PDA

View Full Version : bad start on last log can we try again please?



justime8
2008-07-27, 04:00
had family emergency sorry I was not able to follow up with my last post i will be sure to follow this one!
here is my hjt log(a new one)
6/24/2008 9:18:45 AM Downloaded update info file. (http://www.safer-networking.org/updates/spybotsd.ini)
6/24/2008 9:19:30 AM downloaded update Detection rules: Dialers
6/24/2008 9:19:30 AM - URL: http://www.spybotupdates.biz/updates/files/includes.dialer.zip
6/24/2008 9:19:30 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.dialer.zip
6/24/2008 9:19:40 AM downloaded update Detection rules: Hijackers
6/24/2008 9:19:40 AM - URL: http://www.spybotupdates.biz/updates/files/includes.hijackers.zip
6/24/2008 9:19:40 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.hijackers.zip
6/24/2008 9:19:44 AM downloaded update Detection rules: Keyloggers
6/24/2008 9:19:44 AM - URL: http://www.spybotupdates.biz/updates/files/includes.keyloggers.zip
6/24/2008 9:19:44 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.keyloggers.zip
6/24/2008 9:20:09 AM downloaded update Detection rules: Malware
6/24/2008 9:20:09 AM - URL: http://www.spybotupdates.biz/updates/files/includes.malware.zip
6/24/2008 9:20:09 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.malware.zip
6/24/2008 9:20:15 AM downloaded update Detection rules: PUPS
6/24/2008 9:20:15 AM - URL: http://www.spybotupdates.biz/updates/files/includes.pups.zip
6/24/2008 9:20:15 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.pups.zip
6/24/2008 9:20:16 AM downloaded update Detection rules: Security
6/24/2008 9:20:16 AM - URL: http://www.spybotupdates.biz/updates/files/includes.security.zip
6/24/2008 9:20:16 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.security.zip
6/24/2008 9:20:27 AM downloaded update Detection rules: Spybots
6/24/2008 9:20:27 AM - URL: http://www.spybotupdates.biz/updates/files/includes.spybots.zip
6/24/2008 9:20:27 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.spybots.zip
6/24/2008 9:21:02 AM downloaded update Detection rules: Supplemental
6/24/2008 9:21:02 AM - URL: http://www.spybotupdates.biz/updates/files/supplemental.zip
6/24/2008 9:21:02 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\supplemental.zip
6/24/2008 9:21:34 AM downloaded update Detection rules: Trojans
6/24/2008 9:21:34 AM - URL: http://www.spybotupdates.biz/updates/files/includes.trojans.zip
6/24/2008 9:21:34 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.trojans.zip
6/24/2008 9:22:07 AM downloaded update Detection rules: Update
6/24/2008 9:22:07 AM - URL: http://www.spybotupdates.biz/updates/files/includes.zip
6/24/2008 9:22:07 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
6/24/2008 9:22:28 AM downloaded update English descriptions
6/24/2008 9:22:28 AM - URL: http://www.spybotupdates.biz/updates/files/desc.english.zip
6/24/2008 9:22:28 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\desc.english.zip
6/24/2008 9:22:30 AM downloaded update English language
6/24/2008 9:22:30 AM - URL: http://www.spybotupdates.biz/updates/files/lang.english.zip
6/24/2008 9:22:30 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\lang.english.zip
6/24/2008 9:22:31 AM downloaded update F/P Fixes
6/24/2008 9:22:31 AM - URL: http://www.xteq.de/spybot/updates/fpfix.zip
6/24/2008 9:22:31 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\fpfix.zip
6/24/2008 9:22:43 AM Downloaded update info file. (http://www.safer-networking.org/updates/spybotsd.ini)
7/16/2008 2:48:31 PM Downloaded update info file. (http://www.safer-networking.org/updates/spybotsd.ini)
7/16/2008 2:48:58 PM downloaded update Detection rules: Hijackers
7/16/2008 2:48:58 PM - URL: http://www.spybotupdates.biz/updates/files/includes.hijackers.zip
7/16/2008 2:48:58 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.hijackers.zip
7/16/2008 2:49:03 PM downloaded update Detection rules: Keyloggers
7/16/2008 2:49:03 PM - URL: http://www.spybotupdates.biz/updates/files/includes.keyloggers.zip
7/16/2008 2:49:03 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.keyloggers.zip
7/16/2008 2:49:28 PM downloaded update Detection rules: Malware
7/16/2008 2:49:28 PM - URL: http://www.spybotupdates.biz/updates/files/includes.malware.zip
7/16/2008 2:49:28 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.malware.zip
7/16/2008 2:49:37 PM downloaded update Detection rules: PUPS
7/16/2008 2:49:37 PM - URL: http://www.spybotupdates.biz/updates/files/includes.pups.zip
7/16/2008 2:49:37 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.pups.zip
7/16/2008 2:49:38 PM downloaded update Detection rules: Security
7/16/2008 2:49:38 PM - URL: http://www.spybotupdates.biz/updates/files/includes.security.zip
7/16/2008 2:49:38 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.security.zip
7/16/2008 2:49:47 PM downloaded update Detection rules: Spybots
7/16/2008 2:49:47 PM - URL: http://www.spybotupdates.biz/updates/files/includes.spybots.zip
7/16/2008 2:49:47 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.spybots.zip
7/16/2008 2:50:23 PM downloaded update Detection rules: Supplemental
7/16/2008 2:50:23 PM - URL: http://www.spybotupdates.biz/updates/files/supplemental.zip
7/16/2008 2:50:23 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\supplemental.zip
7/16/2008 2:50:57 PM downloaded update Detection rules: Trojans
7/16/2008 2:50:57 PM - URL: http://www.spybotupdates.biz/updates/files/includes.trojans.zip
7/16/2008 2:50:57 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.trojans.zip
7/16/2008 2:51:35 PM downloaded update Detection rules: Update
7/16/2008 2:51:35 PM - URL: http://www.spybotupdates.biz/updates/files/includes.zip
7/16/2008 2:51:35 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
7/16/2008 2:51:53 PM downloaded update English descriptions
7/16/2008 2:51:53 PM - URL: http://www.spybotupdates.biz/updates/files/desc.english.zip
7/16/2008 2:51:53 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\desc.english.zip
7/16/2008 2:51:55 PM downloaded update English language
7/16/2008 2:51:55 PM - URL: http://www.spybotupdates.biz/updates/files/lang.english.zip
7/16/2008 2:51:55 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\lang.english.zip
7/16/2008 3:06:31 PM Downloaded update info file. (http://www.safer-networking.org/updates/spybotsd.ini)
7/26/2008 12:47:35 PM Downloaded update info file. (http://www.safer-networking.org/updates/spybotsd.ini)
7/26/2008 12:47:49 PM Downloaded update info file. (http://www.safer-networking.org/updates/spybotsd.ini)
7/26/2008 12:48:29 PM downloaded update Detection rules: Malware
7/26/2008 12:48:29 PM - URL: http://spybot.securitywonks.org/spybot/updates/includes.malware.zip
7/26/2008 12:48:29 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.malware.zip
7/26/2008 12:49:06 PM downloaded update Detection rules: Supplemental
7/26/2008 12:49:06 PM - URL: http://spybot.securitywonks.org/spybot/updates/supplemental.zip
7/26/2008 12:49:06 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\supplemental.zip
7/26/2008 12:49:40 PM downloaded update Detection rules: Trojans
7/26/2008 12:49:40 PM - URL: http://spybot.securitywonks.org/spybot/updates/includes.trojans.zip
7/26/2008 12:49:40 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.trojans.zip
7/26/2008 12:50:44 PM downloaded update Detection rules: Update
7/26/2008 12:50:44 PM - URL: http://spybot.securitywonks.org/spybot/updates/includes.zip
7/26/2008 12:50:44 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
7/26/2008 12:52:55 PM Downloaded update info file. (http://www.safer-networking.org/updates/spybotsd.ini)
7/26/2008 4:01:55 PM Downloaded update info file. (http://www.safer-networking.org/updates/spybotsd.ini)
should I run that dss.exe as I was told in the post that I did not respond to in time? http://forums.spybot.info/showthread.php?t=31101

thanks or you time

Blade81
2008-07-30, 16:01
Hi

You seem to have posted some other log than hjt log :) Please run DSS.exe and post back the reports it generates.

justime8
2008-07-31, 11:06
Deckard's System Scanner v20071014.68
Run by justin2 on 2008-07-30 23:54:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
34: 2008-07-31 07:54:46 UTC - RP167 - Deckard's System Scanner Restore Point
33: 2008-07-31 01:13:05 UTC - RP166 - System Checkpoint
32: 2008-07-30 01:10:36 UTC - RP165 - System Checkpoint
31: 2008-07-29 00:32:22 UTC - RP164 - System Checkpoint
30: 2008-07-28 00:10:36 UTC - RP163 - System Checkpoint


-- First Restore Point --
1: 2008-07-02 02:40:33 UTC - RP134 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as justin2.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:18 PM, on 7/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\justin2\Desktop\dss.exe
C:\DOCUME~1\justin2\Desktop\HIJACK~1\justin2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mtasolutions.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtasolutions.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: Yahoo! Pyramids - http://download2.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 5360 bytes

-- File Associations -----------------------------------------------------------

.exe - exefile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ClntMgmt (Compaq Client Management Driver) - c:\windows\system32\drivers\clntmgmt.sys <Not Verified; Compaq Computer Corp; Compaq Client Management Driver>

S4 catchme - c:\docume~1\justin2\locals~1\temp\catchme.sys (file missing)
S4 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CPQALERT (Compaq Local Alerter) - c:\program files\compaq\compaq management agents\cpqalert.exe <Not Verified; Compaq Computer Corporation; Compaq Management Agents>
R2 CpqDfwWebAgent (Compaq Remote Diagnostics Enabling Agent) - c:\windows\cpqdiag\cpqdfwag.exe <Not Verified; Compaq Computer Corporation; Compaq Remote Diagnostics Enabling Agent>
R2 cpqWebDmi (Compaq DMI Web Agent) - c:\progra~1\compaq\compaq~1\cpqweb~1\webdmi.exe <Not Verified; Compaq Computer Corporation; Compaq Management Agents>
R2 Diskeeper - "c:\program files\executive software\diskeeper\dkservice.exe" <Not Verified; Executive Software International, Inc.; Diskeeper (TM) Disk Defragmenter>

S2 cpqdmi - c:\progra~1\compaq\compaq~1\cpqdmi.exe <Not Verified; Compaq Computer Corporation; Compaq Management Agents>
S4 WIN32SL - c:\program files\compaq\compaq management agents\dmi\win32\bin\win32sl.exe <Not Verified; Intel; DMI 2.0 SDK>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: SMC EZ Card 10/100 PCI (SMC1211TX)
Device ID: PCI\VEN_1113&DEV_1211&SUBSYS_12111113&REV_10\4&25296D99&0&20F0
Manufacturer: SMC
Name: SMC EZ Card 10/100 PCI (SMC1211TX)
PNP Device ID: PCI\VEN_1113&DEV_1211&SUBSYS_12111113&REV_10\4&25296D99&0&20F0
Service: rtl8139

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&36B16CB7&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&36B16CB7&0
Service: i8042prt


-- Files created between 2008-06-30 and 2008-07-30 -----------------------------

Nothing created in this timespan.


-- Find3M Report ---------------------------------------------------------------

2008-07-26 10:50:06 0 d-------- C:\Documents and Settings\justin2\Application Data\AVG7
2008-06-26 12:05:18 0 d-------- C:\Documents and Settings\justin2\Application Data\Adobe
2008-06-24 15:17:47 0 d-------- C:\Program Files\Enigma Software Group
2008-06-16 18:56:34 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-16 18:48:41 3333 --a----c- C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/25/2008 04:24 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [05/26/2008 08:45 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkAdmin]
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr]
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrust PestPatrol Active Protection]
none

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WIN32SL"=2 (0x2)
"SoundMAX Agent Service (default)"=2 (0x2)
"gusvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EasyFreeWebCam"=
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"nwiz"=nwiz.exe /install
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"CPQDFWAG"=C:\WINDOWS\Cpqdiag\CpqDfwAg.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0c3f2c8-aa02-11dc-833c-806d6172696f}\Name]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0c3f2c8-aa02-11dc-833c-806d6172696f}\Name- Sub Command]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9636d46-2b44-11dc-a62b-806d6172696f}]
AutoRun\command- D:\autorun.exe




-- End of Deckard's System Scanner: finished at 2008-07-30 23:56:47 ------------

Blade81
2008-07-31, 22:53
Hi


Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.


Start hjt, do a system scan, check:
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

Close browsers and fix checked.


Creating & executing batch file
-------------------------------

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop. (If you are still unsure on how to do this there is a little tutorial with pictures here (http://www.nellie2.co.uk/file.htm#How_to_Make_a_.Bat_File))
@echo off
sc stop catchme
sc delete catchme

Double-click on fixes.bat file to execute it.



Delete following file if found:
c:\Documents and Settings\justin2\Local Settings\temp\catchme.sys


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 7 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says
The J2SE Runtime Environment (JRE) allows end-users to run Java applications.

Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.



Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.nl/scanforvirus-en/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, click Yes.
The program will launch and start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings and select the following:
Scan using the following Anti-Virus database:
Extended (If available, otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK.
Under
select a target to scan
, select My Computer.
The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.Once the scan is complete:
Click on the Save as Text button.
Save the file to your desktop.
Copy and paste that information into your next post if the AV content will fit into one post only. Post a fresh hjt log too.


Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

If having a problme doing the above

Make sure that your Internet security settings are set to default values.

To set default security settings for Internet Explorer:

* Open Internet Explorer.
* Go to the Tools menu, then choose Internet Options.
* Click on the Security tab.
* Make sure that all four item (Internet, Local intranet, Trusted sites, and Restricted sites) are set to their default settings.

justime8
2008-08-01, 06:51
ok here is the new hjt log and a kaspersky log i hope this is right ! i have followed all your instructions and now i am going to run s&d again see if it still comes up with a trojan. here they are.

-------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:45:55 PM, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\justin2\Desktop\HiJackThis\justin2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mtasolutions.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtasolutions.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: Yahoo! Pyramids - http://download2.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe

--
End of file - 5854 bytes
and here is the kaspersky log

------------------------------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, July 31, 2008 7:35:10 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/08/2008
Kaspersky Anti-Virus database records: 1037143


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\

Scan Statistics
Total number of scanned objects 26429
Number of viruses found 1
Number of infected objects 3
Number of suspicious objects 0
Duration of the scan process 00:29:57

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\justin2\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\justin2\Desktop\saved downloads\Spiceworks.exe/stream/data2937 Infected: not-a-virus:PSWTool.Win32.ProductKey.b skipped
C:\Documents and Settings\justin2\Desktop\saved downloads\Spiceworks.exe/stream Infected: not-a-virus:PSWTool.Win32.ProductKey.b skipped
C:\Documents and Settings\justin2\Desktop\saved downloads\Spiceworks.exe NSIS: infected - 2 skipped
C:\Documents and Settings\justin2\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\justin2\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\justin2\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\justin2\Local Settings\History\History.IE5\MSHist012008073120080801\index.dat Object is locked skipped
C:\Documents and Settings\justin2\Local Settings\Temp\~DFE41A.tmp Object is locked skipped
C:\Documents and Settings\justin2\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\justin2\ntuser.dat Object is locked skipped
C:\Documents and Settings\justin2\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\COMPAQ\Compaq Management Agents\Dmi\Win32\mifdb\errors.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\SystemVolume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP169\change.log Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_690.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

Blade81
2008-08-01, 08:56
Hi

That looks quite good :) Are you familiar with C:\Documents and Settings\justin2\Desktop\saved downloads\Spiceworks.exe file? If not upload it to http://virusscan.jotti.org and post back the results.

justime8
2008-08-01, 09:27
ok here is the http://virusscan.jotti.org/ scan and i need to ask
my S&D scan says twice that it has a problem (trojan) and the the error is stored in a error log but I have not been able to locate the log so looking at it is out. thats where you come in !!! just finnished a new S&D scan if I could look at the log I may be able to find the problem.


Scan taken on 01 Aug 2008 06:17:34 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found not-a-virus:PSWTool.Win32.ProductKey.b
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Blade81
2008-08-01, 09:35
Hi

Ok. The Kaspersky finding is quite likely a false positive. Which version of Spybot are you using?

justime8
2008-08-01, 09:39
version 1.4 with all updates current

Blade81
2008-08-01, 09:55
Hi

Please uninstall it and then download & install latest one found here (http://fileforum.betanews.com/detail/Spybot_Search_and_Destroy/1043809773/1). Try running scan with it.

justime8
2008-08-01, 10:53
version 1.6.0 is the right one? if so doing scan now

Blade81
2008-08-01, 11:01
Yes, that's the correct one :)

justime8
2008-08-01, 11:16
this scan says I'm cleen or, no immediate threats found. want a new kaspersky log?

justime8
2008-08-01, 11:18
scan was made in default mode is this correct?

Blade81
2008-08-01, 11:19
Hi

No need to do new Kaspersky scan :) I believe we're ready here if the system is running ok.

justime8
2008-08-01, 11:28
well it seems to be running fine. except for my reboot times are way longer especialy shut down. once it gets to windows desktop and my avg and comodo get running it serfs just fine.

Blade81
2008-08-01, 11:32
You could check here (http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html) for hints improving system speed. Sometimes simple hard drive defragment works.

justime8
2008-08-01, 11:42
well when i use autoruns and remove these entries (HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components 0 File not found: About:Home

HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components

lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys
PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys
PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys
PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys
PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys
WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys

from the lists that time speeds way up like by triple. does this tell you anything?

justime8
2008-08-01, 11:46
is there any way to find out wich programs or apps. are looking for these files?

Blade81
2008-08-01, 12:02
Hi

These things are more like other than malware related. Since we deal only with malware issues here I recommend asking at one of these forums:
PC Pitstop (http://forums.pcpitstop.com/)
TechGuy (http://forums.techguy.org)
What The Tech (http://forums.whatthetech.com)

justime8
2008-08-01, 12:29
well thank you for helping me and my computer one last question why was spybot not telling me that I did need to update to a newer version and it was still giving me updates weekly?

Blade81
2008-08-01, 15:20
You're welcome :)

I believe this (http://forums.spybot.info/announcement.php?f=4) announcement answers to your question:

Users with very old hardware, and users of Windows 95 who could not use Spybot-S&D 1.4, chose to stay with very old versions of the software, and we tried to accomodate them by still offering them the updates, with the limitation that Spybot-S&D would complain about a lot of incompatible detection patterns and results would have to be used with extra care.

justime8
2008-08-02, 22:43
well that is strange I must have downloaded an out dated version about a year and a half ago hmm... ok then is that all?

Blade81
2008-08-03, 10:08
Hi

It was up-to-date version that time. :) Yes, I think we're ready if you don't have any other malware related problems.

Blade81
2008-08-10, 22:47
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.