Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help me?


  • Please log in to reply

#16
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Yes..Please remove anything it Identified!
  • 0

Advertisements


#17
Pianoman16

Pianoman16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 183 posts
After deleting the files in Hijackthis, the internet browser became a lot faster, it opens quicker and browses better. As far as the things that Kapesky thing went, I haven't noticed a diffrence in anything after that.
  • 0

#18
Pianoman16

Pianoman16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 183 posts
I have another problem now too... When I was removing everything that the scan found, I accidentally clicked on one of the programs opened it. Now I can't stop it. Media Access and MediaAccK are running process and i can't end them. Evrytime I do they start back up in less than a second. I cant delete the folder there in because they are constantly running. How do i get rid of them?
  • 0

#19
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Look in Add\Remove Programs for both entries and then go into Safe Mode and Locate the Folders inside the Program Files folder and Delete them again and empty the Recycle Bin!

Then Restart and Post a fresh HijackThis Log!
  • 0

#20
Pianoman16

Pianoman16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 183 posts
Logfile of HijackThis v1.99.1
Scan saved at 5:28:52 PM, on 7/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\bearshare\BearShare.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Nathaniel\My Documents\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O12 - Plugin for .pdf: c:\program files\adobe\acrobat 7.0\reader\browser\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113790688109
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
  • 0

#21
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK,Undo any realtime protection from programs like SpyWare Guard or the like!

Go to Add\Remove Program and Remove

Bear Share
MediaAccess


Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.


Restart In Safe Mode

Run Hoster and DelDomains again just like in the First Post

Locate and Delete


C:\Program Files\Media Access<< Folder

C:\Program Files\BearShare<< Folder


Run both CleanUp and CCleaner!


Scan the PC with Ewido-> Make sure to Clean everything it finds-> Make sure to Click the Tab to Save a Report!


Open HijackThis and put a check next to these

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe

Now Click the "Fix Checked" Button

Restart Normal and Run either Online Scan from Kaspersky or Panda!

Post a fresh HijackThis log along with all reports!
  • 0

#22
Pianoman16

Pianoman16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 183 posts
The Ewido results...

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:13:38 AM, 7/16/2005
+ Report-Checksum: 4C9158E

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned without backup
HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Cleaned without backup
HKU\S-1-5-21-57989841-1500820517-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned without backup
HKU\S-1-5-21-57989841-1500820517-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned without backup
HKU\S-1-5-21-57989841-1500820517-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned without backup
HKU\S-1-5-21-57989841-1500820517-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned without backup
HKU\S-1-5-21-57989841-1500820517-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned without backup


::Report End

And the HijackThis log...

Logfile of HijackThis v1.99.1
Scan saved at 9:43:33 AM, on 7/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Nathaniel\My Documents\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O12 - Plugin for .pdf: c:\program files\adobe\acrobat 7.0\reader\browser\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113790688109
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
  • 0

#23
Pianoman16

Pianoman16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 183 posts
:tazz: I can't believe I forgot to update Ewido before running it! I updated it now and will scan again!
  • 0

#24
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Post a log from HijackThis with all enabled and in Normal Mode!

I think you got it this time!
  • 0

#25
Pianoman16

Pianoman16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 183 posts
Here's the new scan results...

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:55:58 AM, 7/16/2005
+ Report-Checksum: 848DF969

+ Scan result:

C:\Documents and Settings\Nathaniel\Local Settings\Temp\temp.fr60F6\MediaAccess.exe -> Spyware.WinAD : Cleaned without backup
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c3iilewo.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP119\A0052826.dll -> Spyware.Wheaterbug : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP121\A0057638.exe -> Trojan.Crypt.c : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP121\A0057651.exe -> Trojan.LowZones.y : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP121\A0057661.exe -> Trojan.Crypt.c : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP121\A0057662.exe -> Trojan.Crypt.c : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP121\A0057663.exe -> Trojan.Crypt.c : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP121\A0057664.exe -> Trojan.Crypt.c : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP121\A0057667.exe -> Trojan.Crypt.c : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP121\A0057671.dll -> Trojan.Agent.co : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP121\A0057675.exe -> TrojanDownloader.Small.bct : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP122\A0058636.exe -> Trojan.Crypt.c : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP123\A0059639.exe -> Trojan.Crypt.c : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP123\A0060632.exe -> Trojan.Crypt.c : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP123\A0060633.dll -> Trojan.Agent.co : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP123\A0060635.exe -> Trojan.Crypt.c : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP124\A0060660.exe -> Trojan.Crypt.c : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP124\A0060661.exe -> Trojan.Crypt.c : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP124\A0060662.exe -> Trojan.Crypt.c : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP124\A0060664.dll -> Trojan.Agent.co : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP124\A0060715.exe -> Trojan.Crypt.c : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP124\A0060723.exe -> Trojan.Crypt.c : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP124\A0060724.exe -> Trojan.Crypt.c : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP124\A0060725.exe -> Trojan.Crypt.c : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP124\A0060726.dll -> Trojan.Agent.co : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP124\A0060729.exe -> Trojan.Crypt.c : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP124\A0060744.dll -> Spyware.HotSearchBar : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP124\A0060749.exe -> Trojan.Crypt.c : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP124\A0060750.exe -> Trojan.Crypt.c : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP124\A0060752.exe -> Trojan.Crypt.c : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP124\A0060756.exe -> Trojan.Crypt.c : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP124\A0060776.exe -> Heuristic.Win32.Hijacker1 : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP124\A0060780.exe -> Backdoor.Padodor.az : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP124\A0060781.exe -> Trojan.LowZones.y : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP124\A0060782.exe -> TrojanDownloader.Small.bct : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP124\A0060924.sys -> Backdoor.Haxdoor : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP124\A0060925.sys -> Backdoor.Haxdoor : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP142\A0064382.exe/WEBREB~1.EXE -> Spyware.WinAD : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP142\A0064386.exe -> Adware.SaveNow : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP142\A0064395.dll -> Spyware.WinAD : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP142\A0064396.exe -> Spyware.WinAD : Cleaned without backup
C:\System Volume Information\_restore{E8D80984-BC7C-495C-BFA0-118E9A5282DE}\RP95\A0046563.exe -> Adware.SaveNow : Cleaned without backup


::Report End
  • 0

Advertisements


#26
Pianoman16

Pianoman16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 183 posts
And the new HijackThis log...

Logfile of HijackThis v1.99.1
Scan saved at 11:58:26 AM, on 7/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Nathaniel\My Documents\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O12 - Plugin for .pdf: c:\program files\adobe\acrobat 7.0\reader\browser\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113790688109
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
  • 0

#27
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK,looks better!

Disable System Restore and lets leave it Disabled until we know its a clean PC!


Lets do a manual Temp file\folder cleaning!

Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp; but not temp itself!)

C:\Windows\Temp\

C:\Windows\System32\Temp\

C:\Documents and Settings\Owner\Local Settings\Temp\

C:\Documents and Settings\<Your Profile>\Local Settings\Temp\

C:\Documents and Settings\<All other users Profile>\Local Settings\Temp\

Empty your "Recycle Bin"

Open Internet Explorer,
Select Tools,
Select Internet Options
Select Delete Cookies and Delete Files(Check the box for Delete all offline content)

Go to Start,
Select All Programs
Select Accessories
Select System Tools
Select and Run Disk Cleanup(Make sure that all boxes are checked for cleaning!!)


If that last log was from Normal Mode,it appears that there is No Antivirus or Firewall on this PC!

That only means we are both wasting our time as you are surfing the Internet totally unprotected!

Please let me know what we can so about this!?
  • 0

#28
Pianoman16

Pianoman16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 183 posts
That log was from normal mode. I have the Windows firewall, but no other firewall or antivirus. I do the scans and everything, but I have no real time protection because it makes my pc unbelievably slow. My computer is about 5 years old, so it doesn't have the best technology. i'm only trying to improve it to buy some more time until I can afford a new one. If you have any suggestions for protection that wont slow down my compter, I would be more than willing to listen to them. But I mean, I used to have McAffee Antivirus, McAffee Proffessional Firewall, and Microsoft AntiSpyware all on my computer. When they were there, it took almost 12 minutes before I could use my pc without any kind of lag and things like that. If I tried to use the computer before those 12 minutes I would get a message about virtual memory and it would turn off on me. So if there is anything you can suggest i would be more than greatful! :tazz:
  • 0

#29
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Thats quite the loaded question!

Give this Antivirus a shot and see what happens,if nothing else,configure the PC so it doesnt have to load at startup,but dont access the Internet until the AV has been enabled!

Antivir
http://www.free-av.com/
  • 0

#30
Pianoman16

Pianoman16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 183 posts
Downloaded and now using it! My computers a little slower than before, but now I feel protected! :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP