Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Alfacleaner / CoolWebSearch - Remaining Artifacts


  • Please log in to reply

#16
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,941 posts
I think we will have to blame CCleaner for killing your soundcard.
Better put back the backup you made.

We will try something else first, since someone informed me that the Windows Update in the Control Panel goes to the site as well. :whistling:
Please copy and paste the text in the quote box into the Notepad window (including the Windows Registry Editor Version 5.00):
(Note: copy and paste from Windows Registry Editor Version 5.00 down – Don’t include the word quote from the quote box)

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup]
"SteppingMode"="Y"


Click File and then select Save As
In the ‘Save in’ box - Save it to your Desktop
In the ‘File name’ box – type in steptoe.reg
In the ‘Save as type’ box - use the drop down arrow and select All Files
Click Save
Close Notepad


Close all open windows and Browsers


Double Click steptoe.reg on your Desktop
When it asks you if you want to merge the contents to the registry, click yes/ok.
A window saying “Information in steptoe.reg has been successfully entered into the registry” should come up – Click OK.


Reboot your PC

Now if you surf to the update site you should get a confirmation box for every step.
This will hopefully help us figure out where it goes wrong exactly.

Let me know which steps you can perform before your computer starts to act up.

Regards,
  • 0

Advertisements


#17
kdfrawg

kdfrawg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Pieter -

I think I might try to reinstall the sound card first, rather than restoring the registry. For some reason, restoring the registry makes me nervous. I'll look around and see if anything else is missing before I decide for sure.

I performed the steps that you gave me. I got the messages that you thought I should get, except I got "Add" instead of "Merge." Then I rebooted. When I went to Windows Update, there was no difference from when I was there the last time. There may have been a little more system activity in Task Manager. But I didn't get any confirmation boxes at the site.

What do you think?

Michael
  • 0

#18
kdfrawg

kdfrawg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Pieter -

This is my second post in a row. I didn't want you to miss the forst one because this one is here, too. I looked at Device Manager and it thinks the sound card is alive and well. However, applications such as Media Play and Volume Control don't think there is a sound device installed.

Do you think I should fall back to the registry backup we made yesterday? And, if so, are these the instructions that I should use to do it:?

To restore the registry
Open Registry Editor.
Click Options, and then click Print to print these instructions. (If you are using the Help and Support Center, click Print above the topic area.) They will not be available after you shut down your computer in step 2.
Click Start, and then click Shut Down.
In the list, click Restart, and then click OK.
When you see the message Please select the operating system to start, press F8.
Use the arrow keys to highlight Last Known Good Configuration, and then press ENTER.
NUM LOCK must be off before the arrow keys on the numeric keypad will function.

Use the arrow keys to highlight an operating system, and then press ENTER.
Caution

Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on your computer.
Notes

To open Registry Editor, click Start, click Run, type regedit, and then click OK.
Choosing Last Known Good Configuration provides a way to recover from problems such as a newly added driver that may be incorrect for your hardware. It does not solve problems caused by corrupted or missing drivers or files.
When you choose Last Known Good Configuration, Windows restores information in registry key HKLM\System\CurrentControlSet only. Any changes you have made in other registry keys remain.


Thanks!

Michael
  • 0

#19
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,941 posts
Hi Michael,

I was referring to the backup that CCleaner made.
It should be in your "My Documents" folder and have a name that looks like this: cc_20060829_1429.reg

You can use it the same way we merged the other regfile.
Doubleclick it and confirm you want to merge it.

Can you tell me how far you get at the Wijndows Update site?
F.e. does it show any updates you are missing?
  • 0

#20
kdfrawg

kdfrawg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

Pieter -

I think I might try to reinstall the sound card first, rather than restoring the registry. For some reason, restoring the registry makes me nervous. I'll look around and see if anything else is missing before I decide for sure.

I performed the steps that you gave me. I got the messages that you thought I should get, except I got "Add" instead of "Merge." Then I rebooted. When I went to Windows Update, there was no difference from when I was there the last time. There may have been a little more system activity in Task Manager. But I didn't get any confirmation boxes at the site.

What do you think?

Michael


I did that in the post above the last one. Sorry for posting two in a row. I guess I got us out of step.

Michael
  • 0

#21
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,941 posts
I guess so Michael. I'm at aloss as to where we stand now.

I would like you to perform the procedure below and then let me know which problems are left to be dealt with.

Please print out or copy these instructions/tutorial to Notepad as the internet will not be available to you at certain points of the removal process (while in Safe Mode). Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.


1. Download and update Ewido.

First download Ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded Ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete, run Ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close Ewido anti-spyware, Do Not run a scan just yet


2. Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
3. Run Smitfraud Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


4. Clean out your Temporary Internet files. Proceed as follows:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.

5. Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

6. Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

7. Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Note: IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
8. Close Ewido and Reboot back into Normal Windows Mode

9. Run SmitfraudFix. Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

10. Please Post the following logs:
  • c:\rapport.txt
  • Ewido log
  • A new HijackThis log
Your may need several replies to post the requested logs, otherwise they might get cut off.


Regards,
  • 0

#22
kdfrawg

kdfrawg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Pieter -

I am sorry, but we are maybe attempting to communicate on different wavelengths.

First, I followed the instructions you gave me involving "SteppingMode"="Y". I then went to Windows Update. I did not get any "confirmation boxes" while Windows Update was running. There was no difference in running windows update before and after the "SteppingMode"="Y" registry entry change. If you were expecting something to happen, it didn't, and I am wondering why.

Second, I downloaded Ewido as you asked in your last post. I installed it and made the changes you asked me to make in the program. Then I booted into safe mode. In safe mode, my screen is 640 x 480. The Ewido screen will not then fit on my screen. It is going to be hard to operates, but I will print a few screen dumps while not in safe mode and maybe I'll be able to tell where I should click to tell Ewido what to do in safe mode, even though I may be unable to see the menu items.

Third, your instructions want me to run SmitFraudFix items, even though what you told me to download was Ewido. I don't see anything in Ewido about SmitFraud. Am I looking in the wrong place? Or did you mean for me to download a SmitFraud tool instead of Ewido?

Fourth, I used the CCCleaner registry backup to restore the registry. It said it could not restore everything because some f the items were running. However, my sound card is now working again.

Please advise.

Thanks.

Michael
  • 0

#23
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,941 posts
So far so good. I just forgot to add the download instructions for SmitfraudFix. :whistling:

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Then follow the steps as outlined in my previous post.

If Ewido does not find anything while you get acquainted with it in normal mode, it is of no use to try it again in safe mode.
That is only donw so it can remove items which it wouldn't be able to in normal mode.
So if it doesn't find anything you can skip that part.

Regards,
  • 0

#24
kdfrawg

kdfrawg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Pieter -

I must tell you, Pieter, this whole experience with Ewido had s been extremely frustrating and I am very unhappy with them. I figured out how to move a window using the keyboard. Since the actions at the top of the Ewido screen showed once I got the top of the Ewido window to align with the top of the screen in Safe Mode, I was able to run the scan. That took almost an hour. When it was complete, I moved the screen to the bottom, again using the arrow keys so that I could see the options at the bottom, which were the ones I needed to take the next actions you wanted: Apply All Actions and "Save Report."

However, as soon as I tried to use the mouse to select one of those options, the screen popped back to the top so that they were no longer visible. It eventually proved to be impossible to finish your instructions in Safe Mode. These problems could be avoided if the designers at Ewido would bother to apply the lessons of Windows User Interface Design 101, which is a class I have actually taught. It is not possible to resize their window. It is not possible to select options using either the keyboard or the mouse. The two options I needed are not selectable using the "tab" key. Where did these people learn their trade?

I am running the program in normal mode now. It is finding all of the same things that it found in Safe Mode, only this time I will be able to do as you asked when it is complete. In another hour, when the Ewido scan finishes for the second time, I will come back and finish this NotePad note.

Ewido has now quit running in Normal Mode. It says that it has scanned 232,984 files. It says that it has found the same five items found in Safe Mode": "Hijacker.Generic" with a high risk, "Downloader.Small.cjk" with a high risk, "Downloader.Small.dbx" with a high risk, "Downloader.VB.afr" with a high risk, and "Downloader.Openstream.y" with a high risk.

However, the elapsed time counter in Ewido has been stuck on 11 min 17 sec for about ten minutes. The scanned object counter is no longer counting anything. Task Manager says it is running, using between 3 and 12 percent of the processor. However, it it obvious not doing anything useful.

This is quite the program.

I will stop it with Task Manager. Then I will come to the forum and post this note. Then I will reboot and try to run Ewido again.

Michael
  • 0

#25
kdfrawg

kdfrawg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Pieter -

Now that the Ewido scan is running yet again, I will start another note to you in NotePad about the other actions that you have asked me to take. As you know, I downloaded Ewido, installed it, and made the setting changes you required. If it ever actually does anything useful, I will be most happy to uninstall it. I also downloaded the SmitFraud tool and unpacked it to my desktop.

I booted into Safe Mode. I ran the SmitFraudFix tool option number 2. I let it do its thing. I selected yes when prompted to clean the registry. The tool said nothing in may case about the wininet.dll file. When the SmitFraudFix tool finished, it required a re-boot.

I booted back into safe mode. The file rapport.txt was created and saved. I then cleaned out my internet temporary files by following your instructions to the letter. With great misgivings, I even clicked on the "Reset Web Settings", which threw away all of my desktop settings.

I emptied the recycle bin.

I tried to run Ewido, with the frustrating results that were the topic of the post I made just above this one. Since that did not work, either in Safe Mode or the first time in normal mode, I am trying again to follow the Ewido part of your instructions. Ewido finally completed. I took the suggested actions that it wanted me to and saved the report.

I then ran SmitFraudfix again in regular windows mode, selected option 3 and let it do what it wanted to do.

That done, I went to Windows update and tried again. It was unimproved. No updates ever displayed and the same events occurred as I watched in Task Manager.

I will copy and paste the rapport.txt report in below my signature in this post. I will start two new posts for the other logs that you wanted.

Let me know what's next. ;o)

Michael


SmitFraudFix v2.82

Scan done at 12:51:29.73, Thu 08/31/2006
Run from C:\Documents and Settings\kdfrawg\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINNT\spacer.gif Deleted
C:\WINNT\spacer.gif' Deleted
C:\WINNT\system32\adobepnl.dll Deleted
C:\WINNT\system32\qjrkvy.exe Deleted
C:\WINNT\system32\thlwin32.dll Deleted
C:\WINNT\system32\winflash.dll Deleted
C:\Documents and Settings\LocalService\Application Data\AlfaCleaner Deleted
C:\Documents and Settings\kdfrawg\Application Data\Skinux\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Reboot

Problem while deleting C:\Documents and Settings\kdfrawg\Application Data\Skinux

»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

Advertisements


#26
kdfrawg

kdfrawg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Here is the Ewido report:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:01:06 PM 8/31/2006

+ Scan result:



C:\Documents and Settings\kdfrawg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-a065cca-4351cdd1.class -> Downloader.OpenStream.y : Cleaned with backup (quarantined).
C:\WINNT\system32\nuuvzqsi.exe -> Downloader.Small.cjk : Cleaned with backup (quarantined).
C:\WINNT\system32\jupmbkbu.exe -> Downloader.Small.dbx : Cleaned with backup (quarantined).
C:\WINNT\system32\bucmqqrv.exe -> Downloader.VB.afr : Cleaned with backup (quarantined).
HKU\S-1-5-21-790525478-484763869-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Cleaned with backup (quarantined).
C:\!KillBox\users32.exe( 1) -> Not-A-Virus.Hoax.Win32.Renos.dk : Cleaned with backup (quarantined).
C:\!KillBox\users32.exe( 2) -> Not-A-Virus.Hoax.Win32.Renos.dk : Cleaned with backup (quarantined).
C:\!KillBox\users32.exe( 3) -> Not-A-Virus.Hoax.Win32.Renos.dk : Cleaned with backup (quarantined).
C:\Program Files\Hijackthis\backups\backup-20060628-195435-242.dll -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AEBED6ED-5F32-4323-B07A-85E2B6235582}\RP89\A0014223.dll -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AEBED6ED-5F32-4323-B07A-85E2B6235582}\RP89\A0014224.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AEBED6ED-5F32-4323-B07A-85E2B6235582}\RP89\A0014226.dll -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).


::Report end
  • 0

#27
kdfrawg

kdfrawg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
And, finally, here is the new HijackThis! report:

Logfile of HijackThis v1.99.1
Scan saved at 3:02:57 PM, on 8/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\brsvc01a.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\brss01a.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe
C:\Program Files\Qurb\QSP-2.1.213.0\QOELoader.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdswitch.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PnIEBrowserHelperObj Class - {D2F719F3-106A-402B-9996-3A5B12ACA564} - C:\Program Files\Failsafe\GuardIE\PnIE.dll
O3 - Toolbar: Guard-IE - {37C8204D-97C3-4127-BB28-1BFF3FA2F7DA} - C:\Program Files\Failsafe\GuardIE\PnIE.dll
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\Qurb\QSP-2.1.213.0\QOELoader.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bitstream...er/tdserver.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab46479.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...72/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kdfrawg.space...ad/MsnPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.co...date/EARTPX.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1137261544386
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123788340190
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://beta.entimg.m...snediag2729.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com...id/MSSurVid.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/...he.cab45837.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.co...ty4PatcherX.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/...ol.cab36107.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab41227.cab
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://autos.msn.com.../autopricer.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15021/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINNT\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
  • 0

#28
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,941 posts
Your logs look good. :whistling:

I'm sorry you had trouble with Ewido.
Since you are technically better equipped to discuss them with the developers, would you mind posting your suggestions here:
http://www.wildersse...isplay.php?f=81

I had similar findings when I tried running Ewido on a VM.

More importantly, how is your computer behaving?

Regards,
  • 0

#29
kdfrawg

kdfrawg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Pieter -

I have already sent wildersecurity an email. They just need to think their user interface issues through a bit more.

My system is performing well overall. It seems that anything requiring the use of java (for example, most of the crossword puzzles available on line) runs extremely slowly, much like the windows update site. It can take me five minutes to download the java to work a crossword puzzle, all of it at 100% processor. This never used to take this long or use that much processor.

And, of course, I find the Windows Update problem to be very disquieting. Every day that I cannot do updates leaves me more and more open to external security treats. I am a disabled person and the computer that I work on is my window into the world. I would hate to have that window taken away because I can't get my operating system to update.

Michael
  • 0

#30
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,941 posts
Good you brought up java. :whistling:

Can you go to this site and install the latest version:
http://www.java.com/...load/manual.jsp

Maybe that will help.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP