Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Hi all plz help! My pc freezes again =(

Started by paperone , Aug 24 2005 04:40 AM

This topic is locked

#16
Guest_thatman_*

Posted 31 August 2005 - 11:04 AM

Guest

Hi paperone

Yes please run the reg fix.

Then post back.

Kc :tazz:

#17
paperone

Posted 31 August 2005 - 01:11 PM

Member

Topic Starter
Member
46 posts

Hi thatman I realy apreciate your help in this.

Here is the panda scan again:

Incident Status Location

Dialer:dialer.bjp No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\USER AGENT
Spyware:spyware/bargainbuddy No disinfected Windows Registry

Here is the new Hijackthislog:

Logfile of HijackThis v1.99.1
Scan saved at 21:10:12, on 2005-08-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program\Analog Devices\SoundMAX\SMTray.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\ALWILS~1\Avast4\ashDisp.exe
C:\windows\system32\ctfmon.exe
C:\Program\Skype\Phone\Skype.exe
C:\Program\Delade filer\EPSON\EBAPI\eEBSVC.exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe
C:\Program\ewido\security suite\ewidoctrl.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program\Alwil Software\Avast4\ashMaiSv.exe
C:\Program\Alwil Software\Avast4\ashWebSv.exe
C:\windows\System32\alg.exe
C:\Program\Mozilla Firefox\firefox.exe
E:\Programmi utili\vecchi\help program\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Smapp] C:\Program\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ccleaner] "C:\Program\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq..._Non_Member.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program\Delade filer\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido\security suite\ewidoctrl.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program\TuneUp Utilities 2004\WinStylerThemeSvc.exe

(PC did it again during the time we are trying to fix it freezed grrr :tazz:

stupid machine)

THX

regards

paperone

Edited by paperone, 31 August 2005 - 01:13 PM.

#18
paperone

Posted 31 August 2005 - 01:27 PM

Member

Topic Starter
Member
46 posts

Hi I even send you a new scan I made with Adaware:

Ad-Aware SE Build 1.06r1
Logfile Created on:den 31 augusti 2005 21:18:31
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R64 31.08.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Favoriteman(TAC index:8):4 total references
MRU List(TAC index:0):11 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R63 24.08.2005
Internal build : 73
File location : C:\Program\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 512535 Bytes
Total size : 1543974 Bytes
Signature data size : 1510909 Bytes
Reference data size : 32553 Bytes
Signatures total : 42991
CSI Fingerprints total : 1029
CSI data size : 36589 Bytes
Target categories : 15
Target families : 736

2005-08-31 21:16:52 Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R64 31.08.2005
Internal build : 74
File location : C:\Program\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 515383 Bytes
Total size : 1551653 Bytes
Signature data size : 1518542 Bytes
Reference data size : 32599 Bytes
Signatures total : 43185
CSI Fingerprints total : 1032
CSI data size : 36709 Bytes
Target categories : 15
Target families : 740

2005-08-31 21:17:00 Success
Update successfully downloaded and installed.

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:64 %
Total physical memory:1048096 kb
Available physical memory:662980 kb
Total page file size:2521136 kb
Available on page file:2263212 kb
Total virtual memory:2097024 kb
Available virtual memory:2043000 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

2005-08-31 21:18:31 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Administratör\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-1409082233-1604221776-839522115-500\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-1409082233-1604221776-839522115-500\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-1409082233-1604221776-839522115-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-1409082233-1604221776-839522115-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-1409082233-1604221776-839522115-500\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-1409082233-1604221776-839522115-500\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer

MRU List Object Recognized!
Location: : S-1-5-21-1409082233-1604221776-839522115-500\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 564
ThreadCreationTime : 2005-08-31 18:49:07
BasePriority : Normal

#:2 [csrss.exe]
ModuleName : \??\C:\windows\system32\csrss.exe
Command Line : C:\windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 628
ThreadCreationTime : 2005-08-31 18:49:08
BasePriority : Normal

#:3 [winlogon.exe]
ModuleName : \??\C:\windows\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 656
ThreadCreationTime : 2005-08-31 18:49:10
BasePriority : High

#:4 [services.exe]
ModuleName : C:\windows\system32\services.exe
Command Line : C:\windows\system32\services.exe
ProcessID : 700
ThreadCreationTime : 2005-08-31 18:49:10
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Operativsystemet Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Tjänst- och styrenhetsprogram
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Med ensamrätt.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\windows\system32\lsass.exe
Command Line : C:\windows\system32\lsass.exe
ProcessID : 712
ThreadCreationTime : 2005-08-31 18:49:10
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
ModuleName : C:\windows\system32\Ati2evxx.exe
Command Line : C:\windows\system32\Ati2evxx.exe
ProcessID : 864
ThreadCreationTime : 2005-08-31 18:49:10
BasePriority : Normal
FileVersion : 6.14.10.4118
ProductVersion : 6.14.10.4118.02
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:7 [svchost.exe]
ModuleName : C:\windows\system32\svchost.exe
Command Line : C:\windows\system32\svchost -k DcomLaunch
ProcessID : 876
ThreadCreationTime : 2005-08-31 18:49:10
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\windows\system32\svchost.exe
Command Line : C:\windows\system32\svchost -k rpcss
ProcessID : 980
ThreadCreationTime : 2005-08-31 18:49:11
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [winstylerthemesvc.exe]
ModuleName : C:\Program\TuneUp Utilities 2004\WinStylerThemeSvc.exe
Command Line : "C:\Program\TuneUp Utilities 2004\WinStylerThemeSvc.exe"
ProcessID : 992
ThreadCreationTime : 2005-08-31 18:49:11
BasePriority : Normal
FileVersion : 1.0.0.78
ProductVersion : 4.0.0.0
ProductName : TuneUp Utilities
CompanyName : TuneUp Software GmbH
FileDescription : TuneUp WinStyler Theme Service
LegalCopyright : © 1996-2003 TuneUp Software GmbH

#:10 [svchost.exe]
ModuleName : C:\windows\System32\svchost.exe
Command Line : C:\windows\System32\svchost.exe -k netsvcs
ProcessID : 1144
ThreadCreationTime : 2005-08-31 18:49:11
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
ModuleName : C:\windows\System32\svchost.exe
Command Line : C:\windows\System32\svchost.exe -k NetworkService
ProcessID : 1184
ThreadCreationTime : 2005-08-31 18:49:11
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [svchost.exe]
ModuleName : C:\windows\System32\svchost.exe
Command Line : C:\windows\System32\svchost.exe -k LocalService
ProcessID : 1236
ThreadCreationTime : 2005-08-31 18:49:11
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [ati2evxx.exe]
ModuleName : C:\windows\system32\Ati2evxx.exe
Command Line : Ati2evxx.exe -Client
ProcessID : 1604
ThreadCreationTime : 2005-08-31 18:49:12
BasePriority : Normal
FileVersion : 6.14.10.4118
ProductVersion : 6.14.10.4118.02
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:14 [spoolsv.exe]
ModuleName : C:\windows\system32\spoolsv.exe
Command Line : C:\windows\system32\spoolsv.exe
ProcessID : 1684
ThreadCreationTime : 2005-08-31 18:49:12
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:15 [explorer.exe]
ModuleName : C:\windows\Explorer.EXE
Command Line : C:\windows\Explorer.EXE
ProcessID : 1700
ThreadCreationTime : 2005-08-31 18:49:12
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Operativsystemet Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Utforskaren
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Med ensamrätt.
OriginalFilename : EXPLORER.EXE

#:16 [smtray.exe]
ModuleName : C:\Program\Analog Devices\SoundMAX\SMTray.exe
Command Line : "C:\Program\Analog Devices\SoundMAX\SMTray.exe"
ProcessID : 1832
ThreadCreationTime : 2005-08-31 18:49:14
BasePriority : Normal
FileVersion : 3, 2, 17, 0
ProductVersion : 3, 2, 0, 0
ProductName : SoundMAX Integrated Digital Audio
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX System Tray
InternalName : SMTray
LegalCopyright : Copyright © 2003 Analog Devices
OriginalFilename : SMTray.exe

#:17 [atiptaxx.exe]
ModuleName : C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
Command Line : "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"
ProcessID : 1840
ThreadCreationTime : 2005-08-31 18:49:14
BasePriority : Normal
FileVersion : 6.14.10.5160
ProductVersion : 6.14.10.5160
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2005 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:18 [e_s10ic2.exe]
ModuleName : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
Command Line : "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
ProcessID : 1848
ThreadCreationTime : 2005-08-31 18:49:14
BasePriority : Normal
FileVersion : 3.05
ProductVersion : 3.05
ProductName : EPSON Status Monitor 3
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Status Monitor 3
InternalName : E_S10IC2
LegalCopyright : Copyright © SEIKO EPSON CORP. 2002
OriginalFilename : E_S10IC2.EXE

#:19 [realsched.exe]
ModuleName : C:\Program\Delade filer\Real\Update_OB\realsched.exe
Command Line : "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1856
ThreadCreationTime : 2005-08-31 18:49:14
BasePriority : Normal
FileVersion : 0.1.0.3292
ProductVersion : 0.1.0.3292
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:20 [ashdisp.exe]
ModuleName : C:\Program\ALWILS~1\Avast4\ashDisp.exe
Command Line : "C:\Program\ALWILS~1\Avast4\ashDisp.exe"
ProcessID : 1884
ThreadCreationTime : 2005-08-31 18:49:14
BasePriority : Normal
FileVersion : 4, 6, 665, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright © 2005 ALWIL Software
OriginalFilename : aswDisp.exe

#:21 [ctfmon.exe]
ModuleName : C:\windows\system32\ctfmon.exe
Command Line : "C:\windows\system32\ctfmon.exe"
ProcessID : 1892
ThreadCreationTime : 2005-08-31 18:49:14
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:22 [skype.exe]
ModuleName : C:\Program\Skype\Phone\Skype.exe
Command Line : "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
ProcessID : 2032
ThreadCreationTime : 2005-08-31 18:49:14
BasePriority : Normal

#:23 [eebsvc.exe]
ModuleName : C:\Program\Delade filer\EPSON\EBAPI\eEBSVC.exe
Command Line : "C:\Program\Delade filer\EPSON\EBAPI\eEBSVC.exe"
ProcessID : 504
ThreadCreationTime : 2005-08-31 18:49:21
BasePriority : Normal

#:24 [aswupdsv.exe]
ModuleName : C:\Program\Alwil Software\Avast4\aswUpdSv.exe
Command Line : "C:\Program\Alwil Software\Avast4\aswUpdSv.exe"
ProcessID : 1036
ThreadCreationTime : 2005-08-31 18:49:21
BasePriority : Normal

#:25 [ashserv.exe]
ModuleName : C:\Program\Alwil Software\Avast4\ashServ.exe
Command Line : "C:\Program\Alwil Software\Avast4\ashServ.exe"
ProcessID : 1064
ThreadCreationTime : 2005-08-31 18:49:21
BasePriority : High
FileVersion : 4, 6, 665, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright © 2005 ALWIL Software
OriginalFilename : aswServ.exe

#:26 [sagent2.exe]
ModuleName : C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe
Command Line : "C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe"
ProcessID : 1140
ThreadCreationTime : 2005-08-31 18:49:23
BasePriority : Normal
FileVersion : 2, 2, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : EPSON Bidirectional Printer
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Printer Status Agent
InternalName : SAgent2
LegalCopyright : Copyright © SEIKO EPSON CORP. 2000-2001
OriginalFilename : SAgent2.exe

#:27 [ewidoctrl.exe]
ModuleName : C:\Program\ewido\security suite\ewidoctrl.exe
Command Line : "C:\Program\ewido\security suite\ewidoctrl.exe"
ProcessID : 1196
ThreadCreationTime : 2005-08-31 18:49:23
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:28 [svchost.exe]
ModuleName : C:\windows\System32\svchost.exe
Command Line : C:\windows\System32\svchost.exe -k imgsvc
ProcessID : 1400
ThreadCreationTime : 2005-08-31 18:49:24
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:29 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1532
ThreadCreationTime : 2005-08-31 18:49:24
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:30 [ashmaisv.exe]
ModuleName : C:\Program\Alwil Software\Avast4\ashMaiSv.exe
Command Line : "C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service
ProcessID : 2616
ThreadCreationTime : 2005-08-31 18:49:30
BasePriority : Normal

#:31 [ashwebsv.exe]
ModuleName : C:\Program\Alwil Software\Avast4\ashWebSv.exe
Command Line : "C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service
ProcessID : 2644
ThreadCreationTime : 2005-08-31 18:49:31
BasePriority : Normal

#:32 [alg.exe]
ModuleName : C:\windows\System32\alg.exe
Command Line : C:\windows\System32\alg.exe
ProcessID : 2752
ThreadCreationTime : 2005-08-31 18:49:34
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:33 [ad-aware.exe]
ModuleName : C:\Program\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1944
ThreadCreationTime : 2005-08-31 19:16:39
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Favoriteman Object Recognized!
Type : File
Data : A0001127.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{BE06ABAB-2007-4D24-AD58-7D50024D2A32}\RP3\
FileVersion : 6.0.1.4
ProductVersion : 6.0.1.4
ProductName : Setup Factory 6.0 Runtime Module
CompanyName : Indigo Rose Corporation
FileDescription : SUF60Runtime
InternalName : SUF60Runtime
LegalCopyright : Copyright © 2001 - 2002 Indigo Rose Corporation. All Rights Reserved
LegalTrademarks : Setup Factory is a trademark of Indigo Rose Corporation
OriginalFilename : SUF60Runtime.exe
Comments : http://www.indigorose.com

Favoriteman Object Recognized!
Type : File
Data : A0023725.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{BE06ABAB-2007-4D24-AD58-7D50024D2A32}\RP43\
FileVersion : 6.0.1.4
ProductVersion : 6.0.1.4
ProductName : Setup Factory 6.0 Runtime Module
CompanyName : Indigo Rose Corporation
FileDescription : SUF60Runtime
InternalName : SUF60Runtime
LegalCopyright : Copyright © 2001 - 2002 Indigo Rose Corporation. All Rights Reserved
LegalTrademarks : Setup Factory is a trademark of Indigo Rose Corporation
OriginalFilename : SUF60Runtime.exe
Comments : http://www.indigorose.com

Favoriteman Object Recognized!
Type : File
Data : A0002328.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{BE06ABAB-2007-4D24-AD58-7D50024D2A32}\RP9\
FileVersion : 6.0.1.4
ProductVersion : 6.0.1.4
ProductName : Setup Factory 6.0 Runtime Module
CompanyName : Indigo Rose Corporation
FileDescription : SUF60Runtime
InternalName : SUF60Runtime
LegalCopyright : Copyright © 2001 - 2002 Indigo Rose Corporation. All Rights Reserved
LegalTrademarks : Setup Factory is a trademark of Indigo Rose Corporation
OriginalFilename : SUF60Runtime.exe
Comments : http://www.indigorose.com

Favoriteman Object Recognized!
Type : File
Data : A0002483.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{BE06ABAB-2007-4D24-AD58-7D50024D2A32}\RP9\
FileVersion : 6.0.1.4
ProductVersion : 6.0.1.4
ProductName : Setup Factory 6.0 Runtime Module
CompanyName : Indigo Rose Corporation
FileDescription : SUF60Runtime
InternalName : SUF60Runtime
LegalCopyright : Copyright © 2001 - 2002 Indigo Rose Corporation. All Rights Reserved
LegalTrademarks : Setup Factory is a trademark of Indigo Rose Corporation
OriginalFilename : SUF60Runtime.exe
Comments : http://www.indigorose.com

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15

Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15

Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15

Scanning Hosts file......
Hosts file location:"C:\windows\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 15

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15

21:24:17 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:05:46.47
Objects scanned:115812
Objects identified:4
Objects ignored:0
New critical objects:4

Hopefully it will be helpfull =)

I corrected the problems

#19
Guest_thatman_*

Posted 31 August 2005 - 01:49 PM

Guest

Hi paperone

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4
[-HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\USER AGENT]

Save the file as "delete.reg". Make sure to save it with the quotes. Double click on it and choose Yes to merge it. You may delete the file afterwards.

Doubleclick the file and confirm you want to merge it with the registry. Make sure you do this step first before going any further.

reboot as normal

Please run the following free, online virus scans.
http://enterprises.p...l_companies.htm
Please post the log From Panda virus scan. We will need them to remove previous infections that have left files on your system.

Run HijackThis and post the new log.

Kc :tazz:

#20
paperone

Posted 31 August 2005 - 02:38 PM

Member

Topic Starter
Member
46 posts

Hi again

OMG PC froze again during scan :tazz:

Well here is the new scan:

Incident Status Location

Spyware:spyware/bargainbuddy No disinfected Windows Registry

And here is the new log form Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 22:37:36, on 2005-08-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program\Analog Devices\SoundMAX\SMTray.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\ALWILS~1\Avast4\ashDisp.exe
C:\windows\system32\ctfmon.exe
C:\Program\Skype\Phone\Skype.exe
C:\Program\Delade filer\EPSON\EBAPI\eEBSVC.exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe
C:\Program\ewido\security suite\ewidoctrl.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program\Alwil Software\Avast4\ashMaiSv.exe
C:\Program\Alwil Software\Avast4\ashWebSv.exe
C:\windows\System32\alg.exe
C:\Program\Mozilla Firefox\firefox.exe
E:\Programmi utili\vecchi\help program\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Smapp] C:\Program\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ccleaner] "C:\Program\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq..._Non_Member.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program\Delade filer\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido\security suite\ewidoctrl.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program\TuneUp Utilities 2004\WinStylerThemeSvc.exe

regards

paperone

#21
paperone

Posted 01 September 2005 - 02:50 AM

Member

Topic Starter
Member
46 posts

Hello,

Are u still trying to find out whats wrong

I think it got even worth now, the pc freezes suddenly even if just window, outlook or other progr. are running :tazz:

I have no idea waht to do anymore I do not know how many times I allready scaned sometimes with success sometimes with freez LOL

How can this be I have all the progr. I need to have a safe pc but anyway allways the same [bleep].

PLZ reply me soon I am waiting for the next step and thank you again for this great help your offering.

regards

paperone

#22
paperone

Posted 02 September 2005 - 02:43 AM

Member

Topic Starter
Member
46 posts

Goodmornig,

I am still waiting for your reply :tazz:

PLZ Help

#23
Guest_thatman_*

Posted 02 September 2005 - 07:52 AM

Guest

Hi paperone

Please run the following online spyware scan , this needs to be done with internet explorer.
Save the spyware log when done, you will then see a option to run a Panda virus scan click on the virus scan when that to has completed post both logs.
Along with a new HijackThis log.

http://www.pandasoft..._principal.htm#

Thank You

Kc :tazz:

#24
paperone

Posted 03 September 2005 - 01:56 AM

Member

Topic Starter
Member
46 posts

Hi again thatman,

But this is what I allready did. The scan I send you was with panda? Maybe a little missunderstanding but since the last scans both with panda or hijack nothing has been further changed.

#25
Guest_thatman_*

Posted 03 September 2005 - 02:03 AM

Guest

Hi paperone

The above scanner is a new panda scanner it looks for malware

Try it let see if it picks up any malware.

Kc :tazz:

#26
paperone

Posted 03 September 2005 - 10:45 AM

Member

Topic Starter
Member
46 posts

This is from scan: with new panda

Incident Status Location

Spyware:spyware/bargainbuddy Reported Windows Registry

=)

#27
Guest_thatman_*

Posted 03 September 2005 - 03:26 PM

Guest

Hi paperone

Download the following program onto yur system Run the program from safemode.
Create a folder on your desktop called Sysclean.
Go to http://www.trendmicr...ownload/dcs.asp and download sysclean package to the folder you made.
Go to http://www.trendmicr...oad/pattern.asp and download the Official Pattern Release for windows to your desktop.
This file will be called lptXXX.zip (XXX represents the version number)
Unzip lptXXX.zip and you'll get the file lpt$vpn.XXX.
Move the lpt$vpn.XXX to that Sysclean-folder you created on your desktop.

Open the sysclean-folder and doubleclick sysclean.com.
Check: Automatically clean or delete detected files.
Click scan.
When the scan is finished, open your sysclean-folder and copy and paste the contents of sysclean.log in your next reply.

Reboot as normal

All this just to remove some useless regkeys that no longer work, but I like to clear out the junk.

Reply and let me know if buddy is remove, it can no longer function now with out the program.

Kc :tazz:

#28
paperone

Posted 04 September 2005 - 12:52 PM

Member

Topic Starter
Member
46 posts

Here it is.

/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/

2005-09-04, 16:20:47, Auto-clean mode specified.
2005-09-04, 16:20:47, Running scanner "C:\Documents and Settings\Administratör\Skrivbord\Sysclean\TSC.BIN"...
2005-09-04, 16:23:11, Scanner "C:\Documents and Settings\Administratör\Skrivbord\Sysclean\TSC.BIN" has finished running.
2005-09-04, 16:23:11, TSC Log:

Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows XP(Build 2600: Service Pack 2)

Start time : sö sep 04 2005 16:20:47

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Administratör\Skrivbord\Sysclean\tsc.ptn" (version 644) [success]

Complete time : sö sep 04 2005 16:23:11
Execute pattern count(4293), Virus found count(0), Virus clean count(0), Clean failed count(0)

2005-09-04, 16:23:54, An error occurred while scanning file "C:\Documents and Settings\Administratör\ntuser.dat": Åtkomst nekad.
2005-09-04, 16:23:54, An error occurred while scanning file "C:\Documents and Settings\Administratör\ntuser.dat.LOG": Åtkomst nekad.
2005-09-04, 16:24:57, An error occurred while scanning file "C:\Documents and Settings\Administratör\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat": Åtkomst nekad.
2005-09-04, 16:24:57, An error occurred while scanning file "C:\Documents and Settings\Administratör\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Åtkomst nekad.
2005-09-04, 16:25:18, An error occurred while scanning file "C:\Documents and Settings\NetworkService\NTUSER.DAT": Åtkomst nekad.
2005-09-04, 16:25:18, An error occurred while scanning file "C:\Documents and Settings\NetworkService\ntuser.dat.LOG": Åtkomst nekad.
2005-09-04, 16:25:19, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat": Åtkomst nekad.
2005-09-04, 16:25:19, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Åtkomst nekad.
2005-09-04, 16:40:41, An error was detected on "C:\System Volume Information\*.*": Åtkomst nekad.
2005-09-04, 16:46:17, Could not set file for reading on "C:\WINDOWS\Prefetch\AVAST.SETUP-38392C56.pf": Åtkomst nekad.
2005-09-04, 16:46:17, Could not set file for reading on "C:\WINDOWS\Prefetch\CAROM.EXE-24187A3D.pf": Åtkomst nekad.
2005-09-04, 16:46:17, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf": Åtkomst nekad.
2005-09-04, 16:46:17, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf": Åtkomst nekad.
2005-09-04, 16:46:17, Could not set file for reading on "C:\WINDOWS\Prefetch\DISKCLEANER.EXE-03AD1359.pf": Åtkomst nekad.
2005-09-04, 16:46:17, Could not set file for reading on "C:\WINDOWS\Prefetch\FIREFOX.EXE-30E16F79.pf": Åtkomst nekad.
2005-09-04, 16:46:17, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf": Åtkomst nekad.
2005-09-04, 16:46:17, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Åtkomst nekad.
2005-09-04, 16:46:17, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf": Åtkomst nekad.
2005-09-04, 16:46:17, Could not set file for reading on "C:\WINDOWS\Prefetch\OUTLOOK.EXE-32731767.pf": Åtkomst nekad.
2005-09-04, 16:46:17, Could not set file for reading on "C:\WINDOWS\Prefetch\REALSCHED.EXE-27663E36.pf": Åtkomst nekad.
2005-09-04, 16:46:17, Could not set file for reading on "C:\WINDOWS\Prefetch\REGISTRYCLEANER.EXE-04A8CDC5.pf": Åtkomst nekad.
2005-09-04, 16:46:17, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.OVR-013DFF85.pf": Åtkomst nekad.
2005-09-04, 16:46:17, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSTEMOPTIMIZER.EXE-039E88FA.pf": Åtkomst nekad.
2005-09-04, 16:46:17, Could not set file for reading on "C:\WINDOWS\Prefetch\TSC.EXE-234D6AC4.pf": Åtkomst nekad.
2005-09-04, 16:46:17, Could not set file for reading on "C:\WINDOWS\Prefetch\WINRAR.EXE-347A27FE.pf": Åtkomst nekad.
2005-09-04, 16:46:17, Could not set file for reading on "C:\WINDOWS\Prefetch\WINWORD.EXE-15E6E87D.pf": Åtkomst nekad.
2005-09-04, 16:46:17, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf": Åtkomst nekad.
2005-09-04, 16:46:17, Could not set file for reading on "C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf": Åtkomst nekad.
2005-09-04, 16:49:44, An error occurred while scanning file "C:\WINDOWS\system32\config\default": Åtkomst nekad.
2005-09-04, 16:49:44, An error occurred while scanning file "C:\WINDOWS\system32\config\default.LOG": Åtkomst nekad.
2005-09-04, 16:49:44, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM": Åtkomst nekad.
2005-09-04, 16:49:44, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM.LOG": Åtkomst nekad.
2005-09-04, 16:49:45, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY": Åtkomst nekad.
2005-09-04, 16:49:45, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY.LOG": Åtkomst nekad.
2005-09-04, 16:49:45, An error occurred while scanning file "C:\WINDOWS\system32\config\software": Åtkomst nekad.
2005-09-04, 16:49:45, An error occurred while scanning file "C:\WINDOWS\system32\config\software.LOG": Åtkomst nekad.
2005-09-04, 16:49:55, An error occurred while scanning file "C:\WINDOWS\system32\config\system": Åtkomst nekad.
2005-09-04, 16:49:55, An error occurred while scanning file "C:\WINDOWS\system32\config\system.LOG": Åtkomst nekad.
2005-09-04, 16:51:02, An error occurred while scanning file "C:\WINDOWS\system32\drivers\atapi.sys": Åtkomst nekad.
2005-09-04, 16:52:09, Running scanner "C:\Documents and Settings\Administratör\Skrivbord\Sysclean\VSCANTM.BIN"...
2005-09-04, 17:12:23, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 9/4/2005 16:52:09
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 817 (107321 Patterns) (2005/09/02) (281700)
Command Line: C:\Documents and Settings\Administratör\Skrivbord\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Administratör\Skrivbord\Sysclean

36719 files have been read.
36719 files have been checked.
30439 files have been scanned.
99734 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/4/2005 17:12:23
---------*---------*---------*---------*---------*---------*---------*---------*
2005-09-04, 17:12:23, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 9/4/2005 16:52:09
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 817 (107321 Patterns) (2005/09/02) (281700)
Command Line: C:\Documents and Settings\Administratör\Skrivbord\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Administratör\Skrivbord\Sysclean

36719 files have been read.
36719 files have been checked.
30439 files have been scanned.
99734 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/4/2005 17:12:23 20 minutes 9 seconds (1208.84 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-09-04, 17:12:23, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 9/4/2005 16:52:09
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 817 (107321 Patterns) (2005/09/02) (281700)
Command Line: C:\Documents and Settings\Administratör\Skrivbord\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Administratör\Skrivbord\Sysclean

36719 files have been read.
36719 files have been checked.
30439 files have been scanned.
99734 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/4/2005 17:12:23 20 minutes 9 seconds (1208.84 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-09-04, 17:12:23, Scanner "C:\Documents and Settings\Administratör\Skrivbord\Sysclean\VSCANTM.BIN" has finished running.
2005-09-04, 19:23:03, An error was detected on "D:\System Volume Information\*.*": Åtkomst nekad.
2005-09-04, 19:23:03, Running scanner "C:\Documents and Settings\Administratör\Skrivbord\Sysclean\VSCANTM.BIN"...
2005-09-04, 19:24:33, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 9/4/2005 19:23:04
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 817 (107321 Patterns) (2005/09/02) (281700)
Command Line: C:\Documents and Settings\Administratör\Skrivbord\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\Administratör\Skrivbord\Sysclean

927 files have been read.
927 files have been checked.
173 files have been scanned.
1098 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/4/2005 19:24:33
---------*---------*---------*---------*---------*---------*---------*---------*
2005-09-04, 19:24:33, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 9/4/2005 19:23:04
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 817 (107321 Patterns) (2005/09/02) (281700)
Command Line: C:\Documents and Settings\Administratör\Skrivbord\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\Administratör\Skrivbord\Sysclean

927 files have been read.
927 files have been checked.
173 files have been scanned.
1098 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/4/2005 19:24:33 1 minute 21 seconds (81.16 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-09-04, 19:24:33, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 9/4/2005 19:23:04
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 817 (107321 Patterns) (2005/09/02) (281700)
Command Line: C:\Documents and Settings\Administratör\Skrivbord\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\Administratör\Skrivbord\Sysclean

927 files have been read.
927 files have been checked.
173 files have been scanned.
1098 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/4/2005 19:24:33 1 minute 21 seconds (81.16 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-09-04, 19:24:33, Scanner "C:\Documents and Settings\Administratör\Skrivbord\Sysclean\VSCANTM.BIN" has finished running.
2005-09-04, 19:51:08, An error was detected on "E:\System Volume Information\*.*": Åtkomst nekad.
2005-09-04, 19:51:13, Running scanner "C:\Documents and Settings\Administratör\Skrivbord\Sysclean\VSCANTM.BIN"...
2005-09-04, 19:53:19, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 9/4/2005 19:51:14
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 817 (107321 Patterns) (2005/09/02) (281700)
Command Line: C:\Documents and Settings\Administratör\Skrivbord\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\Documents and Settings\Administratör\Skrivbord\Sysclean

5002 files have been read.
5002 files have been checked.
4173 files have been scanned.
24195 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/4/2005 19:53:19
---------*---------*---------*---------*---------*---------*---------*---------*
2005-09-04, 19:53:19, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 9/4/2005 19:51:14
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 817 (107321 Patterns) (2005/09/02) (281700)
Command Line: C:\Documents and Settings\Administratör\Skrivbord\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\Documents and Settings\Administratör\Skrivbord\Sysclean

5002 files have been read.
5002 files have been checked.
4173 files have been scanned.
24195 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/4/2005 19:53:19 2 minutes (120.09 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-09-04, 19:53:19, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 9/4/2005 19:51:14
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 817 (107321 Patterns) (2005/09/02) (281700)
Command Line: C:\Documents and Settings\Administratör\Skrivbord\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\Documents and Settings\Administratör\Skrivbord\Sysclean

5002 files have been read.
5002 files have been checked.
4173 files have been scanned.
24195 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/4/2005 19:53:19 2 minutes (120.09 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-09-04, 19:53:19, Scanner "C:\Documents and Settings\Administratör\Skrivbord\Sysclean\VSCANTM.BIN" has finished running.

THX

regards

paperone

#29
Guest_thatman_*

Posted 07 September 2005 - 09:47 AM

Guest

Hi paperone

How is the system running now

Kc :tazz:

#30
paperone

Posted 07 September 2005 - 12:23 PM

Member

Topic Starter
Member
46 posts

Hi,

TY for asking

No for the moment it seems to work but it still freezes sometimes well not all days like before but sometimes.

Lets se if it gets worth and I get back to you.

TY again for all yor help

regards

paperone :tazz: