Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SearchToolbar


  • Please log in to reply

#46
DeSade

DeSade

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 377 posts
I ran Housecall and this is the result

No virus
No worm/trojan
no spyware
53 vunerabilities detected

What we checked:
Microsoft known security vulnerabilities. These are issues Microsoft has identified and released Critical Updates to fix.
Results:
We have detected 53 vulnerability/vulnerabilities on your computer. Only 0 out of 0 vulnerabilities are displayed.
Risk Level Issue How to Fix
Critical This vulnerability allows a remote attacker to conduct unauthorized activities via the Show Me function in Office Help, since Office 2000 UA ActiveX Control is marked as safe for scripting. MS00-034
Critical This vulnerability allows attackers to execute macros without user warning. It is done by linking a Rich Text Format document to a template that contains an embedded macro. MS01-028
Critical This vulnerability enables a remote attacker to execute arbitrary code by creating an .MP3 or .WMA file that contains a corrupt custom attribute. This is caused by a buffer overflow in the Windows Shell function in Microsoft Windows XP. MS02-072
Highly Critical This vulnerability enables local users to execute arbitrary code through an RPC call. This is caused by a buffer overflow in the RPC Locator service for Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP. MS03-001
Highly Critical This vulnerability enables a remote attacker to execute arbitrary code through a WebDAV request to IIS 5.0. This is caused by a buffer overflow in NTDLL.DLL on Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP. MS03-007
Highly Critical This vulnerability enables a remote attacker to execute any file that can be rendered as text, and be opened as part of a page in Internet Explorer. MS03-014
Critical This vulnerability enables a remote attacker to cause a denial of service and execute arbitrary code through a specially formed web page or HTML e-mail. This is caused by a flaw in the way the HTML converter for Microsoft Windows handles a conversion request during a cut-and-paste operation. MS03-023
Highly Critical These vulnerabilities, which are due to Internet Explorer not properly determining an object type returned from a Web server in a popup window or during XML data binding, respectively, could allow an attacker to run arbitrary code on a user's system. MS03-040
Critical This vulnerability allows a remote attacker to execute arbitrary code without user approval. This is caused by the authenticode capability in Microsoft Windows NT through Server 2003 not prompting the user to download and install ActiveX controls when system is low on memory. MS03-041
Critical This vulnerability allows a remote attacker to execute arbitrary code on the affected system. This is caused of a buffer overflow in the Messenger Service for Windows NT through Server 2003. MS03-043
Important This vulnerability is due to a buffer overrun in the ListBox and ComboBox controls found in User32.dll. Any program that implements the ListBox control or the ComboBox control could allow arbitrary code to be executed at the same privilege level. This vulnerability cannot be exploited remotely. MS03-045
Critical This vulnerability could allow an attacker to access information from other Web sites, access files on a user's system, and run arbitrary code on a user's system, wherein this is executed under the security context of the currently logged on user.;This vulnerability could allow an attacker to save a file on the users system. This is due to dynamic HTML events related to the drag-and-drop of Internet Explorer.;This vulnerability, which is due to the incorrect parsing of URLs which contain special characters, could allow an attacker to trick a user by presenting one URL in the address bar, wherein it actually contains the content of another web site of the attackers choice. MS04-004
Critical The MHTML URL Processing Vulnerability allows remote attackers to bypass domain restrictions and execute arbitrary code via script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers.This could allow an attacker to take complete control of an affected system. MS04-013
Critical This vulnerability exists in the Help and Support Center (HCP) and is due to the way it handles HCP URL validation. This vulnerability could allow an attacker to remotely execute arbitrary code with Local System privileges. MS04-015
Moderate A denial of service (DoS) vulnerability exists in Outlook Express that could cause the said program to fail. The malformed email should be removed before restarting Outlook Express in order to regain its normal operation. MS04-018
Critical This vulnerability lies in an unchecked buffer within the Task Scheduler component. When exploited, it allows the attacker to execute arbitrary code on the affected machine with the same privileges as the currently logged on user. MS04-022
Critical An attacker who successfully exploits this vulnerability could gain the same privileges as that of the currently logged on user. If the user is logged in with administrative privileges, the attacker could take complete control of the system. User accounts with fewer privileges are at less risk than users with administrative privileges. MS04-023
Critical The Navigation Method Cross-Domain Vulnerability is a remote execution vulnerability that exists in Internet Explorer because of the way that it handles navigation methods. An attacker could exploit this vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visits a malicious Web site.;The Malformed BMP File Buffer Overrun Vulnerability exists in the processing of BMP image file formats that could allow remote code execution on an affected system.;The Malformed GIF File Double Free Vulnerability is a buffer overrun vulnerability that exists in the processing of GIF image file formats that could allow remote code execution on an affected system. MS04-025
Critical This vulnerability lies in the way the affected components process JPEG image files. An unchecked buffer within this process is the cause of the vulnerability.;This remote code execution vulnerability could allow a malicious user or a malware to take complete control of the affected system if the affected user is currently logged on with administrative privileges. The malicious user or malware can execute arbitrary code on the system giving them the ability to install or run programs and view or edit data with full privileges. Thus, this vulnerability can conceivably be used by a malware for replication purposes. MS04-028
Important An unchecked buffer exists in the NetDDE services that could allow remote code execution. An attacker who is able to successfully exploit this vulnerability is capable of gaining complete control over an affected system. However, the NetDDe services are not automatically executed, and so would then have to be manually started for an attacker to exploit this vulnerability. This vulnerability also allows attackers to perform a local elevation of privilege, or a remote denial of service (DoS) attack. MS04-031
Critical This cumulative release from Microsoft covers four newly discovered vulnerabilities: Windows Management Vulnerability, Virtual DOS Machine Vulnerability, Graphics Rendering Engine Vulnerability, and Windows Kernel Vulnerability. MS04-032
Critical This is another privately reported vulnerability about Windows Compressed Folders. There is vulnerability on the way that Windows processes Compressed (Zipped) Folders that could lead to remote code execution. Windows can not properly handle the extraction of the ZIP folder with a very long file name. Opening a specially crafted compressed file, a stack-based overflow occurs, enabling the remote user to execute arbitrary code. MS04-034
Critical This security bulletin focuses on the following vulnerabilities: Shell Vulnerability (CAN-2004-0214), and Program Group Converter Vulnerability (CAN-2004-0572). Shell vulnerability exists on the way Windows Shell launches applications that could enable remote malicious user or malware to execute arbitrary code. Windows Shell function does not properly check the length of the message before copying to the allocated buffer. Program Group Converter is an application used to convert Program Manager Group files that were produced in Windows 3.1, Windows 3.11, Windows for Workgroups 3.1, and Windows for Workgroups 3.11 so that they can still be used by later operating systems. The vulnerability lies in an unchecked buffer within the Group Converter Utility. MS04-037
Critical This is a remote code execution vulnerability that exists in the Internet Explorer. It allows remote code execution on an affected system. An attacker could exploit this vulnerability by constructing a malicious Web Page. The said routine could allow remote code execution if a user visited a malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, significant user interaction is required to exploit this vulnerability. MS04-038
Critical This security update addresses and resolves a vulnerability in Internet Explorer that could allow remote code execution. A Web page can be crafted to exploit this vulnerability such that an arbitrary application can be executed on visiting systems with the same priviledge as the currently logged on user. MS04-040
Important This security advisory explains the two discovered vulnerabilities in Microsoft Word for Windows 6.0 Converter, which is used by WordPad in converting Word 6.0 to WordPad file format. Once exploited, this remote code execution vulnerability could allow a malicious user or a malware to take complete control of the affected system if the affected user is currently logged on with administrative privileges. MS04-041
Important This security update addresses and resolves two windows vulnerabilites, both of which may enable the current user to take control of the affected system. Both of these vulnerabilites require that the curernt user be able to log on locally and execute programs. They cannot be exploited remotely, or by anonymous users. A privilege elevation vulnerability exists in the way that the Windows Kernel launches applications. This vulnerability could allow the current user to take complete control of the system. A privilege elevation vulnerability exists in the way that the LSASS validates identity tokens. This vulnerability could allow the current user to take complete control of the affected system. MS04-044
Critical This update resolves a newly-discovered, publicly reported vulnerability. A vulnerability exists in the HTML Help ActiveX control in Windows that could allow information disclosure or remote code execution on an affected system. MS05-001
Critical This update resolves several newly-discovered, privately reported and public vulnerabilities. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, install programs, view, change, or delete data, or create new accounts that have full privileges. MS05-002
Important This update resolves a newly-discovered, privately reported vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full privileges. While remote code execution is possible, an attack would most likely result in a denial of service condition. MS05-003
Important A vulnerability in ASP.NET allows an attacker to bypass the security of an ASP.NET Web site, and access a machine. The attacker gains unauthorized access to some areas of the said Web site, and is able to control it accordingly. The actions that the attacker could take would depend on the specific content being protected. MS05-004
Important This is an information disclosure vulnerability. An attacker who successfully exploits this vulnerability could remotely read the user names for users who have an open connection to an available shared resource. MS05-007
Important This remote code execution vulnerability exists in the way Windows handles drag-and-drop events. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow an attacker to save a file on the users system if a user visited a malicious Web site or viewed a malicious e-mail message. MS05-008
Critical This remote code execution vulnerability exists in the processing of PNG image formats. An attacker who successfully exploits this vulnerability could take complete control of an affected system. MS05-009
Critical This remote code execution vulnerability exists in Server Message Block (SMB). It allows an attacker who successfully exploits this vulnerability to take complete control of the affected system. MS05-011
Critical This privilege elevation vulnerability exists in the way that the affected operating systems and programs access memory when they process COM structured storage files. This vulnerability could grant a currently logged-on user to take complete control of the system.;This remote code execution vulnerability exists in OLE because of the way that it handles input validation. An attacker could exploit the vulnerability by constructing a malicious document that could potentially allow remote code execution. MS05-012
Critical This vulnerability exists in the DHTML Editing Component ActiveX Control. This vulnerability could allow information disclosure or remote code execution on an affected system. MS05-013
Critical This update resolves known vulnerabilities affecting Internet Explorer. An attacker who successfully exploits these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. MS05-014
Critical A remote code execution vulnerability exists in the Hyperlink Object Library. This problem exists because of an unchecked buffer while handling hyperlinks. An attacker could exploit the vulnerability by constructing a malicious hyperlink which could potentially lead to remote code execution if a user clicks a malicious link within a Web site or e-mail message. MS05-015
Important A remote code execution vulnerability exists in the Windows Shell because of the way that it handles application association. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of the affected system. However, user interaction is required to exploit this vulnerability. MS05-016
Important A remote code execution vulnerability exists in Message Queuing that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. MS05-017
Important This security bulletin resolves newly-discovered, privately-reported vulnerabilities affecting Windows. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. MS05-018
Critical This security bulletin resolves newly discovered, privately-reported vulnerabilities affecting Windows. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. However, an attacker who successfully exploited the most severe of these vulnerabilities would most likely cause the affected system to stop responding. MS05-019
Critical This security bulletin resolves three newly-discovered, privately-reported vulnerabilities affecting Internet Explorer. If a user is logged on with administrative user rights, an attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. MS05-020
Critical This security bulletin resolves the following vulnerabilities affecting Internet Explorer.; The PNG Image Rendering Memory Corruption vulnerability could allow an attacker to execute arbitrary code on the system because of a vulnerability in the way Internet Explorer handles PNG images.; The XML Redirect Information Disclosure vulnerability could allow an attacker to read XML data from another Internet Explorer domain because of a vulnerability in the way Internet Explorer handles certain requests to display XML content. MS05-025
Critical HTML Help is the standard help system for the Windows platform. Authors can use it to create online Help files for a software application or content for a multimedia title or a Web site. This vulnerability in HTML Help could allow attackers to execute arbitrary code on the affected system via a specially crafted Compiled Windows Help (CHM) file, because it does not completely validate input data. MS05-026
Critical A remote code execution vulnerability exists in the Microsofts implementation of the Server Message Block (SMB) protocol, which could allow an attacker to execute arbitrary codes to take complete control over a target system. This vulnerability could be exploited over the Internet. An attacker would have to transmit a specially crafted SMB packet to a target system to exploit it. However, failure to successfully exploit the vulnerability could only lead to a denial of service. MS05-027
Important A vulnerability exists in the way that Windows processes Web Client requests, which could allow a remote attacker to execute arbitrary code and take complete control over the affected system. MS05-028
Important A remote code execution vulnerability exists in Outlook Express when it is used as a newsgroup reader. An attacker could exploit this vulnerability by constructing a malicious newsgroup server that could that potentially allow remote code execution if a user queried the server for news. MS05-030
Moderate This vulnerability could enable an attacker to spoof trusted Internet content because security prompts can be disguised by a Microsoft Agent character. MS05-032
Moderate This vulnerability in the Microsoft Telnet client could allow an attacker to gain sensitive information about the affected system and read the session variables of users who have open connections to a malicious Telnet server. MS05-033
Critical This vulnerability could allow a remote attacker to execute arbitrary codes on the affected system via a malicious image file in a Web site or email message. This vulnerability exists because of the way Microsoft Color Management Module handles ICC profile format tag validation. MS05-036
Critical A COM object, the JView Profiler (Javaprxy.dll), contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system by hosting a malicious Web site. MS05-037


AVG is still popping up with Trojan errors and I still have that [bleep] MS XP bubble warning me of spyware activity.

the comp is still very slow on boot also.
  • 0

Advertisements


#47
bricat

bricat

    Visiting Staff

  • Visiting Consultant
  • 645 posts
It looks like it's time to bite the bullet and bring the big guns in. :tazz:


Print these instructions out or save them to notepad as you'll be working in Safe Mode later without internet access.


Please download Micro$oft Anti-Spyware Beta from here:
http://www.microsoft...re/default.mspx

Update the spyware database by clicking on *Spyware Definitions*.
Download the update and then close the program.



Please then empty the quarantine folders of any anti-virus or anti-spyware programs you may have and empty your recycle bin.


Download the trial version of Kapsperskey Anti-Virus from here:

http://downloads1.ka..._personalen.exe

Choose *save* and it should create and save to a KAV folder on your hard drive.

Before installing it, YOU MUST disable your own Anti-Virus program first. Go to Start > Run and type msconfig in the run box. Click on the "Startup" tab, and uncheck all the startups relating to your AntiVirus and then reboot.

Navigate to the KAV folder and doubleclick on kav5.0trial_personalen.exe to install it.

Next you will see the Kaspersky Anti-Virus Personal 5.0 Setup Wizard. It will advise you to close all other applications before starting setup. Do that and then press *Next* to continue.

After the 'Customer Information screen' you will be presented with some important KAV notes. Please remove the green checkmark from the box at the bottom that says *Operate according to Recommended settings* This is so we can do a custom install.

On the next screen, please uncheck the box for *use real-time protection against network attacks*. This has been known to cause problems on PCs running certain firewalls, you can try enabling it later after the initial install and scan. Also uncheck the *Use iStreams Technology* box.

Follow the prompts to finish the installation.

KAV will now open. If you are running a firewall, allow KAV to connect to get the updates it needs. Wait while the updates are downloaded and installed.

Now get the *extended database* of updates as well. Look under *Settings*, and then *Configure Updater* Choose Extended Database. Click *OK* and then Check for Updates and you will get another smaller update which will install.

Now click on *Settings* and choose *Configure On-demand scan settings* and select *Perform recommended action* and click *OK*. Set the scan level to maximum, just to be sure that nothing is hiding in an email database.

Now reboot into Safe Mode. See here if you don't know how to do this.

Now Start a full system scan. Click on the protection tab and Choose *Scan My Computer*. When the scan has finished (could be several hours later), click on *View reports* under the Protection tab.

When you go to View Reports, you will see a list. Right-click on the report *Full Scan* and a menu opens: choose *export detailed report to file* which allows you to save the log. It defaults as a .csv file, but you can save it as .txt. Give it a name and click *save* to save the log and then close KAV.


While still in Safe Mode, open Microsoft Anti-Spyware and run a full system scan.
Let it remove everything it finds. Once done, reboot back to normal mode and post a fresh HijackThis log and KAV log for inspection.
  • 0

#48
DeSade

DeSade

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 377 posts
Logfile of HijackThis v1.99.1
Scan saved at 9:50:49 a.m., on 6/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\Program Files\ewido\security suite\ewidoctrl.exe
G:\WINDOWS\System32\nvsvc32.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\SOUNDMAN.EXE
G:\WINDOWS\System32\RUNDLL32.EXE
G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
G:\WINDOWS\System32\wuauclt.exe
G:\Program Files\Mozilla Firefox\firefox.exe
E:\Pauls Documents\spywareremovaltools\HijackThis.exe

O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hgqhp.exe] G:\WINDOWS\System32\hgqhp.exe
O4 - HKLM\..\Run: [dmsst.exe] G:\WINDOWS\System32\dmsst.exe
O4 - HKLM\..\Run: [MSConfig] G:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [KAVPersonal50] "G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Office2000\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://g:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://g:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://g:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://g:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://g:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/...bGameLoader.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122556946093
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/gf.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/...WebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9C39F86-0C4E-4D3E-9592-17EB9576A4F3}: NameServer = 202.27.158.40,202.27.156.72
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC049923-DCC2-4D99-8AE8-9E637BBAD3C0}: NameServer = 202.27.158.40,202.27.156.72
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - G:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: kavsvc - Kaspersky Lab - G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe


Statistics:
Start time: 5/08/2005 10:31:27 p.m.
Completion time: 6/08/2005 1:01:41 a.m.
Objects scanned: 304737
Dangerous objects detected: 9
Viruses disinfected: 0
Objects deleted: 5
Objects quarantined: 0

Settings:
Objects to scan:
My Computer
If a dangerous object is detected:
Perform recommended action
Scan level:
Maximum Protection
Exclusions from the scan scope:
Option not used

Report:
D:\games\bioware\nwn\zip\Darkness\fantushakset.rar\fantustiles.hak processing error 5/08/2005 11:11:04 p.m.
D:\games\lucasarts\battlefront\Install\syscheck.exe is a Trojan Trojan-PSW.Win32.QQspy.f 5/08/2005 11:39:38 p.m.
D:\games\lucasarts\battlefront\Install\syscheck.exe moved to the backup storage 5/08/2005 11:39:38 p.m.
D:\games\lucasarts\battlefront\Install\syscheck.exe deleted 5/08/2005 11:39:38 p.m.
D:\xtraD\Email 03, September, 2004.pst\Personal Folders\Top of Personal Folders\Sent Items\[From:DeSade][Subject:FW: do not give up!][Time:2004/02/27 13:21:40]\violence.zip\violence.exe is infected with a virus Email-Worm.Win32.NetSky.c 5/08/2005 11:49:18 p.m.
D:\xtraD\Email 03, September, 2004.pst error moving to the backup storage 5/08/2005 11:49:18 p.m.
D:\xtraD\Email 03, September, 2004.pst\Personal Folders\Top of Personal Folders\Sent Items\[From:DeSade][Subject:FW: do not give up!][Time:2004/02/27 13:21:40]\violence.zip\violence.exe deleted 5/08/2005 11:49:18 p.m.
D:\xtraD\Email 03, September, 2004.pst\Personal Folders\Top of Personal Folders\Sent Items\[From:DeSade][Subject:FW: classroom test of you?][Time:2004/02/28 09:35:44]\update_image.zip\update_image.doc.exe is infected with a virus Email-Worm.Win32.NetSky.c 5/08/2005 11:49:18 p.m.
D:\xtraD\Email 03, September, 2004.pst error moving to the backup storage 5/08/2005 11:49:18 p.m.
D:\xtraD\Email 03, September, 2004.pst\Personal Folders\Top of Personal Folders\Sent Items\[From:DeSade][Subject:FW: classroom test of you?][Time:2004/02/28 09:35:44]\update_image.zip\update_image.doc.exe deleted 5/08/2005 11:49:18 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\Ad-Aware SE Default.skn password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\arrow1.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\arrow2.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\bck1.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\bt11.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\bt12.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\bt13.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\bt21.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\bt22.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\bt23.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\bt31.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\bt32.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\bt33.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\bt41.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\bt42.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\bt43.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\bt51.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\bt52.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\bt53.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\bt61.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\bt62.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\checkbox1.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\checkbox2.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\checkbox3.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\checkbox4.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\defbtn1.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\defbtn2.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\defbtn3.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\glyph1.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\glyph2.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\glyph3.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\glyph4.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\glyph5.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\glyph6.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\glyph7.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\main.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\preview.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\aawsepersonal.exe/WISE0020.BIN\sprite1.bmp password protected, has not been processed 5/08/2005 11:57:52 p.m.
E:\Pauls Documents\spywareremovaltools\l2mfix.exe\l2mfix/Process.exe is a riskware not-a-virus:RiskTool.Win32.Processor.20 6/08/2005 12:02:29 a.m.
E:\Pauls Documents\spywareremovaltools\l2mfix.exe object could not be disinfected, "Report only" option selected 6/08/2005 12:02:30 a.m.
E:\Pauls Documents\spywareremovaltools\l2mfix.exe is a riskware not-a-virus:RiskTool.Win32.Processor.20 6/08/2005 12:02:30 a.m.
E:\Pauls Documents\My Backup Data\Email Backup 03, Sept, 2004.pst\Personal Folders\Top of Personal Folders\Sent Items\[From:DeSade][Subject:FW: do not give up!][Time:2004/02/27 13:21:40]\violence.zip\violence.exe is infected with a virus Email-Worm.Win32.NetSky.c 6/08/2005 12:21:00 a.m.
E:\Pauls Documents\My Backup Data\Email Backup 03, Sept, 2004.pst error moving to the backup storage 6/08/2005 12:21:00 a.m.
E:\Pauls Documents\My Backup Data\Email Backup 03, Sept, 2004.pst\Personal Folders\Top of Personal Folders\Sent Items\[From:DeSade][Subject:FW: do not give up!][Time:2004/02/27 13:21:40]\violence.zip\violence.exe deleted 6/08/2005 12:21:00 a.m.
E:\Pauls Documents\My Backup Data\Email Backup 03, Sept, 2004.pst\Personal Folders\Top of Personal Folders\Sent Items\[From:DeSade][Subject:FW: classroom test of you?][Time:2004/02/28 09:35:44]\update_image.zip\update_image.doc.exe is infected with a virus Email-Worm.Win32.NetSky.c 6/08/2005 12:21:00 a.m.
E:\Pauls Documents\My Backup Data\Email Backup 03, Sept, 2004.pst error moving to the backup storage 6/08/2005 12:21:00 a.m.
E:\Pauls Documents\My Backup Data\Email Backup 03, Sept, 2004.pst\Personal Folders\Top of Personal Folders\Sent Items\[From:DeSade][Subject:FW: classroom test of you?][Time:2004/02/28 09:35:44]\update_image.zip\update_image.doc.exe deleted 6/08/2005 12:21:00 a.m.
E:\Pauls Documents\Incomplete\l2mfix.exe\l2mfix/Process.exe is a riskware not-a-virus:RiskTool.Win32.Processor.20 6/08/2005 12:26:38 a.m.
E:\Pauls Documents\Incomplete\l2mfix.exe object could not be disinfected, "Report only" option selected 6/08/2005 12:26:38 a.m.
E:\Pauls Documents\Incomplete\l2mfix.exe is a riskware not-a-virus:RiskTool.Win32.Processor.20 6/08/2005 12:26:38 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip\related.htm password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW.zip\sbRecovery.reg password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW1.zip\sbRecovery.reg password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW1.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CWSWinSecurityCenter.zip\XXX personal photos.url password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CWSWinSecurityCenter.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CWSWinSecurityCenter1.zip\SPYWARE.url password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CWSWinSecurityCenter1.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CWSWinSecurityCenter10.zip\sbRecovery.reg password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CWSWinSecurityCenter10.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CWSWinSecurityCenter2.zip\Spyware Uninstall.url password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CWSWinSecurityCenter2.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CWSWinSecurityCenter3.zip\Remove Toolbars.url password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CWSWinSecurityCenter3.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CWSWinSecurityCenter4.zip\Play Adult-Poker.url password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CWSWinSecurityCenter4.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CWSWinSecurityCenter5.zip\Online Sex Poker Rooms.url password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CWSWinSecurityCenter5.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CWSWinSecurityCenter6.zip\Kill Annoying Popups.url password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CWSWinSecurityCenter6.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CWSWinSecurityCenter7.zip\[bleep] Real Girls.url password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CWSWinSecurityCenter7.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CWSWinSecurityCenter8.zip\Free Online Dating.url password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CWSWinSecurityCenter8.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CWSWinSecurityCenter9.zip\AdultGambling.url password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CWSWinSecurityCenter9.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA.zip\sbRecovery.reg password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer.zip\sbRecovery.reg password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy.zip\sbRecovery.reg password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy1.zip\sbRecovery.reg password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy1.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy2.zip\sbRecovery.reg password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy2.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingeXactSearchbar.zip\sbRecovery.reg password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingeXactSearchbar.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTbar.zip\sbRecovery.reg password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTbar.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTbar1.zip\sbRecovery.reg password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTbar1.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTbar2.zip\sbRecovery.reg password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTbar2.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc.zip\sbRecovery.reg password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:29 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan.zip\sbRecovery.reg password protected, has not been processed 6/08/2005 12:36:30 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:30 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind.zip\sbRecovery.reg password protected, has not been processed 6/08/2005 12:36:30 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:30 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SexList.zip\sbRecovery.reg password protected, has not been processed 6/08/2005 12:36:30 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SexList.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:30 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Targetsaver.zip\tsuninst.exe password protected, has not been processed 6/08/2005 12:36:30 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Targetsaver.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:30 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Targetsaver1.zip\sbRecovery.reg password protected, has not been processed 6/08/2005 12:36:30 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Targetsaver1.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:30 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Targetsaver2.zip\sbRecovery.reg password protected, has not been processed 6/08/2005 12:36:30 a.m.
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Targetsaver2.zip\sbRecovery.ini password protected, has not been processed 6/08/2005 12:36:30 a.m.
G:\Documents and Settings\Paul\Desktop\l2mfix\Process.exe is a riskware not-a-virus:RiskTool.Win32.Processor.20 6/08/2005 12:37:34 a.m.
G:\Documents and Settings\Paul\Desktop\l2mfix\Process.exe object could not be disinfected, object cannot be disinfected 6/08/2005 12:37:34 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow1.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow2.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bck1.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt11.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt12.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt13.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt21.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt22.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt23.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt31.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt32.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt33.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt41.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt42.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt43.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt51.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt52.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt53.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt61.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt62.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox1.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox2.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox3.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox4.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn1.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn2.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn3.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph1.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph2.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph3.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph4.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph5.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph6.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph7.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\main.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\preview.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\sprite1.bmp password protected, has not been processed 6/08/2005 12:44:59 a.m.
G:\WINDOWS\Downloaded Program Files\popcaploader.dll is a riskware not-a-virus:Downloader.Win32.PopCap.c 6/08/2005 12:51:26 a.m.
G:\WINDOWS\Downloaded Program Files\popcaploader.dll object could not be disinfected, object cannot be disinfected 6/08/2005 12:51:26 a.m.
G:\WINDOWS\system32\cyoPrBr1.ocx password protected, has not been processed 6/08/2005 12:58:32 a.m.
  • 0

#49
bricat

bricat

    Visiting Staff

  • Visiting Consultant
  • 645 posts
Rerun HJT,and put a checkmark beside these :-

O4 - HKLM\..\Run: [hgqhp.exe] G:\WINDOWS\System32\hgqhp.exe
O4 - HKLM\..\Run: [dmsst.exe] G:\WINDOWS\System32\dmsst.exe


now close all windows and browsers and click FIX CHECKED


Click Start> Run and type MSConfig in the 'Run' box. When the System Configuration Utility opens, click on the 'Startup Tab' and make sure there is a checkmark beside each entry. Also check the 'General Tab' has the "normal startup" option checked. REBOOT when asked to by Windows to complete the change.


then reboot and post a fresh Hijackthis log.
  • 0

#50
DeSade

DeSade

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 377 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:47:43 a.m., on 6/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\Program Files\ewido\security suite\ewidoctrl.exe
G:\WINDOWS\System32\nvsvc32.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\SOUNDMAN.EXE
G:\WINDOWS\System32\RUNDLL32.EXE
G:\Program Files\TrojanHunter 4.2\THGuard.exe
G:\Program Files\Microsoft AntiSpyware\gcasServ.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
G:\WINDOWS\System32\wuauclt.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
E:\Pauls Documents\spywareremovaltools\HijackThis.exe

O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KAVPersonal50] "G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [THGuard] "G:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [NeroCheck] G:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "G:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Office2000\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://g:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://g:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://g:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://g:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://g:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/...bGameLoader.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122556946093
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/gf.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/...WebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9C39F86-0C4E-4D3E-9592-17EB9576A4F3}: NameServer = 202.27.158.40,202.27.156.72
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC049923-DCC2-4D99-8AE8-9E637BBAD3C0}: NameServer = 202.27.158.40,202.27.156.72
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - G:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: kavsvc - Kaspersky Lab - G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe



Boot up is still very slow, its a big issue for me.
  • 0

#51
bricat

bricat

    Visiting Staff

  • Visiting Consultant
  • 645 posts
Rerun HJT,and put a checkmark beside these :-

O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "G:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [NeroCheck] G:\WINDOWS\System32\NeroCheck.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Office2000\Office\OSA9.EXE

now close all windows and browsers and click FIX CHECKED

you are not deleting these entries, just removing them from the startup, they can be started any time you need them.

let us know if that helps.
  • 0

#52
DeSade

DeSade

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 377 posts
It shaved approx 45 - 60 seconds off the boot time, now its around 6 minutes.

Still very slow.
  • 0

#53
bricat

bricat

    Visiting Staff

  • Visiting Consultant
  • 645 posts
go to msconfig again and uncheck anything belonging to ewido and kaspersky.
and click APPLY.

can you please let me know the specs on your computer, ram,processor, etc.

Edited by bricat, 06 August 2005 - 01:43 AM.

  • 0

#54
DeSade

DeSade

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 377 posts
Ewido isn't running as a default and Kaspersky only took about 15 secounds off the boot time and thats well within the margin of error.

Specs

AMD Athlon 2500+
1024MB Ram
Nvidia GeForce 6 6600 GT with 128MB Ram
Direct X 9.0c
Onboard Realtek 97 sound
13gig main harddrive with OS installed
80 gig secondary harddrive
Nvidia NForce2 Mainboard chipset

anything else needed?
  • 0

#55
bricat

bricat

    Visiting Staff

  • Visiting Consultant
  • 645 posts
Download CCLEANER

then run the scan under the windows tab.


then DEFRAG your C:\ drive.

to help speed up your system.

then let us know if there is any change.
  • 0

Advertisements


#56
DeSade

DeSade

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 377 posts
Done the CCleaner, defrag will take ages, will do it overnight and let you know tomorrow.
  • 0

#57
bricat

bricat

    Visiting Staff

  • Visiting Consultant
  • 645 posts
no worries. :tazz:
  • 0

#58
DeSade

DeSade

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 377 posts
Defrag took another 40 seconds off boot time so we are down to approx 5.5 minutes.

Its better but still not great.
  • 0

#59
bricat

bricat

    Visiting Staff

  • Visiting Consultant
  • 645 posts
mine takes over 4 minutes, so i don't think it's too bad.

how is the computer running besides the slow boot up.

try this little program - STARTUP INSPECTOR

it will tell you what you can remove from start up to speed up your boot.

Edited by bricat, 06 August 2005 - 05:39 PM.

  • 0

#60
DeSade

DeSade

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 377 posts
Actually the computer is still running like a dog. apps take ages to start, it crashes randomly for no apparant reason (and xp isn't susposed to crash at all).

Also are we finished cleaning yet?

If so can you tell me which of these programmes I should keep
which I should keep but not run constantly
and which I should keep and keep running

cause I have a LOT of different scanners etc now.

My next stop after here is have a look around the rest of this site and hopefully get some help sorting out the random crashes.

Edited by DeSade, 06 August 2005 - 06:17 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP