Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer running very poorly! [RESOLVED]


  • This topic is locked This topic is locked

#91
racinmason001

racinmason001

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts
yes emachines is the default site I didnt choose it.I am waiting for the log l2mfix.
  • 0

Advertisements


#92
racinmason001

racinmason001

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts
here is that report.

L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{D1FB6C78-10FD-45cd-8FF4-8267D62992FB}"="CompuServe"
"{F802F260-519B-11D1-BB5D-0060974C6013}"="ICQ Shell Extension"
"{955B7B84-5308-419c-8ED8-0B9CA3C56985}"="America Online"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
spmsg.dll Thu Feb 24 2005 8:35:06p ..... 14,048 13.72 K
symneti.dll Tue Apr 5 2005 11:17:04a A.... 517,848 505.71 K
symredir.dll Tue Apr 5 2005 11:17:04a A.... 132,824 129.71 K

3 items found: 3 files, 0 directories.
Total of file sizes: 664,720 bytes 649.14 K
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is CC98-2F46

Directory of C:\WINDOWS\System32

04/30/2005 10:46 PM <DIR> dllcache
11/10/2003 03:38 PM <DIR> Microsoft
0 File(s) 0 bytes
2 Dir(s) 76,534,833,152 bytes free
  • 0

#93
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Run HiJackThis and place a check next to the following items and click FIX CHECKED:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/

O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com


Close HiJackThis.

Go to Start > Run and type:

sfc /scannow

Let it run.

When that's done, download, install, and run CleanUp! (so the scan won't take as long because cleanup will clear temporary files and cookies)

Then, please run this online virus scan:
ActiveScan

Copy the results of the ActiveScan and paste them here.
  • 0

#94
racinmason001

racinmason001

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts
OK I ran the sfc /scannow and didnt have to download or install anything dunno if thats good or bad comp is still real slow and the log on error is still happening. I'm running clean up and active scan right now will post results.
  • 0

#95
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Unfortunately, your user profile may be corrupt...so my suggestion would be to try to create a new user profile and deleting the corrupt one (NO guarantees it will work!). I can give you the instructions on doing this without losing data.
  • 0

#96
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Since I have no idea how long it's going to take to run ActiveScan, I'm headed to bed and I will be on in the morning to check out your ActiveScan log. Also, there is another program I need you to download and run, but it takes forever to do:

I need you to download MWav

This scan might take around 3+ hours to finish when set to scan everything. I need you to run MWav, put a check next to below items before scanning:

*Memory
*Startup Folders
*Drive - All Local Drives
*Folder - then click "browse" to change the directory to C: (default is C:\Windows)
*Registry
*System Folders
*Services
*Include Sub-Directory
*Scan All Files

Please make sure ALL of these are checked, then press the scan button. This will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

Highlight the portion of the scan that lists infected items and hold CTRL + C to Copy then paste it here. The whole log will be extremely big so there is no way to copy the whole thing. I just need the infected items list.
  • 0

#97
racinmason001

racinmason001

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts
I cant run active scan with netscape and my internet explorer is still all screwed up!
  • 0

#98
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Ok, that's fine, please following the instructions in post #96.
  • 0

#99
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
What exactly is wrong with your Internet Explorer? Does it freeze up or just not allow you to download programs?

Feel like doing an IE repair install?

Edited by bananafanafo, 11 May 2005 - 07:51 PM.

  • 0

#100
racinmason001

racinmason001

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts
if I bought that microworld antivirus would it get rid of all the viruses it finds.sure I can do a ie repair just give me the instructions on how to do it.
  • 0

Advertisements


#101
racinmason001

racinmason001

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts
yes ie just freezes when I try to use it.
  • 0

#102
racinmason001

racinmason001

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts
microworl has been scanning for 7 hours now and has scanned 17000 files how many does it scan???
  • 0

#103
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
It scans EVERYTHING! Wow, 7 hours!! I have a feeling your log is going to be huge!

You don't have to purchase the program as we can kill off the files it finds with Killbox - I especially wouldn't purchase it right now with the infections you have because something may steal your cc number :tazz: So, we'll take care of it!

Don't forget I only need the infected items list.

We'll hold off on the IE install until after killing of files MWav finds and see how it goes.
  • 0

#104
racinmason001

racinmason001

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts
ok sounds cool.
  • 0

#105
racinmason001

racinmason001

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts
I had to scan in safe mode because after 10 hours of scanning the comp restarted it self why? I do not know but here is the virus log.

[msvLclnt.dll] [0x00000a40] 01/05/2005 16:11:32:921 :ModuleName = C:\DOCUME~1\Joey\LOCALS~1\Temp\mwavscan.com
[msvLclnt.dll] [0x00000a40] 01/05/2005 16:11:32:921 :WARNING!!! "Autokey" Not Found
[msvLclnt.dll] [0x00000a40] 01/05/2005 16:11:35:453 :Options Set by External applications mwavscan.com are 9896960 (0x970400):
[msvLclnt.dll] [0x00000a40] 01/05/2005 16:11:35:468 :Mode :PACKED,ARCHIVED,CA,WARNINGS,MAILPLAIN
[msvLclnt.dll] [0x00000a40] 01/05/2005 16:11:35:468 :TimeOut : ffffffff
[msvLclnt.dll] [0x00000a40] 01/05/2005 16:11:35:468 :Priority : NORMAL
[msvLclnt.dll] [0x00000a40] 01/05/2005 16:11:41:406 :VirusCount = 127682 Latest Date = 2005/04/29
[msvLclnt.dll] [0x000005a8] 01/05/2005 16:27:13:828 :ModuleName = C:\Documents and Settings\Joey\Local Settings\Temp\mwavscan.com
[msvLclnt.dll] [0x000005a8] 01/05/2005 16:27:13:921 :Registry Key Deleted Properly!!!
[msvLclnt.dll] [0x000005a8] 01/05/2005 16:27:41:015 :Options Set by External applications mwavscan.com are 9896960 (0x970400):
[msvLclnt.dll] [0x000005a8] 01/05/2005 16:27:41:109 :Mode :PACKED,ARCHIVED,CA,WARNINGS,MAILPLAIN
[msvLclnt.dll] [0x000005a8] 01/05/2005 16:27:41:171 :TimeOut : ffffffff
[msvLclnt.dll] [0x000005a8] 01/05/2005 16:27:41:203 :Priority : NORMAL
[msvLclnt.dll] [0x000005a8] 01/05/2005 16:28:22:031 :VirusCount = 127682 Latest Date = 2005/04/29
[msvLclnt.dll] [0x00000a3c] 01/05/2005 16:29:11:812 :VirusCount = 127682 Latest Date = 2005/04/29
[msvLclnt.dll] [0x000005a8] 01/05/2005 16:29:27:671 :VirusCount = 127682 Latest Date = 2005/04/29
[msvLclnt.dll] [0x00000aac] 01/05/2005 16:41:38:046 :[00000001] File C:\WINDOWS\INETSVC.EXE infected by Backdoor.Win32.SdBot.xd
[msvLclnt.dll] [0x00000aac] 01/05/2005 16:49:03:515 :[00000001] File C:\WINDOWS\System32\i infected by Trojan-Downloader.BAT.Ftp.ab
[msvLclnt.dll] [0x00000aac] 01/05/2005 17:01:56:437 :[00000001] File C:\WINDOWS\System32\Process.exe infected by not-a-virus:RiskWare.Tool.Processor.20
[msvLclnt.dll] [0x00000aac] 01/05/2005 17:56:37:218 :[00000001] File C:\Documents and Settings\Joey\Desktop\l2mfix\Process.exe infected by not-a-virus:RiskWare.Tool.Processor.20
[msvLclnt.dll] [0x00000aac] 01/05/2005 18:22:21:625 :[00000001] File C:\Program Files\America Online 9.0\Jiti\Jiti_mm.exe infected by not-a-virus:Tool.Win32.Reboot
[msvLclnt.dll] [0x00000aac] 01/05/2005 21:08:20:375 :[00000001] File C:\Program Files\Netscape\Netscape 6\l2mfix.exe infected by not-a-virus:RiskWare.Tool.Processor.20
[msvLclnt.dll] [0x00000aac] 01/05/2005 21:18:23:156 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\02CA5D1C infected by Backdoor.Win32.Rbot.gen
[msvLclnt.dll] [0x00000aac] 01/05/2005 21:18:25:265 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\06E93EDE infected by Backdoor.Win32.Rbot.gen
[msvLclnt.dll] [0x00000aac] 01/05/2005 21:18:26:453 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\0C5C3C49 infected by not-a-virus:AdWare.Wintol.y
[msvLclnt.dll] [0x00000aac] 01/05/2005 21:18:27:078 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\134F40EF infected by Backdoor.Win32.Codbot.z
[msvLclnt.dll] [0x00000aac] 01/05/2005 21:18:27:890 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\137D0E45 infected by not-a-virus:AdWare.WinAD.af
[msvLclnt.dll] [0x00000aac] 01/05/2005 21:18:28:406 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\17753C40 infected by Trojan.Win32.Rootkit.h
[msvLclnt.dll] [0x00000aac] 01/05/2005 21:18:28:937 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\180D33B9 infected by Backdoor.Win32.Codbot.z
[msvLclnt.dll] [0x00000aac] 01/05/2005 21:18:30:234 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\22A00237 infected by not-a-virus:AdWare.WinAD.ai
[msvLclnt.dll] [0x00000aac] 01/05/2005 21:18:31:265 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\2E303E35 infected by not-a-virus:AdWare.WebSearch.af
[msvLclnt.dll] [0x00000aac] 01/05/2005 21:18:32:328 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\39C07A34 infected by not-a-virus:AdWare.Wintol.y
[msvLclnt.dll] [0x00000aac] 01/05/2005 21:18:39:937 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\3F6B2D41 infected by Backdoor.Win32.Rbot.gen
[msvLclnt.dll] [0x00000aac] 01/05/2005 21:18:41:578 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\43D664AE infected by Backdoor.Win32.Rbot.gen
[msvLclnt.dll] [0x00000aac] 01/05/2005 21:18:44:500 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\4F5D4F23 infected by Backdoor.Win32.Rbot.gen
[msvLclnt.dll] [0x00000aac] 01/05/2005 21:18:45:578 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\64122CF2 infected by not-a-virus:AdWare.Wintol.aa
[msvLclnt.dll] [0x00000aac] 01/05/2005 21:18:46:625 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\68686036 infected by not-a-virus:AdWare.WinAD.ag
[msvLclnt.dll] [0x00000aac] 01/05/2005 21:18:48:171 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\69586C43 infected by Backdoor.Win32.Rbot.gen
[msvLclnt.dll] [0x00000aac] 01/05/2005 21:18:49:453 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\6B327EEE infected by not-a-virus:AdWare.WinAD.ai
[msvLclnt.dll] [0x00000aac] 01/05/2005 21:19:00:468 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\720A5494 infected by not-a-virus:AdWare.WinAD.ai
[msvLclnt.dll] [0x00000aac] 01/05/2005 21:19:07:109 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\73F81C35 infected by not-a-virus:AdWare.WebSearch.af
[msvLclnt.dll] [0x00000aac] 01/05/2005 21:19:07:671 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\76B74D8D infected by Backdoor.Win32.Codbot.z
[msvLclnt.dll] [0x00000aac] 01/05/2005 21:19:08:234 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\77FD7D03 infected by Trojan.Win32.Rootkit.h
[msvLclnt.dll] [0x00000aac] 01/05/2005 21:19:09:140 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\782474D7 infected by not-a-virus:AdWare.WebSearch.af
[msvLclnt.dll] [0x00000aac] 01/05/2005 21:19:10:062 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\78271ED4 infected by not-a-virus:AdWare.WebSearch.ae
[msvLclnt.dll] [0x00000aac] 01/05/2005 21:19:11:406 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\782A48D0 infected by not-a-virus:AdWare.WinAD.ai
[msvLclnt.dll] [0x00000aac] 01/05/2005 21:19:12:609 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\782E72CD infected by not-a-virus:AdWare.WebSearch.af
[msvLclnt.dll] [0x00000aac] 01/05/2005 21:19:13:453 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\78311CC9 infected by not-a-virus:AdWare.WebSearch.f
[msvLclnt.dll] [0x00000aac] 01/05/2005 21:19:14:453 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\783446C5 infected by not-a-virus:AdWare.Wintol.aa
[msvLclnt.dll] [0x00000aac] 01/05/2005 21:19:15:578 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\783770C2 infected by Trojan-Downloader.Win32.Wintool.f
[msvLclnt.dll] [0x00000aac] 02/05/2005 00:45:33:468 :[00000001] File C:\WINDOWS\INETSVC.EXE infected by Backdoor.Win32.SdBot.xd
[msvLclnt.dll] [0x00000c34] 02/05/2005 10:43:32:921 :ModuleName = C:\Documents and Settings\Joey\Local Settings\Temp\mwavscan.com
[msvLclnt.dll] [0x00000c34] 02/05/2005 10:43:38:031 :Registry Key Deleted Properly!!!
[msvLclnt.dll] [0x00000c34] 02/05/2005 10:44:31:718 :Options Set by External applications mwavscan.com are 9896960 (0x970400):
[msvLclnt.dll] [0x00000c34] 02/05/2005 10:44:36:750 :Mode :PACKED,ARCHIVED,CA,WARNINGS,MAILPLAIN
[msvLclnt.dll] [0x00000c34] 02/05/2005 10:44:41:921 :TimeOut : ffffffff
[msvLclnt.dll] [0x00000c34] 02/05/2005 10:44:47:125 :Priority : NORMAL
[msvLclnt.dll] [0x00000c34] 02/05/2005 10:46:22:593 :VirusCount = 120257 Latest Date = 2005/05/02
[msvLclnt.dll] [0x00000338] 02/05/2005 10:53:11:468 :ModuleName = C:\Documents and Settings\Joey\Local Settings\Temp\mwavscan.com
[msvLclnt.dll] [0x00000338] 02/05/2005 10:53:11:484 :Registry Key Deleted Properly!!!
[msvLclnt.dll] [0x00000338] 02/05/2005 10:53:15:843 :Options Set by External applications mwavscan.com are 9896960 (0x970400):
[msvLclnt.dll] [0x00000338] 02/05/2005 10:53:15:843 :Mode :PACKED,ARCHIVED,CA,WARNINGS,MAILPLAIN
[msvLclnt.dll] [0x00000338] 02/05/2005 10:53:15:843 :TimeOut : ffffffff
[msvLclnt.dll] [0x00000338] 02/05/2005 10:53:15:859 :Priority : NORMAL
[msvLclnt.dll] [0x00000338] 02/05/2005 10:53:20:031 :VirusCount = 120257 Latest Date = 2005/05/02
[msvLclnt.dll] [0x00000480] 02/05/2005 10:54:22:109 :[00000001] File C:\WINDOWS\INETSVC.EXE infected by Backdoor.Win32.SdBot.xd
[msvLclnt.dll] [0x00000480] 02/05/2005 10:55:08:875 :[00000001] File C:\WINDOWS\System32\i infected by Trojan-Downloader.BAT.Ftp.ab
[msvLclnt.dll] [0x00000480] 02/05/2005 11:20:27:109 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\02CA5D1C infected by Backdoor.Win32.Rbot.gen
[msvLclnt.dll] [0x00000480] 02/05/2005 11:20:27:437 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\06E93EDE infected by Backdoor.Win32.Rbot.gen
[msvLclnt.dll] [0x00000480] 02/05/2005 11:20:27:687 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\134F40EF infected by Backdoor.Win32.Codbot.z
[msvLclnt.dll] [0x00000480] 02/05/2005 11:20:27:921 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\17753C40 infected by Trojan.Win32.Rootkit.h
[msvLclnt.dll] [0x00000480] 02/05/2005 11:20:28:031 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\180D33B9 infected by Backdoor.Win32.Codbot.z
[msvLclnt.dll] [0x00000480] 02/05/2005 11:20:29:921 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\3F6B2D41 infected by Backdoor.Win32.Rbot.gen
[msvLclnt.dll] [0x00000480] 02/05/2005 11:20:30:234 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\43D664AE infected by Backdoor.Win32.Rbot.gen
[msvLclnt.dll] [0x00000480] 02/05/2005 11:20:31:265 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\4F5D4F23 infected by Backdoor.Win32.Rbot.gen
[msvLclnt.dll] [0x00000480] 02/05/2005 11:20:32:078 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\69586C43 infected by Backdoor.Win32.Rbot.gen
[msvLclnt.dll] [0x00000480] 02/05/2005 11:20:32:921 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\76B74D8D infected by Backdoor.Win32.Codbot.z
[msvLclnt.dll] [0x00000480] 02/05/2005 11:20:33:000 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\77FD7D03 infected by Trojan.Win32.Rootkit.h
[msvLclnt.dll] [0x00000480] 02/05/2005 11:20:35:187 :[00000001] File C:\Program Files\Norton AntiVirus\Quarantine\783770C2 infected by Trojan-Downloader.Win32.Wintool.f
[msvLclnt.dll] [0x00000480] 02/05/2005 11:39:33:281 :[00000001] File C:\WINDOWS\INETSVC.EXE infected by Backdoor.Win32.SdBot.xd
[msvLclnt.dll] [0x00000480] 02/05/2005 12:52:22:750 :VirusCount = 120257 Latest Date = 2005/05/02
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP