : Yes

Health:
HD Tune: MDT MD800JB-00CRA1 Health

ID Current Worst ThresholdData Status
(01) Raw Read Error Rate 200 200 51 0 Ok
(03) Spin Up Time 100 85 21 5783 Ok
(04) Start/Stop Count 99 99 40 1769 Ok
(05) Reallocated Sector Count 194 194 140 83 Ok
(07) Seek Error Rate 100 253 51 0 Ok
(09) Power On Hours Count 87 87 0 9955 Ok
(0A) Spin Retry Count 100 100 51 0 Ok
(0B) Calibration Retry Count 100 100 51 0 Ok
(0C) Power Cycle Count 99 99 0 1762 Ok
(C4) Reallocated Event Count 194 194 0 6 Ok
(C5) Current Pending Sector 200 200 0 0 Ok
(C6) Offline Uncorrectable 200 200 0 0 Ok
(C7) Ultra DMA CRC Error Count 200 253 0 122 Ok
(C8) Write Error Rate 200 200 51 0 Ok

Power On Time : 9955
Health Status : Ok

Error Scan:
ran fine in Quick Scan and not-Quick Scan.

This was the result from the slower scan:
HD Tune: MDT MD800JB-00CRA1 Error Scan

Scanned data : 76288 MB
Damaged Blocks : 0.0 %
Elapsed Time : 35:43

This is the Benchmark after running the 35 minute error scan:
HD Tune: MDT MD800JB-00CRA1 Benchmark

Transfer Rate Minimum : 15.7 MB/sec
Transfer Rate Maximum : 46.3 MB/sec
Transfer Rate Average : 37.3 MB/sec
Access Time : 13.6 ms
Burst Rate : 78.8 MB/sec
CPU Usage : 7.0%

I could not figure out the thermometer, it didn't change even though I changed the temperature and the scale (C or F) being used.

I don't see a heat problem, do these thest results show you otherwise?

Bill

little eagle
2007-01-24, 05:20
I don't see a heat problem, do these thest results show you otherwise?

See if the new version helps. http://www.hdtune.com/
Check the temp while you are scanning.

Bill H
2007-01-24, 20:16
Quick Scan results:

HD Tune: MDT MD800JB-00CRA1 Error Scan

Scanned data : 76288 MB
Damaged Blocks : 0.0 %
Elapsed Time : 0:39

Benchmark after Quick Scan:

HD Tune: MDT MD800JB-00CRA1 Benchmark

Transfer Rate Minimum : 9.7 MB/sec
Transfer Rate Maximum : 46.3 MB/sec
Transfer Rate Average : 36.8 MB/sec
Access Time : 14.3 ms
Burst Rate : 78.7 MB/sec
CPU Usage : 6.4%

Non-Quick Scan results:

HD Tune: MDT MD800JB-00CRA1 Error Scan

Scanned data : 76288 MB
Damaged Blocks : 0.0 %
Elapsed Time : 38:49

Benchmark after the Non-Quick Scan:

HD Tune: MDT MD800JB-00CRA1 Benchmark

Transfer Rate Minimum : 12.5 MB/sec
Transfer Rate Maximum : 45.9 MB/sec
Transfer Rate Average : 36.9 MB/sec
Access Time : 13.6 ms
Burst Rate : 78.0 MB/sec
CPU Usage : 6.5%

The temperature is displayed in the lower right of the task bar.

It hasn't budged from 00.

I'm still not seeing a hard drive heat problem.

Bill

little eagle
2007-01-25, 03:34
Lets try running combofix.exe
Download it from one of the links below:

http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Bill H
2007-01-26, 00:19
O.K. little eagle,

Here it is:

"Administrator" - Thu 01/25/2007 16:06:16 Service Pack 4
ComboFix 07-01-25 - Running from: "C:\Internet and Other Programs\Debugging Problems\ComboFix"

((((((((((((((((((((((((((((((( Files Created from 2006-12-25 to 2007-01-25 ))))))))))))))))))))))))))))))))))


2007-01-23 17:06 <DIR> d-------- C:\Program Files\HD Tune
2007-01-23 16:36 <DIR> d-------- C:\Program Files\RegistryFix
2007-01-23 16:33 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Uniblue
2007-01-19 13:18 2,944 --a------ C:\WINNT\system32\mbmiodrvr.sys
2007-01-19 13:18 <DIR> d-------- C:\Program Files\Motherboard Monitor 5
2007-01-19 13:09 1,026 --a------ C:\WINNT\system32\PcUndo.reg
2007-01-19 12:34 3,968 --a------ C:\WINNT\system32\drivers\avgclean.sys
2007-01-19 12:34 18,240 --a------ C:\WINNT\system32\drivers\avgmfx86.sys
2007-01-19 12:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\AVG7
2007-01-19 12:28 816,672 --a------ C:\WINNT\system32\drivers\avg7core.sys
2007-01-19 12:28 4,960 --a------ C:\WINNT\system32\drivers\avgtdi.sys
2007-01-19 12:28 4,224 --a------ C:\WINNT\system32\drivers\avg7rsw.sys
2007-01-19 12:28 28,416 --a------ C:\WINNT\system32\drivers\avg7rsxp.sys
2007-01-19 12:28 26,880 --a------ C:\WINNT\system32\drivers\avg7rsnt.sys
2007-01-19 12:28 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\AVG7
2007-01-19 12:28 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Application Data\AVG7
2007-01-19 12:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-01-19 10:26 71,680 --a------ C:\WINNT\ST5UNST.EXE
2007-01-19 10:26 4,608 --a------ C:\WINNT\system32\Rsrc32.dll
2007-01-19 10:26 29,696 --a------ C:\WINNT\system32\VB5StKit.dll
2007-01-19 10:26 12,288 --a------ C:\WINNT\system32\regocx32.exe
2007-01-19 10:26 <DIR> d-------- C:\Program Files\Easy Desk Utilities
2007-01-17 11:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-01-11 11:05 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6
2007-01-11 10:00 51,472 --a------ C:\WINNT\system32\imagecfg.exe
2007-01-08 09:58 <DIR> d-------- C:\Program Files\Prime95
2007-01-07 09:42 1,728 --a------ C:\DOCUME~1\ADMINI~1\sfc.bat
2007-01-03 09:35 <DIR> d-------- C:\Program Files\Advanced CheckSum Verifier
2007-01-03 07:27 <DIR> d-------- C:\WINNT\DrWatson
2006-12-31 11:41 <DIR> d-------- C:\WINNT\system32\DRM
2006-12-26 11:44 <DIR> d-------- C:\Program Files\Fidelity Investments


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-25 16:00 -------- d-------- C:\Program Files\amibroker
2007-01-25 08:44 -------- d-------- C:\Program Files\dl_cats
2007-01-20 09:12 -------- d-------- C:\Program Files\editplus 2
2007-01-19 13:14 -------- d--h----- C:\Program Files\installshield installation information
2007-01-19 13:00 -------- d---s---- C:\DOCUME~1\ADMINI~1\Application Data\microsoft
2007-01-19 12:24 -------- d-------- C:\Program Files\grisoft
2007-01-19 11:23 -------- d-------- C:\Program Files\regclean
2007-01-19 11:04 271 ---h----- C:\Program Files\desktop.ini
2007-01-19 11:04 21952 ---h----- C:\Program Files\folder.htt
2007-01-19 10:44 -------- d-ah----- C:\Program Files\windowsupdate
2007-01-18 23:46 -------- d-------- C:\Program Files\Common Files\adobe
2007-01-18 23:46 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\adobeum
2007-01-18 10:38 -------- d-------- C:\Program Files\incrediblecharts
2007-01-11 10:03 -------- d-------- C:\Program Files\sspbackup
2007-01-11 08:55 -------- d-------- C:\Program Files\telechart
2007-01-08 13:45 -------- d-------- C:\Program Files\intel
2007-01-06 21:40 -------- d-------- C:\Program Files\xoftspy
2007-01-03 09:48 -------- d-------- C:\Program Files\Common Files\software fx shared
2007-01-03 09:10 -------- d-------- C:\Program Files\pcpitstop
2007-01-01 08:10 44288 --a------ C:\WINNT\system32\drivers\cdr4_2K.sys
2006-12-26 11:55 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\fidelity wealth-lab pro
2006-12-26 11:20 -------- d-------- C:\Program Files\typeitin
2006-12-26 11:20 -------- d-------- C:\Program Files\quicktime
2006-12-26 11:20 -------- d-------- C:\Program Files\itunes
2006-12-26 11:20 -------- d-------- C:\Program Files\dell photo aio printer 964
2006-12-26 11:20 -------- d-------- C:\Program Files\12ghosts
2006-12-24 12:51 -------- d-------- C:\Program Files\wealth-lab pro
2006-12-24 11:54 -------- d-------- C:\Program Files\program files
2006-12-21 08:51 290676 --------- C:\SnapSheets-Remover.exe
2006-12-16 13:05 -------- d-------- C:\Program Files\paltalk messenger
2006-12-07 19:02 2174976 --------- C:\WINNT\system32\wmvcore.dll
2006-11-29 14:28 40 -r-h----- C:\Program Files\winx14.dl
2006-11-28 08:28 15084479 --------- C:\sspinstall.exe
2006-11-21 14:19 290366 --------- C:\TeleChart-Settings.exe
2006-11-21 13:51 290907 --------- C:\TeleChart-Remover.exe
2006-11-21 08:38 6744744 --------- C:\telechartinst.exe
2006-11-06 12:47 596480 --a------ C:\WINNT\system32\inetcomm.dll
2006-11-06 11:35 531568 --------- C:\WINNT\system32\rmactivate_isv.exe
2006-11-06 11:35 523376 --------- C:\WINNT\system32\rmactivate.exe
2006-11-06 11:35 519280 --------- C:\WINNT\system32\secproc_isv.dll
2006-11-06 11:35 518768 --------- C:\WINNT\system32\secproc.dll
2006-11-06 11:35 358000 --------- C:\WINNT\system32\rmactivate_ssp.exe
2006-11-06 11:35 354416 --------- C:\WINNT\system32\rmactivate_ssp_isv.exe
2006-11-06 11:35 323696 --------- C:\WINNT\system32\msdrm.dll
2006-11-06 11:35 192624 --------- C:\WINNT\system32\secproc_ssp_isv.dll
2006-11-06 11:35 192624 --------- C:\WINNT\system32\secproc_ssp.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FlashPlayerUpdate"="C:\\WINNT\\system32\\Macromed\\Flash\\GetFlash.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"IgfxTray"="C:\\WINNT\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINNT\\system32\\hkcmd.exe"
"Dimension4"="C:\\Program Files\\D4\\D4.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"DLCJCATS"="rundll32 C:\\WINNT\\system32\\spool\\DRIVERS\\W32X86\\3\\DLCJtime.dll,_RunDLLEntry@16"
"dlcjmon.exe"="\"C:\\Program Files\\Dell Photo AIO Printer 964\\dlcjmon.exe\""
"MemoryCardManager"="\"C:\\Program Files\\Dell Photo AIO Printer 964\\memcard.exe\""
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"PCPitStopEraser"="C:\\Program Files\\PCPitstop\\Erase\\PCPitStopErase.exe /remindme"
"PCPitstop Optimize Registration Reminder"="C:\\Program Files\\PCPitstop\\Optimize\\Reminder.exe"
"PC Pitstop Optimize Scheduler"="C:\\Program Files\\PCPitstop\\Optimize\\PCPOptimize.exe -boot"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"MBM 5"="\"C:\\Program Files\\Motherboard Monitor 5\\MBM5.EXE\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
rpcss REG_MULTI_SZ RpcSs\0\0
wugroup REG_MULTI_SZ wuauserv\0\0
BITSgroup REG_MULTI_SZ BITS\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\XoftSpy.job

Completion time: Thu 2007-01-25 16:08:27

Bill

little eagle
2007-01-26, 02:00
Not seeing anything there. I don't belive that it is spyware that is causing you trouble.

Might try these guys thay may have a better idea. http://forum.computertrouble.co.uk/index.php

tashi
2007-02-05, 08:53
This topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.