Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

can anyone help me with my HJT log? [RESOLVED]

Started by funnyface , Apr 05 2008 06:45 AM

  • This topic is locked This topic is locked

#1
funnyface
Posted 05 April 2008 - 06:45 AM

funnyface

    Member

  • Member
  • PipPip
  • 31 posts
Hello I am having some issues with my computer, I really don't think its spyware but I do have alots of running processes in my task manger and its using all my cpu usage and memory. Would somebody kindly help me out with this, all help will be greatly appericate.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:16 AM, on 4/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 3145 bytes
  • 0

Advertisements

#2
sage5
Posted 05 April 2008 - 06:52 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi funnyface,

Welcome to Geeks to Go!
My name is sage5, and I will be helping you with this problem.

Please download the following & save to your Desktop:
VundoFix.exe
OTMoveIt2 by OldTimer.
Deckard's System Scanner



Run VundoFix.exe:
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click OK in the new window
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.


Run Deckard's System Scanner:
  • Close all other windows before proceeding.
  • Double click on the dss.exe file on your Desktop and follow the prompts.
  • Scans will run, and 2 text files will open in Notepad.
  • Close both of the text files.
These files are C:\Deckard\System Scanner\main.txt & extra.txt.
I will need you to copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of
  • main.txt
  • extra.txt
  • C:\vundofix.txt
in your next reply.



The text from these files may exceed the maximum post length for this forum, and may need to be sent over 2 or more posts. Please ensure all text is posted.

Cheers,

sage5
  • 0

#3
funnyface
Posted 05 April 2008 - 07:02 AM

funnyface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Thank you Sage5 for your response, I am now following your instructions and will post the results a.s.a.p
lee
  • 0

#4
funnyface
Posted 05 April 2008 - 08:10 AM

funnyface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Alright Sage 5 here are the results...........

VundoFix V7.0.3

Scan started at 8:57:41 AM 4/5/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

and the HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:51 AM, on 4/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 3097 bytes

thanks
  • 0

#5
funnyface
Posted 05 April 2008 - 08:13 AM

funnyface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
here are the results of the system scanner...........

Deckard's System Scanner v20071014.68
Run by User on 2008-04-05 09:57:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
14: 2008-04-05 13:57:23 UTC - RP25 - Deckard's System Scanner Restore Point
13: 2008-04-05 03:42:41 UTC - RP24 - Software Distribution Service 3.0
12: 2008-04-05 00:04:10 UTC - RP23 - Installed Ad-Aware 2007
11: 2008-04-04 21:28:25 UTC - RP22 - Removed Nero 7 Ultra Edition
10: 2008-04-04 21:08:12 UTC - RP21 - Installed TuneUp Utilities 2006


-- First Restore Point --
1: 2008-01-06 10:35:07 UTC - RP12 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as User.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:31 AM, on 4/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\User\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\User.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 3079 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080404-223932-431 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20080404-225257-345 O23 - Service: setup_7.0.0.180_04.04.2008_21-34[1] - Kaspersky Lab - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_04.04.2008_21-34[1].exe
backup-20080404-225257-500 O4 - HKLM\..\Run: [AVP] "C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_04.04.2008_21-34[1].exe"
backup-20080405-001259-864 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
backup-20080405-001351-737 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
backup-20080405-072156-925 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
backup-20080405-072157-249 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
backup-20080405-072157-278 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
backup-20080405-072157-312 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
backup-20080405-072157-458 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
backup-20080405-072157-530 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
backup-20080405-072157-815 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 BOCDRIVE (BOClean Kernel Monitor.) - c:\program files\comodo\cboclean\bocdrive.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - "c:\program files\tuneup utilities 2006\winstylerthemesvc.exe" <Not Verified; TuneUp Software GmbH; TuneUp Utilities>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-04 18:59:35 262 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job
2008-04-04 18:59:34 336 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job
2008-04-04 17:16:47 388 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-03-05 and 2008-04-05 -----------------------------

2008-04-05 08:57:41 0 d-------- C:\VundoFix Backups
2008-04-05 07:40:40 0 d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-04-05 07:40:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-05 07:40:26 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-05 00:42:08 0 dr-h----- C:\Documents and Settings\User\Recent
2008-04-04 23:46:02 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-04 23:40:16 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-04-04 23:40:16 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-04-04 23:40:16 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-04-04 23:40:16 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-04-04 23:40:15 153088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-04-04 23:31:55 0 d-------- C:\Downloads
2008-04-04 23:31:54 0 d-------- C:\Documents and Settings\User\Application Data\GetRightToGo
2008-04-04 23:11:23 0 d-------- C:\Program Files\Enigma Software Group
2008-04-04 21:40:57 0 d-------- C:\Program Files\Trend Micro
2008-04-04 20:50:15 0 d-------- C:\Program Files\Alwil Software
2008-04-04 20:04:25 0 d-------- C:\Program Files\Lavasoft
2008-04-04 20:04:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-04 19:44:14 208896 --a------ C:\WINDOWS\CMDLIC.DLL <Not Verified; COMODO; COMODO BOClean - AntiMalware>
2008-04-04 19:44:01 0 d-------- C:\Program Files\Comodo
2008-04-04 19:05:30 350240 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-04 18:44:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-04-04 18:39:54 0 d-------- C:\Documents and Settings\User\Application Data\Uniblue
2008-04-04 18:39:48 0 d-------- C:\Program Files\Uniblue
2008-04-04 17:08:42 0 d-------- C:\Program Files\TuneUp Utilities 2006
2008-04-04 17:08:42 0 d-------- C:\Documents and Settings\User\Application Data\TuneUp Software
2008-04-04 17:06:43 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-04-04 17:06:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 16:44:53 0 d-------- C:\WINDOWS\pss
2008-04-04 15:39:00 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-04 05:40:27 0 d-------- C:\Documents and Settings\User\Application Data\acccore
2008-04-04 05:34:55 0 d-------- C:\Documents and Settings\User\Application Data\Yahoo!
2008-04-03 22:51:41 0 d-------- C:\Documents and Settings\User\Application Data\Macromedia
2008-04-03 22:51:14 0 d-------- C:\Documents and Settings\User\Application Data\Adobe
2008-04-03 22:50:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-03 22:50:01 0 d-------- C:\Program Files\Yahoo!
2008-04-03 21:27:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-03 21:27:30 0 d-------- C:\Program Files\Viewpoint
2008-04-03 21:24:59 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-04-03 21:24:59 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-04-03 21:22:32 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-04-03 21:22:31 335 --a------ C:\WINDOWS\nsreg.dat
2008-03-18 16:43:33 0 d-------- C:\Program Files\Microsoft Silverlight


-- Find3M Report ---------------------------------------------------------------

2008-04-04 18:15:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-04 18:15:33 0 d-------- C:\Program Files\CyberLink
2008-04-04 17:29:14 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-04 17:06:26 0 d-------- C:\Program Files\Common Files
2008-04-03 21:18:33 0 d-------- C:\Program Files\Common Files\InstallShield


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [07/28/2003 02:19 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/29/2008 02:37 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 06:56 PM]
"NVIEW"="nview.dll,nViewLoadHook" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m




-- End of Deckard's System Scanner: finished at 2008-04-05 09:59:55 ------------
  • 0

#6
funnyface
Posted 05 April 2008 - 08:14 AM

funnyface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
and the rest of the scanner results...........
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Celeron processor
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 511.48 MiB / 242.91 MiB
Pagefile Memory (total/avail): 1866.27 MiB / 1611.09 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.93 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 37.26 GiB total, 31.51 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 55.91 GiB total, 55.81 GiB free.

\\.\PHYSICALDRIVE1 - QUANTUM FIREBALLP AS60.0 - 55.91 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 55.91 GiB - E:

\\.\PHYSICALDRIVE0 - WDC WD400BB-75CLB0 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
FirewallOverride is set.

AV: avast! antivirus 4.8.1169 [VPS 080404-0] v4.8.1169 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\\Program Files\\Common Files\\AOL\\1207272408\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1207272408\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1207272408\\ee\\AOLDesktop.exe"="C:\\Program Files\\Common Files\\AOL\\1207272408\\ee\\AOLDesktop.exe:*:Enabled:AOL Desktop"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\User\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DELL-C74AAE9D92
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\User
LOGONSERVER=\\DELL-C74AAE9D92
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=080a
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\User\LOCALS~1\Temp
TMP=C:\DOCUME~1\User\LOCALS~1\Temp
USERDOMAIN=DELL-C74AAE9D92
USERNAME=User
USERPROFILE=C:\Documents and Settings\User
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

User (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Network Connections Drivers --> Prounstl.exe
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TuneUp Utilities 2006 --> MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type436 / Warning
Event Submitted/Written: 04/05/2008 07:13:08 AM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type435 / Warning
Event Submitted/Written: 04/05/2008 07:13:08 AM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .

Event Record #/Type433 / Warning
Event Submitted/Written: 04/04/2008 11:58:56 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type432 / Warning
Event Submitted/Written: 04/04/2008 11:58:55 PM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .

Event Record #/Type430 / Warning
Event Submitted/Written: 04/04/2008 08:54:18 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2112 / Error
Event Submitted/Written: 04/05/2008 09:57:20 AM
Event ID/Source: 11 / Disk
Event Description:
The driver detected a controller error on \Device\Harddisk0\D.

Event Record #/Type2111 / Error
Event Submitted/Written: 04/05/2008 08:15:08 AM
Event ID/Source: 11 / Disk
Event Description:
The driver detected a controller error on \Device\Harddisk0\D.

Event Record #/Type2109 / Error
Event Submitted/Written: 04/05/2008 07:51:26 AM
Event ID/Source: 11 / Disk
Event Description:
The driver detected a controller error on \Device\Harddisk0\D.

Event Record #/Type2108 / Error
Event Submitted/Written: 04/05/2008 07:40:46 AM
Event ID/Source: 11 / Disk
Event Description:
The driver detected a controller error on \Device\Harddisk0\D.

Event Record #/Type2107 / Error
Event Submitted/Written: 04/05/2008 07:40:46 AM
Event ID/Source: 5 / atapi
Event Description:
A parity error was detected on \Device\Ide\IdePort0.



-- End of Deckard's System Scanner: finished at 2008-04-05 09:59:55 ------------
  • 0

#7
funnyface
Posted 05 April 2008 - 08:20 AM

funnyface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
now I will await for your reply....
thanks
lee
  • 0

#8
sage5
Posted 05 April 2008 - 08:29 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
I don't think there is anything much as far as malware operating on this PC, however, to be sure can you

Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to C:\active_scan.txt
  • Post the contents of the TotalScan report

We can have a look at what else might be slowing you down next.

Cheers,

sage5
  • 0

#9
funnyface
Posted 05 April 2008 - 09:32 AM

funnyface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
ok, when I tried to download the panda software my Avast virus system said a virus was in the the panda download, so I aborted the download, I dont need that headache....lol

Can you anything that is slowing down my computer based on the logs I posted, I feel comfortable that there is no trojans, malware, etc,,, but I feel confident that something is indeed going on....
thanks
lee
  • 0

#10
sage5
Posted 05 April 2008 - 07:35 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Sometimes anti-virus software flags scanning applications as problems, because they use the some of the same routines that malware uses.
You can rest assured that the Panda issue is just one of these "false positives".
Please continue with the download & run the scan.
I need to be able to rule malware out of the equation before we press on.

Cheers,

sage5
  • 0

Advertisements

#11
funnyface
Posted 05 April 2008 - 07:39 PM

funnyface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I am going to put my faith in you and run the Panda scan.....nervously I might add. :)
lee
  • 0

#12
funnyface
Posted 06 April 2008 - 03:54 AM

funnyface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Well it took all night to run the scan and I just got the results for you....

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-04-06 05:41:11
PROTECTIONS: 1
MALWARE: 16
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
avast! antivirus 4.8.1169 [VPS 080405-1] 4.8.1169 No Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@atdmt[3].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@atdmt[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@fastclick[3].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@tribalfusion[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\[email protected][2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\[email protected][1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@burstnet[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@burstnet[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@advertising[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\[email protected][2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\[email protected][1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@zedo[3].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@adrevolver[3].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@adrevolver[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@target[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@atwola[2].txt
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location 
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description 
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================

of course I am far from being an expert in this matter, but, I don't think that I have any infections. I do have the program Ckeanup, and will be using it to get rid of these.
I will await your reply
lee
  • 0

#13
sage5
Posted 06 April 2008 - 06:37 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi funnyface,


I think that we can safely rule out malware.
As for the rest:

There is this line in your HijackThis Log:

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook


It gets decribed in CastleCops Startup List as:
This is a DLL to enable multiple display monitors on a single computer. It can be a cause of numerous problems on some computers.
In your case the .dll is missing, but the Run command will still be slowing down startup

2008-04-04 23:40:16 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-04-04 23:40:16 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-04-04 23:40:16 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-04-04 23:40:16 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-04-04 23:40:15 153088 --a------ C:\WINDOWS\system32\unrar3.dll


These are all created/loaded at the same time, so could be part of an install

They all look to be part of ZipTV
Is this some software that you installed or use? If not delete the following:

C:\WINDOWS\system32\ztvunrar36.dll
C:\WINDOWS\system32\ztvunace26.dll
C:\WINDOWS\system32\ztvcabinet.dll
C:\WINDOWS\system32\unacev2.dll
C:\WINDOWS\system32\unrar3.dll


Viewpoint Media Player:
Use Add/Remove Programs page to remove anything with Viewpoint in its name.


Run OTMoveIt2:
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\ztvunrar36.dll
C:\WINDOWS\system32\ztvunace26.dll
C:\WINDOWS\system32\ztvcabinet.dll
C:\WINDOWS\system32\unacev2.dll
C:\WINDOWS\system32\unrar3.dll
C:\WINDOWS\system32\d3d8caps.dat
C:\Program Files\Viewpoint
C:\Program Files\Enigma Software Group
  • Return to OTMoveIt, right click on the "Paste list of Files/Folders to be moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Open Notepad
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy).
  • Paste the text into the Notepad file, click in the window and press Ctrl + V.
  • Click "Exit" to close OTMoveIt.
  • Save the text file as C:\otmove.txt
(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)


Please tell me if you are still suffering the slow performance of before?
  • 0

#14
funnyface
Posted 06 April 2008 - 08:27 AM

funnyface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
well hopefully I did everything correctly, I am going to reboot and see...........then I will post to results for you to check.
thanks
lee
  • 0

#15
funnyface
Posted 06 April 2008 - 08:40 AM

funnyface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I honestly can not express my graditute to you at this point.....before following your instruction, the boot up time on this computer took forever, now it only took seconds :) . You have been an invaluable teacher, I have learned quite a lot from you, and I will be keeping the programs you introduced me to.


Is there anything else that might be compromising my cpu?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP