Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My computer is slow; messing up on startup.. Don't know what the p

Started by SpicyNHot , Jan 24 2008 09:16 AM

  • This topic is locked This topic is locked

#1
SpicyNHot
Posted 24 January 2008 - 09:16 AM

SpicyNHot

    Member

  • Member
  • PipPip
  • 54 posts
Yes, I need some assistance with my computer... I think I have some malware somewhere on my system..
My sercurity software detect that I had CiD Help and TryMedia on my system...
Another thing my computer starts out slow on startup.. Takes atleast 3 mins or so to load up..
How can I speed it up.. I did disable certain programs from running.. It still the same acting slow freezes.. Sometimes my internet explorer and yahoo messager freezes... One day I check my CPU in taskmanager my svchost.exe was taking up too much memory 65 % etc.. Here's my logs.. Thanks..


Deckard's System Scanner v20071014.68
Run by LEB on 2008-01-24 09:36:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
106: 2008-01-24 14:37:06 UTC - RP296 - Deckard's System Scanner Restore Point
105: 2008-01-23 18:05:27 UTC - RP295 - Software Distribution Service 3.0
104: 2008-01-23 17:17:00 UTC - RP294 - Installed iTunes
103: 2008-01-23 03:03:38 UTC - RP293 - Software Distribution Service 3.0
102: 2008-01-22 03:38:15 UTC - RP292 - System Checkpoint


-- First Restore Point --
1: 2007-10-26 05:05:11 UTC - RP191 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 192 MiB (512 MiB recommended).


-- HijackThis (run as LEB.exe) -------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-24 09:38:48
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\dss.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [medicsp2] C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr...ads/tgctlcm.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.micr...heckControl.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...cm/ICSCM_ca.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.liv...es/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1178944453984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1178944447156
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WinSock Extention Manager - Unknown owner - C:\WINDOWS\system32\mdmcls32.exe


--
End of file - 13912 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BsStor (InCD Storage Helper Driver) - c:\windows\system32\drivers\bsstor.sys <Not Verified; B.H.A Co.,Ltd.; >
R2 BsUDF (InCD UDF Driver) - c:\windows\system32\drivers\bsudf.sys <Not Verified; ahead software; UDF File System Driver (WindowsXP)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R2 WinSock Extention Manager - c:\windows\system32\mdmcls32.exe <Not Verified; ; ClassificationService Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-24 08:47:06 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-01-10 14:03:00 528 --a------ C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Compaq_Owner at 1 03 PM.job
2008-01-04 08:04:12 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-12-24 and 2008-01-24 -----------------------------

2008-01-24 09:32:52 686630 --a------ C:\Program Files\dss.exe
2008-01-24 09:04:46 96978 --a------ C:\Program Files\VirtumundoBeGone.exe <VIRTUM~1.EXE> <Not Verified; Business Information Solutions; VirtumundoBeGone v1.5 by [email protected]>
2008-01-24 08:52:08 0 dr-h----- C:\Documents and Settings\LEB\Recent
2008-01-23 12:19:24 0 d-------- C:\Program Files\iPod
2008-01-23 12:13:33 0 d-------- C:\Program Files\QuickTime <QUICKT~1>
2008-01-20 18:04:18 0 d-------- C:\Program Files\Microsoft Silverlight <MI2020~1>
2008-01-20 10:04:20 0 d-------- C:\Program Files\Common Files\xing shared
2008-01-20 09:42:20 0 d-------- C:\Program Files\The Weather Channel FW <THEWEA~1>
2008-01-20 09:36:31 0 d-------- C:\Program Files\Tencent
2008-01-20 09:34:05 0 d-------- C:\Program Files\AIMTunes
2008-01-18 23:45:31 0 d-------- C:\WINDOWS\pss
2008-01-12 10:03:20 0 d-------- C:\Program Files\Safari
2008-01-12 09:51:05 0 d-------- C:\Program Files\Bonjour
2007-12-27 15:20:00 0 --a------ C:\Documents and Settings\LEB\core
2007-12-27 15:08:45 0 d-------- C:\Documents and Settings\LEB\Incomplete <INCOMP~1>
2007-12-27 14:57:25 0 d-------- C:\Documents and Settings\LEB\dwhelper
2007-12-27 14:57:17 0 d-------- C:\Documents and Settings\LEB\Contacts
2007-12-27 14:57:15 0 d-------- C:\Documents and Settings\LEB\Application Data\Adobe
2007-12-27 14:57:15 0 d-------- C:\Documents and Settings\LEB\Application Data\acccore
2007-12-27 14:57:15 0 d-------- C:\Documents and Settings\LEB\Application Data\.BitZip
2007-12-27 14:57:14 0 d-------- C:\Documents and Settings\LEB\Application Data\Help
2007-12-27 14:57:14 0 d-------- C:\Documents and Settings\LEB\Application Data\Google
2007-12-27 14:57:14 0 d-------- C:\Documents and Settings\LEB\Application Data\dvdcss
2007-12-27 14:57:14 0 d-------- C:\Documents and Settings\LEB\Application Data\ArcSoft
2007-12-27 14:57:11 0 d-------- C:\Documents and Settings\LEB\Application Data\Macromedia
2007-12-27 13:58:58 0 d-------- C:\Documents and Settings\LEB\Application Data\Mozilla
2007-12-27 13:58:48 0 d-------- C:\Documents and Settings\LEB\Application Data\MySpace
2007-12-27 13:58:48 0 d-------- C:\Documents and Settings\LEB\Application Data\MP3Rocket
2007-12-27 13:58:45 0 d-------- C:\Documents and Settings\LEB\Application Data\Netscape
2007-12-27 13:58:44 0 d-------- C:\Documents and Settings\LEB\Application Data\ScanSoft
2007-12-27 13:58:44 0 d-------- C:\Documents and Settings\LEB\Application Data\Real
2007-12-27 13:57:37 0 d-------- C:\Documents and Settings\LEB\Application Data\SecondLife
2007-12-27 13:57:36 0 d-------- C:\Documents and Settings\LEB\Application Data\StumbleUpon
2007-12-27 13:57:31 0 d-------- C:\Documents and Settings\LEB\Application Data\Template
2007-12-27 13:57:30 0 d-------- C:\Documents and Settings\LEB\Application Data\Yahoo!
2007-12-27 13:57:30 0 d-------- C:\Documents and Settings\LEB\Application Data\WinRAR
2007-12-27 13:57:30 0 d-------- C:\Documents and Settings\LEB\Application Data\vlc
2007-12-27 13:57:30 0 d-------- C:\Documents and Settings\LEB\Application Data\Viewpoint <VIEWPO~1>
2007-12-27 13:57:25 0 d-------- C:\Documents and Settings\LEB\Application Data\Zero Knowledge <ZEROKN~1>
2007-12-27 13:57:25 1424 --a------ C:\Documents and Settings\LEB\Application Data\wklnhst.dat
2007-12-27 13:49:51 0 d-------- C:\Documents and Settings\LEB\Application Data\Symantec
2007-12-27 13:49:51 0 d-------- C:\Documents and Settings\LEB\Application Data\Sun
2007-12-27 13:49:51 0 d-------- C:\Documents and Settings\LEB\Application Data\SampleView
2007-12-27 13:49:51 0 d-------- C:\Documents and Settings\LEB\Application Data\Identities
2007-12-27 13:49:51 0 d-------- C:\Documents and Settings\LEB\Application Data\Apple Computer
2007-12-27 13:49:50 0 d-------- C:\Documents and Settings\LEB\WINDOWS
2007-12-27 13:49:50 0 d--h----- C:\Documents and Settings\LEB\Templates
2007-12-27 13:49:50 0 dr------- C:\Documents and Settings\LEB\Start Menu
2007-12-27 13:49:50 0 dr-h----- C:\Documents and Settings\LEB\SendTo
2007-12-27 13:49:50 0 d--h----- C:\Documents and Settings\LEB\PrintHood
2007-12-27 13:49:50 0 d--h----- C:\Documents and Settings\LEB\NetHood
2007-12-27 13:49:50 0 dr------- C:\Documents and Settings\LEB\My Documents
2007-12-27 13:49:50 0 d--h----- C:\Documents and Settings\LEB\Local Settings
2007-12-27 13:49:50 0 dr------- C:\Documents and Settings\LEB\Favorites
2007-12-27 13:49:50 0 d-------- C:\Documents and Settings\LEB\Desktop
2007-12-27 13:49:50 0 d--hs---- C:\Documents and Settings\LEB\Cookies
2007-12-27 13:49:50 0 dr-h----- C:\Documents and Settings\LEB\Application Data
2007-12-27 13:49:49 2621440 --ah----- C:\Documents and Settings\LEB\NTUSER.DAT


-- Find3M Report ---------------------------------------------------------------

2008-01-23 12:19:37 0 d-------- C:\Program Files\iTunes
2008-01-20 18:22:49 0 d-------- C:\Program Files\Last.fm
2008-01-20 10:04:20 0 d-------- C:\Program Files\Common Files <COMMON~1>
2008-01-20 10:03:12 0 d-------- C:\Program Files\Common Files\Real
2008-01-20 09:18:02 0 d-------- C:\Program Files\Viewpoint <VIEWPO~1>
2008-01-20 09:17:31 0 d-------- C:\Program Files\AIM6
2008-01-15 08:44:07 0 d-------- C:\Program Files\downloads <DOWNLO~1>
2008-01-04 09:40:43 0 d-------- C:\Program Files\Easy Internet signup <EASYIN~1>
2007-12-28 21:52:21 528 --a------ C:\sccfg.sys
2007-12-16 13:14:41 1032192 --a------ C:\WINDOWS\system32\mdmcls32.exe <Not Verified; ; ClassificationService Module>
2007-12-13 14:06:23 0 d-------- C:\Program Files\Google
2007-12-13 13:59:13 0 d-------- C:\Program Files\Java
2007-12-01 21:12:28 0 d-------- C:\Program Files\Common Files\L&H
2007-12-01 21:11:54 0 d-------- C:\Program Files\Microsoft ActiveSync <MI3AA1~1>
2007-12-01 21:09:31 0 d-------- C:\Program Files\Microsoft.NET <MICROS~1.NET>
2007-12-01 00:11:16 0 d-------- C:\Program Files\Windows Live Toolbar <WI81E8~1>
2007-12-01 00:02:58 0 d-------- C:\Program Files\Windows Live Favorites <WI48FA~1>
2007-11-28 21:52:10 0 d-------- C:\Program Files\MP3 Rocket <MP3ROC~1>
2007-11-15 03:37:25 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-11-04 12:20:58 1164456 --a------ C:\Program Files\install_flash_player.exe <INSTAL~1.EXE>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/21/2004 12:55 AM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [04/14/2004 10:43 PM]
"VTTimer"="VTTimer.exe" [10/22/2004 02:53 PM C:\WINDOWS\system32\VTTimer.exe]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 07:06 PM C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [09/12/2003 10:13 PM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 10:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [10/14/2004 11:54 PM]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [08/08/2002 10:57 PM]
"dvHighMem"="C:\WINDOWS\cfgmng32.exe" [10/15/2006 02:26 PM]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [08/28/2007 09:19 PM]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [06/12/2007 11:32 AM]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [08/28/2007 03:53 AM]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [06/01/2007 01:14 PM]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [06/01/2007 01:07 PM]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [08/28/2007 09:19 PM]
"medicsp2"="C:\Program Files\twc\medicsp2\bin\sprtcmd.exe" [03/07/2007 10:53 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [05/08/2003 12:00 PM]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 03:50 AM]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 06:04 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/20/2008 10:02 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe [10/26/2004 9:46:41 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 05/18/2007 01:30 PM 79368 C:\WINDOWS\system32\UmxWNP.dll




-- End of Deckard's System Scanner: finished at 2008-01-24 09:41:59 ------------




SECOND PART OF THE LOG..



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Sempron™ 3000+
Percentage of Memory in Use: 81%
Physical Memory (total/avail): 191.48 MiB / 35.09 MiB
Pagefile Memory (total/avail): 465.28 MiB / 110.73 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1914.46 MiB

C: is Fixed (NTFS) - 51.71 GiB total, 35.64 GiB free.
D: is Fixed (FAT32) - 4.18 GiB total, 1.01 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD600BB-22JHA0 - 55.9 GiB - 2 partitions
\PARTITION0 - Unknown - 4.19 GiB - D:
\PARTITION1 (bootable) - Installable File System - 51.71 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: CA Personal Firewall 9.1.0.35 v9.1.0.35 (CA)
AV: CA Anti-Virus v8.4.0.24 (CA, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe:*:Enabled:BackWeb for Presario"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\BitZip\\bitzip.exe"="C:\\Program Files\\BitZip\\bitzip.exe:*:Enabled:bitzip"
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:Last.fm"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\LEB\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=domain name
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\LEB
LOGONSERVER=\\domain name
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\LEB\LOCALS~1\Temp
TMP=C:\DOCUME~1\LEB\LOCALS~1\Temp
USERDOMAIN=domain name
USERNAME=LEB
USERPROFILE=C:\Documents and Settings\LEB
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

LEB (admin)
Administrator.domain name(admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\unyt.exe
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
--> VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer'
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems PCI Soft Modem --> agrsmdel
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Aim Plugin for QQ Games --> C:\Program Files\Tencent\QQ Games\Plugin\Uninstall.EXE
AIM Toolbar 5.0 --> "C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
AIMTunes --> C:\Program Files\AIMTunes\Uninstall.exe
AltoMP3 Gold 5.20 --> C:\Program Files\AltoMP3 Gold\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D95ED581-3C67-4BB4-AA50-DDCC6A97226D}\SETUP.EXE" -l0x9
BitZip (remove only) --> C:\Program Files\BitZip\Uninstall.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CA Internet Security Suite --> "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u
Canon Camera Support Core Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91F1A0D6-23AD-49FE-8D4E-379485652214} /l1033
Canon Camera Window DS for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}
Canon Camera Window DVC for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4C96958A-6562-4143-B820-FF4890D3B734}
Canon Camera Window for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C7281207-4AA4-425E-B57A-0E9EF8445635}
Canon MovieEdit Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}
Canon MP Drivers 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D335AC77-6F59-46D6-9082-F74A9F7E0FC3}\Setup.exe" -l0x9 -Uninstall
Canon MP Navigator 1.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8653730A-683D-4C42-BB18-6471291D5DEA}\setup.exe" /SUUninstall
Canon PhotoRecord --> MsiExec.exe /X{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}
Canon RAW Image Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{45EF4EE3-F591-4B74-A477-0CAE12934CE7}
Canon RemoteCapture Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA}
Canon ScanGear Starter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\setup.exe" -l0x9 anything
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini
Canon Utilities PhotoStitch 3.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
Canon ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Compaq Connections --> C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 6750491
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}
FreeDVD Codec Installer Version 1.0 --> C:\WINDOWS\st6unst.exe -n "C:\ST6UNST.LOG"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Help and Support Additions --> C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
InCD (Ahead Software) --> C:\WINDOWS\NuNInst.exe /UNINSTALL
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Last.fm 1.4.2.58376 --> "C:\Program Files\Last.fm\unins000.exe"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Rocket --> C:\Program Files\MP3 Rocket\Uninstall.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Nero --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NeroMediaPlayer --> C:\WINDOWS\UNNMP.exe /UNINSTALL
Netscape Navigator (9.0.0.5) --> C:\Program Files\Netscape\Navigator 9\uninstall\helper.exe
ObjectDock --> C:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}
PC-Doctor for Windows --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA} /l1033
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
PureSight PC --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A05B328-35EB-4CED-B16F-62FA5A2642E6}\setup.exe" -l0x9 IfYouSeeThisAlowOnlyRemove -removeonly
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QQ Games --> C:\Program Files\Tencent\QQ Games\Uninstall.EXE
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Road Runner Install --> "C:\Program Files\HERACTSTG\smartaccess\unins000.exe"
Road Runner Medic 6.1 --> "C:\Program Files\twc\medicsp2\unins000.exe"
S3 S3Display --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
S3 S3Gamma2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
Safari --> MsiExec.exe /I{0CD7D421-C850-4271-8533-0269A3D39FAA}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Weather Channel Desktop --> C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver --> VTsetvga.exe -s -rRundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\hg201hp.inf
VideoLAN VLC media player 0.8.6b --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Weather Services --> C:\WINDOWS\system32\control.exe C:\PROGRA~1\THEWEA~1\Framework\wxfw.cpl,4
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zune Desktop Theme --> MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}


-- Application Event Log -------------------------------------------------------

Event Record #/Type5189 / Success
Event Submitted/Written: 01/24/2008 08:28:32 AM
Event ID/Source: 88 / UmxAgent
Event Description:
Sync client C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe registered successfully

Event Record #/Type5187 / Success
Event Submitted/Written: 01/24/2008 08:28:18 AM
Event ID/Source: 88 / UmxAgent
Event Description:
explorer.exe started

Event Record #/Type5186 / Success
Event Submitted/Written: 01/24/2008 08:28:17 AM
Event ID/Source: 88 / UmxAgent
Event Description:
Shell is started at session 0

Event Record #/Type5185 / Success
Event Submitted/Written: 01/24/2008 08:28:17 AM
Event ID/Source: 88 / UmxAgent
Event Description:
explorer.exe started

Event Record #/Type5184 / Success
Event Submitted/Written: 01/24/2008 08:28:12 AM
Event ID/Source: 88 / UmxAgent
Event Description:
Async Process Map: ReadProcessesFromKmxCfg: count=17



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type17731 / Error
Event Submitted/Written: 01/24/2008 08:36:03 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {91493441-5A91-11CF-8700-00AA0060263B} did not register with DCOM within the required timeout.

Event Record #/Type17730 / Error
Event Submitted/Written: 01/24/2008 08:34:43 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The iPod Service service failed to start due to the following error:
%%1053

Event Record #/Type17729 / Error
Event Submitted/Written: 01/24/2008 08:34:41 AM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the iPod Service service to connect.

Event Record #/Type17728 / Error
Event Submitted/Written: 01/24/2008 08:34:40 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1053" attempting to start the service iPod Service with arguments ""
in order to run the server:
{063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Event Record #/Type17727 / Error
Event Submitted/Written: 01/24/2008 08:34:06 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Computer Browser service terminated with the following error:
%%1460



-- End of Deckard's System Scanner: finished at 2008-01-24 09:41:59 ------------

Edited by SpicyNHot, 24 January 2008 - 10:02 AM.

  • 0

Advertisements

#2
SpicyNHot
Posted 28 January 2008 - 01:21 PM

SpicyNHot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Guys it's been past 3 days.. I really needs some assistance.. Thanks.. How can I delete viruses and adware off my system if it's been quetine but keeps coming back..
  • 0

#3
SpicyNHot
Posted 29 January 2008 - 02:18 PM

SpicyNHot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Okay here's all the items in my Quarantined Spyware Report..
How can I safely delete them from coming back... :)


CA Anti-Spyware Quarantined Spyware Report
This report was generated on: 1/29/2008-3:11:45 PM

9/25/2007 2:32:36 PM <<20070925193236>>
() Trymedia
hkey_local_machine \software\trymedia systems

9/25/2007 2:32:36 PM <<20070925193236>>
9/25/2007 2:44:26 PM <<20070925194426>>
() Limewire
c:\system volume information\_restore{a3fe4697-a95b-4476-a0d8-dd1dba8414b7}\rp107\a0119743.dll
c:\system volume information\_restore{a3fe4697-a95b-4476-a0d8-dd1dba8414b7}\rp107\a0119744.dll

9/25/2007 2:44:26 PM <<20070925194426>>
10/17/2007 5:44:24 PM <<20071017224424>>
() Piolet
hkey_classes_root \interface\{58da8d90-9d6a-101b-afc0-4210102a8da7}\typelib
hkey_classes_root \interface\{0713e944-850a-101b-afc0-4210102a8da7}\typelib
hkey_classes_root \interface\{373ff7f1-eb8b-11cd-8820-08002b2f4f5a}\typelib
hkey_classes_root \interface\{7791ba42-e020-11cf-8e74-00a0c90f26f8}\typelib
hkey_classes_root \interface\{0713e8b0-850a-101b-afc0-4210102a8da7}\typelib
hkey_classes_root \interface\{7791ba52-e020-11cf-8e74-00a0c90f26f8}\typelib
hkey_classes_root \interface\{0713e8a0-850a-101b-afc0-4210102a8da7}\typelib
hkey_classes_root \interface\{6b7e6391-850a-101b-afc0-4210102a8da7}\typelib
hkey_classes_root \interface\{6b7e6390-850a-101b-afc0-4210102a8da7}\typelib
hkey_classes_root \interface\{373ff7f2-eb8b-11cd-8820-08002b2f4f5a}\typelib
hkey_classes_root \interface\{0713e451-850a-101b-afc0-4210102a8da7}\typelib
hkey_classes_root \interface\{0713e8af-850a-101b-afc0-4210102a8da7}\typelib
hkey_classes_root \interface\{58da8d95-9d6a-101b-afc0-4210102a8da7}\typelib
hkey_classes_root \interface\{0713e8a4-850a-101b-afc0-4210102a8da7}\typelib
hkey_classes_root \interface\{0713e8a3-850a-101b-afc0-4210102a8da7}\typelib
hkey_classes_root \interface\{2c787a52-e01c-11cf-8e74-00a0c90f26f8}\typelib
hkey_classes_root \interface\{58da8d8b-9d6a-101b-afc0-4210102a8da7}\typelib
hkey_classes_root \interface\{7791ba60-e020-11cf-8e74-00a0c90f26f8}\typelib
hkey_classes_root \interface\{58da8d94-9d6a-101b-afc0-4210102a8da7}\typelib
hkey_classes_root \interface\{6e1b5150-db62-11d0-a0d8-0080c7e7b78d}\typelib
hkey_classes_root \interface\{7791ba50-e020-11cf-8e74-00a0c90f26f8}\typelib
hkey_classes_root \interface\{0713e8d1-850a-101b-afc0-4210102a8da7}\typelib
hkey_classes_root \interface\{58da8d8c-9d6a-101b-afc0-4210102a8da7}\typelib
hkey_classes_root \interface\{7791ba40-e020-11cf-8e74-00a0c90f26f8}\typelib
hkey_classes_root \interface\{7791ba62-e020-11cf-8e74-00a0c90f26f8}\typelib
hkey_classes_root \interface\{612a8625-0fb3-11ce-8747-524153480004}\typelib
hkey_classes_root \interface\{0713e8b1-850a-101b-afc0-4210102a8da7}\typelib
hkey_classes_root \interface\{58da8d91-9d6a-101b-afc0-4210102a8da7}\typelib
hkey_classes_root \interface\{0713e791-850a-101b-afc0-4210102a8da7}\typelib
hkey_classes_root \interface\{0713e8ae-850a-101b-afc0-4210102a8da7}\typelib
hkey_classes_root \interface\{612a8626-0fb3-11ce-8747-524153480004}\typelib
hkey_classes_root \interface\{0713e953-850a-101b-afc0-4210102a8da7}\typelib
hkey_classes_root \interface\{2c787a50-e01c-11cf-8e74-00a0c90f26f8}\typelib
hkey_classes_root \interface\{0713e8d0-850a-101b-afc0-4210102a8da7}\typelib
hkey_classes_root \interface\{0713e8a5-850a-101b-afc0-4210102a8da7}\typelib
hkey_classes_root \interface\{0713e8a1-850a-101b-afc0-4210102a8da7}\typelib
hkey_classes_root \interface\{0713e8a7-850a-101b-afc0-4210102a8da7}\typelib

() CiD Help
c:\sqmdata02.sqm
c:\sqmnoopt02.sqm

10/17/2007 5:44:24 PM <<20071017224424>>
10/21/2007 11:18:53 AM <<20071021161853>>
() CiD Help
c:\sqmdata02.sqm
c:\sqmnoopt02.sqm

10/21/2007 11:18:53 AM <<20071021161853>>
11/3/2007 7:07:44 AM <<20071103120744>>
() CiD Help
c:\sqmnoopt02.sqm
c:\sqmdata02.sqm

11/3/2007 7:07:44 AM <<20071103120744>>
11/11/2007 4:46:18 PM <<20071111214618>>
() CiD Help
c:\sqmdata02.sqm
c:\sqmnoopt02.sqm

11/11/2007 4:46:18 PM <<20071111214618>>
12/11/2007 7:23:42 PM <<20071212002342>>
() CiD Help
c:\sqmnoopt02.sqm
c:\sqmdata02.sqm

12/11/2007 7:23:42 PM <<20071212002342>>
1/3/2008 8:53:35 AM <<20080103135335>>
() CiD Help
c:\sqmnoopt02.sqm
c:\sqmdata02.sqm

1/3/2008 8:53:35 AM <<20080103135335>>
1/22/2008 11:18:44 PM <<20080123041844>>
() QQPass EV
hkey_users \s-1-5-21-2405187568-2829553228-3810535007-1014\software\tencent

() CiD Help
c:\sqmnoopt02.sqm
c:\sqmdata02.sqm

1/22/2008 11:18:44 PM <<20080123041844>>
1/24/2008 8:53:36 PM <<20080125015336>>
() CiD Help
c:\sqmdata02.sqm
c:\sqmnoopt02.sqm

1/24/2008 8:53:36 PM <<20080125015336>>
***End Report***
  • 0

#4
Rorschach112
Posted 01 February 2008 - 01:03 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

C:\WINDOWS\system32\mdmcls32.exe

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#5
SpicyNHot
Posted 01 February 2008 - 08:19 PM

SpicyNHot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Here's my scan log


File mdmcls32.exe received on 02.02.2008 03:05:31 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/32 (0%)
Loading server information...
Your file is queued in position: 4.
Estimated start time is between 47 and 68 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2008.2.2.10 2008.02.01 -
AntiVir 7.6.0.61 2008.02.01 -
Authentium 4.93.8 2008.02.01 -
Avast 4.7.1098.0 2008.02.01 -
AVG 7.5.0.516 2008.02.01 -
BitDefender 7.2 2008.02.02 -
CAT-QuickHeal 9.00 2008.02.01 -
ClamAV 0.92 2008.02.02 -
DrWeb 4.44.0.09170 2008.02.01 -
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5504 2008.02.01 -
Ewido 4.0 2008.02.01 -
FileAdvisor 1 2008.02.02 -
Fortinet 3.14.0.0 2008.02.01 -
F-Prot 4.4.2.54 2008.02.01 -
F-Secure 6.70.13260.0 2008.02.01 -
Ikarus T3.1.1.20 2008.02.02 -
Kaspersky 7.0.0.125 2008.02.02 -
McAfee 5221 2008.02.01 -
Microsoft 1.3204 2008.02.02 -
NOD32v2 2844 2008.02.01 -
Norman 5.80.02 2008.02.01 -
Panda 9.0.0.4 2008.02.01 -
Prevx1 V2 2008.02.02 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.02 -
Sunbelt 2.2.907.0 2008.02.01 -
Symantec 10 2008.02.02 -
TheHacker 6.2.9.205 2008.02.01 -
VBA32 3.12.6.0 2008.02.02 -
VirusBuster 4.3.26:9 2008.02.01 -
Webwasher-Gateway 6.6.2 2008.02.01 -
Additional information
File size: 1032192 bytes
MD5: d61d8e63a2e5b448bc686847009cd3ed
SHA1: 0191577e0a354b57248decad725914a41d3ed684
PEiD: Armadillo v1.71


Now about to go to that K site and do the online scanning be back with results.....
  • 0

#6
SpicyNHot
Posted 01 February 2008 - 11:09 PM

SpicyNHot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Okay finish this is my final scan....


KASPERSKY ONLINE SCANNER REPORT
Saturday, February 02, 2008 12:01:17 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/02/2008
Kaspersky Anti-Virus database records: 545772


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics
Total number of scanned objects 75824
Number of viruses found 1
Number of infected objects 1
Number of suspicious objects 0
Duration of the scan process 02:14:27

Infected Object Name Virus Name Last Action
C:\22a525399003423dc07ad9\baseline.dat Object is locked skipped

C:\22a525399003423dc07ad9\deffactory.dat Object is locked skipped

C:\22a525399003423dc07ad9\DeleteTemp.exe Object is locked skipped

C:\22a525399003423dc07ad9\dlmgr.dll Object is locked skipped

C:\22a525399003423dc07ad9\DW20.EXE Object is locked skipped

C:\22a525399003423dc07ad9\DWINTL20.DLL Object is locked skipped

C:\22a525399003423dc07ad9\eula.1025.rtf Object is locked skipped

C:\22a525399003423dc07ad9\eula.1028.rtf Object is locked skipped

C:\22a525399003423dc07ad9\eula.1029.rtf Object is locked skipped

C:\22a525399003423dc07ad9\eula.1030.rtf Object is locked skipped

C:\22a525399003423dc07ad9\eula.1031.rtf Object is locked skipped

C:\22a525399003423dc07ad9\eula.1032.rtf Object is locked skipped

C:\22a525399003423dc07ad9\eula.1033.rtf Object is locked skipped

C:\22a525399003423dc07ad9\eula.1035.rtf Object is locked skipped

C:\22a525399003423dc07ad9\eula.1036.rtf Object is locked skipped

C:\22a525399003423dc07ad9\eula.1037.rtf Object is locked skipped

C:\22a525399003423dc07ad9\eula.1038.rtf Object is locked skipped

C:\22a525399003423dc07ad9\eula.1040.rtf Object is locked skipped

C:\22a525399003423dc07ad9\eula.1041.rtf Object is locked skipped

C:\22a525399003423dc07ad9\eula.1042.rtf Object is locked skipped

C:\22a525399003423dc07ad9\eula.1043.rtf Object is locked skipped

C:\22a525399003423dc07ad9\eula.1044.rtf Object is locked skipped

C:\22a525399003423dc07ad9\eula.1045.rtf Object is locked skipped

C:\22a525399003423dc07ad9\eula.1046.rtf Object is locked skipped

C:\22a525399003423dc07ad9\eula.1049.rtf Object is locked skipped

C:\22a525399003423dc07ad9\eula.1053.rtf Object is locked skipped

C:\22a525399003423dc07ad9\eula.1055.rtf Object is locked skipped

C:\22a525399003423dc07ad9\eula.2052.rtf Object is locked skipped

C:\22a525399003423dc07ad9\eula.2070.rtf Object is locked skipped

C:\22a525399003423dc07ad9\eula.3082.rtf Object is locked skipped

C:\22a525399003423dc07ad9\gencomp.dll Object is locked skipped

C:\22a525399003423dc07ad9\HtmlLite.dll Object is locked skipped

C:\22a525399003423dc07ad9\LocData.1025.ini Object is locked skipped

C:\22a525399003423dc07ad9\LocData.1028.ini Object is locked skipped

C:\22a525399003423dc07ad9\LocData.1029.ini Object is locked skipped

C:\22a525399003423dc07ad9\LocData.1030.ini Object is locked skipped

C:\22a525399003423dc07ad9\LocData.1031.ini Object is locked skipped

C:\22a525399003423dc07ad9\LocData.1032.ini Object is locked skipped

C:\22a525399003423dc07ad9\LocData.1035.ini Object is locked skipped

C:\22a525399003423dc07ad9\LocData.1036.ini Object is locked skipped

C:\22a525399003423dc07ad9\LocData.1037.ini Object is locked skipped

C:\22a525399003423dc07ad9\LocData.1038.ini Object is locked skipped

C:\22a525399003423dc07ad9\LocData.1040.ini Object is locked skipped

C:\22a525399003423dc07ad9\LocData.1041.ini Object is locked skipped

C:\22a525399003423dc07ad9\LocData.1042.ini Object is locked skipped

C:\22a525399003423dc07ad9\LocData.1043.ini Object is locked skipped

C:\22a525399003423dc07ad9\LocData.1044.ini Object is locked skipped

C:\22a525399003423dc07ad9\LocData.1045.ini Object is locked skipped

C:\22a525399003423dc07ad9\LocData.1046.ini Object is locked skipped

C:\22a525399003423dc07ad9\LocData.1049.ini Object is locked skipped

C:\22a525399003423dc07ad9\LocData.1053.ini Object is locked skipped

C:\22a525399003423dc07ad9\LocData.1055.ini Object is locked skipped

C:\22a525399003423dc07ad9\LocData.2052.ini Object is locked skipped

C:\22a525399003423dc07ad9\LocData.2070.ini Object is locked skipped

C:\22a525399003423dc07ad9\LocData.3082.ini Object is locked skipped

C:\22a525399003423dc07ad9\LocData.ini Object is locked skipped

C:\22a525399003423dc07ad9\logo.bmp Object is locked skipped

C:\22a525399003423dc07ad9\RebootStub.exe Object is locked skipped

C:\22a525399003423dc07ad9\runmsi.exe Object is locked skipped

C:\22a525399003423dc07ad9\setup.exe Object is locked skipped

C:\22a525399003423dc07ad9\setup.sdb Object is locked skipped

C:\22a525399003423dc07ad9\setupres.1025.dll Object is locked skipped

C:\22a525399003423dc07ad9\setupres.1028.dll Object is locked skipped

C:\22a525399003423dc07ad9\setupres.1029.dll Object is locked skipped

C:\22a525399003423dc07ad9\setupres.1030.dll Object is locked skipped

C:\22a525399003423dc07ad9\setupres.1031.dll Object is locked skipped

C:\22a525399003423dc07ad9\setupres.1032.dll Object is locked skipped

C:\22a525399003423dc07ad9\setupres.1035.dll Object is locked skipped

C:\22a525399003423dc07ad9\setupres.1036.dll Object is locked skipped

C:\22a525399003423dc07ad9\setupres.1037.dll Object is locked skipped

C:\22a525399003423dc07ad9\setupres.1038.dll Object is locked skipped

C:\22a525399003423dc07ad9\setupres.1040.dll Object is locked skipped

C:\22a525399003423dc07ad9\setupres.1041.dll Object is locked skipped

C:\22a525399003423dc07ad9\setupres.1042.dll Object is locked skipped

C:\22a525399003423dc07ad9\setupres.1043.dll Object is locked skipped

C:\22a525399003423dc07ad9\setupres.1044.dll Object is locked skipped

C:\22a525399003423dc07ad9\setupres.1045.dll Object is locked skipped

C:\22a525399003423dc07ad9\setupres.1046.dll Object is locked skipped

C:\22a525399003423dc07ad9\setupres.1049.dll Object is locked skipped

C:\22a525399003423dc07ad9\setupres.1053.dll Object is locked skipped

C:\22a525399003423dc07ad9\setupres.1055.dll Object is locked skipped

C:\22a525399003423dc07ad9\setupres.2052.dll Object is locked skipped

C:\22a525399003423dc07ad9\setupres.2070.dll Object is locked skipped

C:\22a525399003423dc07ad9\setupres.3082.dll Object is locked skipped

C:\22a525399003423dc07ad9\setupres.dll Object is locked skipped

C:\22a525399003423dc07ad9\SITSetup.dll Object is locked skipped

C:\22a525399003423dc07ad9\Thumbs.db Object is locked skipped

C:\22a525399003423dc07ad9\vs70uimgr.dll Object is locked skipped

C:\22a525399003423dc07ad9\vsbasereqs.dll Object is locked skipped

C:\22a525399003423dc07ad9\vsscenario.dll Object is locked skipped

C:\22a525399003423dc07ad9\vs_setup.dll Object is locked skipped

C:\22a525399003423dc07ad9\vs_setup.msi Object is locked skipped

C:\22a525399003423dc07ad9\vs_setup.pdi Object is locked skipped

C:\22a525399003423dc07ad9\WapRes.1025.dll Object is locked skipped

C:\22a525399003423dc07ad9\WapRes.1028.dll Object is locked skipped

C:\22a525399003423dc07ad9\WapRes.1029.dll Object is locked skipped

C:\22a525399003423dc07ad9\WapRes.1030.dll Object is locked skipped

C:\22a525399003423dc07ad9\WapRes.1031.dll Object is locked skipped

C:\22a525399003423dc07ad9\WapRes.1032.dll Object is locked skipped

C:\22a525399003423dc07ad9\WapRes.1035.dll Object is locked skipped

C:\22a525399003423dc07ad9\WapRes.1036.dll Object is locked skipped

C:\22a525399003423dc07ad9\WapRes.1037.dll Object is locked skipped

C:\22a525399003423dc07ad9\WapRes.1038.dll Object is locked skipped

C:\22a525399003423dc07ad9\WapRes.1040.dll Object is locked skipped

C:\22a525399003423dc07ad9\WapRes.1041.dll Object is locked skipped

C:\22a525399003423dc07ad9\WapRes.1042.dll Object is locked skipped

C:\22a525399003423dc07ad9\WapRes.1043.dll Object is locked skipped

C:\22a525399003423dc07ad9\WapRes.1044.dll Object is locked skipped

C:\22a525399003423dc07ad9\WapRes.1045.dll Object is locked skipped

C:\22a525399003423dc07ad9\WapRes.1046.dll Object is locked skipped

C:\22a525399003423dc07ad9\WapRes.1049.dll Object is locked skipped

C:\22a525399003423dc07ad9\WapRes.1053.dll Object is locked skipped

C:\22a525399003423dc07ad9\WapRes.1055.dll Object is locked skipped

C:\22a525399003423dc07ad9\WapRes.2052.dll Object is locked skipped

C:\22a525399003423dc07ad9\WapRes.2070.dll Object is locked skipped

C:\22a525399003423dc07ad9\WapRes.3082.dll Object is locked skipped

C:\22a525399003423dc07ad9\WapRes.dll Object is locked skipped

C:\22a525399003423dc07ad9\WapUI.dll Object is locked skipped

C:\22a525399003423dc07ad9\wcu\dotNetFramework\dotnetfx.exe Object is locked skipped

C:\22a525399003423dc07ad9\wcu\MSXML\msxml6.msi Object is locked skipped

C:\22a525399003423dc07ad9\wcu\RGBRAST\x86\RGB9RAST_x86.msi Object is locked skipped

C:\22a525399003423dc07ad9\wcu\WCF\wcf.exe Object is locked skipped

C:\22a525399003423dc07ad9\wcu\WF\WF_3.0_x86.msi Object is locked skipped

C:\22a525399003423dc07ad9\wcu\WIC\WIC_X86_ENU.exe Object is locked skipped

C:\22a525399003423dc07ad9\wcu\WPF\wpf.msi Object is locked skipped

C:\22a525399003423dc07ad9\wcu\XPS\XPSEPSC-x86-en-US.exe Object is locked skipped

C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\SupportSoft\medicsp2\SYSTEM\state\logs\sprtcmd.log Object is locked skipped

C:\Documents and Settings\LEB\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LEB\Local Settings\Application Data\Last.fm\Client\lastfmhelper.log Object is locked skipped

C:\Documents and Settings\LEB\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LEB\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LEB\Local Settings\Application Data\SupportSoft\medicsp2\LEB\state\logs\sprtcmd.log Object is locked skipped

C:\Documents and Settings\LEB\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LEB\Local Settings\Temp\Perflib_Perfdata_dac.dat Object is locked skipped

C:\Documents and Settings\LEB\Local Settings\Temp\~DF12D2.tmp Object is locked skipped

C:\Documents and Settings\LEB\Local Settings\Temp\~DF8433.tmp Object is locked skipped

C:\Documents and Settings\LEB\Local Settings\Temp\~DF8B9F.tmp Object is locked skipped

C:\Documents and Settings\LEB\Local Settings\Temp\~DFB62C.tmp Object is locked skipped

C:\Documents and Settings\LEB\Local Settings\Temp\~DFBF71.tmp Object is locked skipped

C:\Documents and Settings\LEB\Local Settings\Temp\~DFE18D.tmp Object is locked skipped

C:\Documents and Settings\LEB\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\LEB\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LEB\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LEB\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\SupportSoft\medicsp2\Compaq_Owner\state\issues\e413544e-6e02-4c62-ab5c-1bdd1ebe466d.cab Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\CA\SharedComponents\PPRT\logs\2008-02-01.csv Object is locked skipped

C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini Object is locked skipped

C:\Program Files\Compaq Connections\6750491\Users\Default\Data\chandir.dat Object is locked skipped

C:\Program Files\Compaq Connections\6750491\Users\Default\Data\chandir.idx Object is locked skipped

C:\Program Files\Compaq Connections\6750491\Users\Default\Data\chn.dat Object is locked skipped

C:\Program Files\Compaq Connections\6750491\Users\Default\Data\chn.idx Object is locked skipped

C:\Program Files\Compaq Connections\6750491\Users\Default\Data\D0000000.FCS Object is locked skipped

C:\Program Files\Compaq Connections\6750491\Users\Default\Data\inuse.txt Object is locked skipped

C:\Program Files\Compaq Connections\6750491\Users\Default\Data\L0000007.FCS Object is locked skipped

C:\Program Files\Compaq Connections\6750491\Users\Default\Data\main.log Object is locked skipped

C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs.dat Object is locked skipped

C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs.idx Object is locked skipped

C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs_die.dat Object is locked skipped

C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs_die.idx Object is locked skipped

C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs_dnd.dat Object is locked skipped

C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs_dnd.idx Object is locked skipped

C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs_ext.dat Object is locked skipped

C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs_ext.idx Object is locked skipped

C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs_rcv.dat Object is locked skipped

C:\Program Files\Compaq Connections\6750491\Users\Default\Data\prs_rcv.idx Object is locked skipped

C:\Program Files\Compaq Connections\6750491\Users\Default\Data\storydb.dat Object is locked skipped

C:\Program Files\Compaq Connections\6750491\Users\Default\Data\storydb.idx Object is locked skipped

C:\Program Files\GenuineCheck.exe Object is locked skipped

C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\setup.ilg Object is locked skipped

C:\Program Files\InstallShield Installation Information\{8653730A-683D-4C42-BB18-6471291D5DEA}\setup.ilg Object is locked skipped

C:\Program Files\InstallShield Installation Information\{D335AC77-6F59-46D6-9082-F74A9F7E0FC3}\setup.ilg Object is locked skipped

C:\Program Files\install_flash_player.exe Object is locked skipped

C:\Program Files\Mozilla Firefox\uninstall\uninstall.update Object is locked skipped

C:\Program Files\Netscape\Navigator 9\uninstall\uninstall.update Object is locked skipped

C:\Program Files\WGAPluginInstall.exe Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{A3FE4697-A95B-4476-A0D8-DD1DBA8414B7}\RP11\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\rnapxs\CSDK\urlcache\domainNames.dat Object is locked skipped

C:\WINDOWS\rnapxs\CSDK\urlcache\domainNames.idx Object is locked skipped

C:\WINDOWS\rnapxs\CSDK\urlcache\urlCacheDb.dat Object is locked skipped

C:\WINDOWS\rnapxs\CSDK\urlcache\urlCacheDb.idx Object is locked skipped

C:\WINDOWS\rnapxs\rnapxs.dat Object is locked skipped

C:\WINDOWS\rnapxs\StLst\icnStLst.dat Object is locked skipped

C:\WINDOWS\rnapxs\StLst\icnStLst.idx Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{D08F58B9-FED2-467D-B331-95DBECFA0C2A}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\_restore{A3FE4697-A95B-4476-A0D8-DD1DBA8414B7}\RP11\change.log Object is locked skipped

Scan process completed.
  • 0

#7
Rorschach112
Posted 02 February 2008 - 07:11 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean ! We need to do a few things

You can delete the tools that we used


Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#8
SpicyNHot
Posted 02 February 2008 - 09:22 PM

SpicyNHot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Thanks and blessings :) Rorschach112.. Things workout with my pc.. My computer now runs more faster.. My dad upgraded put more ram on my system 512mb.. He said when he gets time he's going to give me 1 GB of ram.. I really appreciate your time for helping me.. :)
  • 0

#9
SpicyNHot
Posted 02 February 2008 - 10:19 PM

SpicyNHot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Sorry thought I was all finish but I have a question...
I just gotten through regit scanning from cc cleaner.. For awhile week or so now I always get these same results from the regit and I do select all and it does fix.. But this error keeps coming back.. How can I fix this so these results don't come back? Thanks so much for your time again..
Posted Image
Posted Image

Edited by SpicyNHot, 02 February 2008 - 10:20 PM.

  • 0

#10
Rorschach112
Posted 03 February 2008 - 07:55 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
I wouldn't worry about those

Try this

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


Then run the scan again and try fix them


If it fails try run the scan in Safe Mode


If the problem persists, make sure CCleaner is up to date, if it is then post on the CCleaner forums


Let me know how that goes and if you have any more questions
  • 0

#11
SpicyNHot
Posted 04 February 2008 - 04:50 AM

SpicyNHot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Thanks hun so much for the help everything is running really great.. Happy with the results... :)
  • 0

#12
Rorschach112
Posted 04 February 2008 - 07:22 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP