Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Please Help Diagnose


  • Please log in to reply
19 replies to this topic

#1 leobrzl

leobrzl

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 11 December 2007 - 11:39 AM

My computer has been sooo slow! I have the CA Internet Suite, so I'm pretty sure I don't have any spyware or trojans, or viruses. I constantly clean out the temporary internet files and everything, but it seems that the pc gets slower by the day. I don't know what might be holding it back so much. This is my last resource, people have been telling me I should just format it but that's something I really don't wanna do. Please help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:17:25 PM, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\svcprs32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/Home.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.hotmail.com
O15 - Trusted Zone: *.live.com
O15 - Trusted Zone: *.passport.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184557519109
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\WINDOWS\system32\svcprs32.exe
O23 - Service: WLANKEEPER - IntelŽ Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10518 bytes

Edited by leobrzl, 11 December 2007 - 11:52 AM.


BC AdBot (Login to Remove)

 


#2 leobrzl

leobrzl
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 13 December 2007 - 10:14 AM

I can't even listen to music because the computer keeps having these "pauses" it seems, like, when I'm moving the pointer around it doesn't move smoothly anymore. That goes for everything, the pc is like a broken record you see? What can I possibly do? Pleaaaaaaaaase help!

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:10 PM

Posted 16 December 2007 - 06:46 PM

Hello leobrzl,

Welcome to Bleeping Computer :thumbsup:

Sorry about the delay.:blink: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 leobrzl

leobrzl
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 16 December 2007 - 06:51 PM

yay! a reply! here you go:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:45 PM, on 12/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\cfgmng32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\svcprs32.exe
C:\Program Files\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/Home.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.hotmail.com
O15 - Trusted Zone: *.live.com
O15 - Trusted Zone: *.passport.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184557519109
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\WINDOWS\system32\svcprs32.exe
O23 - Service: WLANKEEPER - IntelŽ Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10593 bytes

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:10 PM

Posted 16 December 2007 - 07:10 PM

Hello,

Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat Please save it on your desktop.

@echo off
sc stop WinSvchostManager
sc delete WinSvchostManager
exit



Double click FixServices.bat. A window will open and close. This is normal.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\WINDOWS\system32\svcprs32.exe


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Your Java is way out of date, which leaves your computer vulnerable.

Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6u3.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
In your reply, please post a new HijackThis log and let me know how your computer is running now.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 leobrzl

leobrzl
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 17 December 2007 - 10:38 AM

Hi. Ok, so I did all those things, the pc doesn't seem to be running faster, although I am listening to music right now and the song is barely having those -what should I call them?- "interruptions", except for when I'm opening a program or something like that. Here's the latest HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:33:06 PM, on 12/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/Home.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.hotmail.com
O15 - Trusted Zone: *.live.com
O15 - Trusted Zone: *.passport.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184557519109
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WLANKEEPER - IntelŽ Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10232 bytes

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:10 PM

Posted 17 December 2007 - 01:57 PM

Hello,

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please print these instructions or copy them to Notepad (or another word processor), and save it for easier reference. This is because we will be in Safe Mode during the fix and you won’t be able to access the Internet to view these instructions.

Please download AVG Anti-Spyware Free Edition and save that file to your desktop.

This is a 30-day trial of the program -- This means that after 30 days the "background guard" protection will be de-activated. However, this version can continue to be manually updated and used as an on-demand scanner forever.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the setup program.
  • Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
  • On the top of the main screen select the "Update" icon, then under the "Manual update" section click the "Start update" button.
  • The update will start and a progress bar will show the updates being installed.
  • Once the update has completed (the progress bar will display "Update successful!") select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the "Settings" screen:
    • Click on "Recommended actions" -> select "Quarantine".
    • Under "Reports:" -> select "Do not automatically generate reports".
  • Close AVG Anti-Spyware. Please do NOT run a scan yet!
Next, please reboot your computer into Safe Mode by doing the following:
  • Reboot your computer.
  • After hearing your computer beep once during startup, but just before the Windows icon appears, begin tapping the F8 key on your keyboard. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, reboot the computer and try again.
  • Instead of Windows loading as normal, a menu should appear.
  • Using the arrow keys on the keyboard, scroll to and select the "Safe Mode" menu item, and then press "Enter".
Then please run a scan with AVG Anti-Spyware:

IMPORTANT: Do NOT open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning process.
  • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab. Click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
  • Once the scan is complete do the following:
    • If you have any infections you will prompted, then select the "Apply all actions" button, AVG Anti-Spyware will then display "All actions have been applied" on the right hand side.
    • Next select the "Save Report" button at the bottom.
    • Then select the "Save report as" button in the lower left hand corner of the screen and save it as a text file on your system (make sure to remember where you saved that file, this is important!).
  • Close AVG Anti-Spyware and reboot your system normally into Windows. Please post the contents of the AVG Anti-Spyware report in your next reply, along with a new HijackThis log.
Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 leobrzl

leobrzl
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 17 December 2007 - 09:09 PM

AVG report:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:33:06 PM 12/17/2007

+ Scan result:



C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll -> Adware.BHO : Cleaned with backup (quarantined).
HKU\S-1-5-21-1940121184-3108085701-186615957-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8A406068-D45C-40B9-A096-38AC717FB608} -> Adware.WebDir : Cleaned with backup (quarantined).
C:\WINDOWS\test.tmp -> Downloader.SpyAgent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP309\A0109474.exe -> Logger.Banker : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup (quarantined).


::Report end


HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:54 AM, on 12/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Ad-Aware\aawservice.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/Home.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll (file missing)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.hotmail.com
O15 - Trusted Zone: *.live.com
O15 - Trusted Zone: *.passport.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184557519109
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WLANKEEPER - IntelŽ Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10570 bytes

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:10 PM

Posted 17 December 2007 - 09:21 PM

Hello,

Did that help any?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 leobrzl

leobrzl
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 18 December 2007 - 11:18 AM

not that much, speed-wise. :thumbsup:

#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:10 PM

Posted 18 December 2007 - 11:25 AM

Hello,

I'll encourage you to run the Full Tests at PCPitstop. http://www.pcpitstop.com/pcpitstop/default.asp
This is an excellent diagnostics scan that may help in determining problems not related to malware. If you need help interpreting the results, you can either post back here with the Tech Express link, or have someone in the User to User forum help you out.

Let me know how you come out. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#12 leobrzl

leobrzl
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 18 December 2007 - 11:39 AM

I actually have the full version of that program on my computer, so I'm running it right now for an optimization.
Here's the log:

Temporary files
Recycle Bin space removed: 0 KB
Internet Cache removed: 5056 KB
Temporary files deleted: 158 (3161 KB)
c:\Documents and Settings\Leonor\Local Settings\Temp\jusched.log
c:\Documents and Settings\Leonor\Local Settings\Temp\MessengerCache\2FaBp38uGkygzn0TeE720D4gDo0s=
c:\Documents and Settings\Leonor\Local Settings\Temp\MessengerCache\3DJLqL2FToYRkB5Y66ZzNckRPvvc=
c:\Documents and Settings\Leonor\Local Settings\Temp\MessengerCache\57GefTlyHdDakvzTJjzt5Y35eMs=
c:\Documents and Settings\Leonor\Local Settings\Temp\MessengerCache\75b2+2FnTJubPAfDHhHnpB5xwzGc=
c:\Documents and Settings\Leonor\Local Settings\Temp\MessengerCache\CWKlKODMVbRMwdc1yYpgQN4+sAA=
c:\Documents and Settings\Leonor\Local Settings\Temp\MessengerCache\fBca1S7pedqYqvvinzm1+5Dg3Mw=
c:\Documents and Settings\Leonor\Local Settings\Temp\MessengerCache\gI2H2FuQkaMJjXwZ0iKi8rdMKNBo=
c:\Documents and Settings\Leonor\Local Settings\Temp\MessengerCache\JF95VjCrbZC7UlnQJ12N65fJZF0=
c:\Documents and Settings\Leonor\Local Settings\Temp\MessengerCache\zy1B0oLPRPAaBtUmhOIAfs7pS8U=
c:\Documents and Settings\Leonor\Local Settings\Temp\PCP\optsetup0.exe
c:\Documents and Settings\Leonor\Local Settings\Temp\PPGUID.txt
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\eq\alpha.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\eq\auto.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\eq\autod.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\eq\eq-ani-normal.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\eq\eq-ani-preamp.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\eq\eq-bal-back.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\eq\eq-normal-map.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\eq\eq-preamp-map.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\eq\eq-sliderknob.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\eq\eqbars.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\eq\eqbase.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\eq\on.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\eq\ond.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\eq\pre.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\eq\pred.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\anivis.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\armour.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\armourd.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\armourh.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\avs.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\avsd.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\back.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\background.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\center.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\close.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\closed.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\Color.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\Colord.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\eject.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\ejectd.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\ejecth.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\eqbase copy.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\eqbase.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\eqbutton.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\eqbuttond.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\eqbuttondd.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\eqthumb.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\eqthumbd.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\eqx.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\eqxd.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\font-bankgothic.ttf
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\forward.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\forwardd.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\forwardh.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\glassover.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\leftside.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\matrix.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\membutton.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\ML.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\MLd.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\MLdd.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\mute.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\muted.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\no-alpha-base copy.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\no-alpha-base.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\noalphaover.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\over.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\pause.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\paused.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\pauseh.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\pl.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\play.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\playd.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\playh.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\pld.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\repeat.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\repeatd.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\rev.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\revd.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\revh.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\right-handle.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\seek.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\shuf.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\shufd.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\SliderMap.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\SliderMap2.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\SliderMap3 copy.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\SliderMap3.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\SliderMap4 copy.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\SliderMap4.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\smallshadebut.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\songpos.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\songposd.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\stop.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\stopd.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\stoph.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\video.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\videod.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\volume.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\x.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\player\xd.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\scripts\autorepeatvolumebuttons.maki
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\scripts\centerobject.maki
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\scripts\drawer.m
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\scripts\drawer.maki
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\scripts\equalizer.maki
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\scripts\firsttime.maki
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\scripts\How to....txt
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\scripts\init.m
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\scripts\init.maki
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\scripts\Noname2.maki
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\scripts\playlisteditor.m
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\scripts\playlisteditor.maki
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\scripts\sc_PlayPause.m
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\scripts\sc_PlayPause.maki
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\scripts\seekbyregion.m
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\scripts\seekbyregion.maki
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\scripts\standardframe.maki
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\scripts\visualizations.m
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\scripts\visualizations.maki
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\scripts\volume.m
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\scripts\volume.maki
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\scripts\volumebyregion.m
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\scripts\volumebyregion.maki
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\skin.xml
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\window\background.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\window\blank.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\window\closebutton.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\window\regions.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\window\standardframe.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\window\tabsheet.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\window\tooltips-elements.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\window\window-elements.png
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\xml\eq.xml
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\xml\gamma-presets.xml
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\xml\manual-elements.xml
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\xml\manual.xml
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\xml\message-normal.xml
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\xml\message.xml
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\xml\player-elements.xml
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\xml\player-normal.xml
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\xml\player-normalc.xml
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\xml\player.xml
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\xml\standardframe.xml
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\xml\system-colors.xml
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\xml\system-elements.xml
c:\Documents and Settings\Leonor\Local Settings\Temp\WASAB5F.tmp\xml\xuiobjects.xml
c:\Documents and Settings\Leonor\Local Settings\Temp\_iu14D2N.tmp
c:\Documents and Settings\Leonor\Local Settings\Temp\~DF575F.tmp
c:\Documents and Settings\Leonor\Local Settings\Temp\~DF5DC1.tmp
c:\Documents and Settings\Leonor\Local Settings\Temp\~DF95D.tmp
c:\Documents and Settings\Leonor\Local Settings\Temp\~DFF2C3.tmp
C:\WINDOWS\Temp\Perflib_Perfdata_214.dat
C:\WINDOWS\Temp\T30DebugLogFile.txt
C:\WINDOWS\Temp\WGAErrLog.txt
C:\WINDOWS\Temp\WGANotify.settings


Internet optimization
No changes made

No changes made
Download tested speed = 105 Kbit/Second
Ping time = 739 ms


Setup optimization
No changes made


Registry optimization
Invalid CLSID entries deleted
HKCR\CLSID\{4DA183AB-A9DC-4D83-B6BE-05C8D3BC57CF}\InprocServer32
HKCR\CLSID\{6FB51990-7285-4EC0-B636-4F912138D530}\InprocServer32
HKCR\CLSID\{C08DF07A-3E49-4E25-9AB0-D3882835F153}\InprocServer32
HKCR\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBC}\InprocServer32
HKCR\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\InprocServer32

Invalid ProgID entries deleted
HKCR\CorelPhotoAlbumPhoto

Invalid TypeLib entries deleted
HKCR\TYPELIB\{03E65CAA-5A4C-4EB7-AFA9-E89118E59DE1}\
HKCR\TYPELIB\{5A224996-0D3B-11D2-A18B-00C04F8EC1B3}\
HKCR\TYPELIB\{7049AC0C-2C9D-4F5A-9A59-DD9B7FB46422}\
HKCR\TYPELIB\{8F0D99A3-14DB-48B0-8674-12996627496E}\
HKCR\TYPELIB\{953D20C3-CA4F-497D-B0FD-93E77D2485EA}\
HKCR\TYPELIB\{C0E30006-0004-0900-0000-C0E1C0E1C0E1}\
HKCR\TYPELIB\{C0E30006-0006-0900-0000-C0E1C0E1C0E1}\
HKCR\TYPELIB\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}\
HKCR\TYPELIB\{ED521A76-5AE1-48EB-8FC8-A70FB3997AFB}\
HKCR\TYPELIB\{F7FB3DAB-E0C2-4F60-9E0C-35FA84AF8168}\
HKCR\TYPELIB\{F802DA2A-82FE-11D2-8C60-00A0C90AA30A}\

Invalid Interface entries deleted
HKCR\INTERFACE\{06E48DEC-C2F2-4245-A3FC-1A1A2EA20DB2}\TYPELIB\
HKCR\INTERFACE\{121F82D9-7404-4D41-9E97-E1009DA0B64E}\TYPELIB\
HKCR\INTERFACE\{23D1C540-CF7A-11D2-B123-00A0C9B63407}\TYPELIB\
HKCR\INTERFACE\{67C076F5-9FDF-44CB-9180-FA7E9D5B75DE}\TYPELIB\
HKCR\INTERFACE\{8571C450-C029-11D2-B107-00A0C9B63407}\TYPELIB\
HKCR\INTERFACE\{8571C451-C029-11D2-B107-00A0C9B63407}\TYPELIB\
HKCR\INTERFACE\{8F0D99C0-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99C2-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99C4-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99C6-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99C8-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99CA-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99CC-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99CE-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99D0-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99D2-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99D4-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99D6-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99D8-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99DA-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99DC-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99DE-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99E0-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99E2-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99E4-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99E6-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99E8-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99EA-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99EC-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99EE-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99F0-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99F2-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99F4-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99F6-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99F8-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99FB-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99FC-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D99FE-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D9A00-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{8F0D9A02-14DB-48B0-8674-12996627496E}\TYPELIB\
HKCR\INTERFACE\{94FF7794-847A-11D2-8C60-00A0C90AA30A}\TYPELIB\
HKCR\INTERFACE\{94FF7795-847A-11D2-8C60-00A0C90AA30A}\TYPELIB\
HKCR\INTERFACE\{94FF7796-847A-11D2-8C60-00A0C90AA30A}\TYPELIB\
HKCR\INTERFACE\{9A3A6577-AC24-4D39-9C9A-0718EEDEAF85}\TYPELIB\
HKCR\INTERFACE\{A991FC40-CF73-11D2-B123-00A0C9B63407}\TYPELIB\
HKCR\INTERFACE\{BBC51E44-71C4-4766-B55F-5A0A23BA9DED}\TYPELIB\
HKCR\INTERFACE\{C0E20006-0006-0900-0001-C0E1C0E1C0E1}\TYPELIB\
HKCR\INTERFACE\{C181BB7F-D182-4A0F-B0D5-33E499D0F257}\TYPELIB\
HKCR\INTERFACE\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}\TYPELIB\
HKCR\INTERFACE\{EAB38D5C-26DC-11D2-98C0-00104B24170B}\TYPELIB\
HKCR\INTERFACE\{EAB38D5D-26DC-11D2-98C0-00104B24170B}\TYPELIB\
HKCR\INTERFACE\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}\TYPELIB\


System performance
No changes made

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:10 PM

Posted 18 December 2007 - 11:44 AM

Hello,

No, I want you to run the full tests so I can see the results in the Tech Express link. :thumbsup:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#14 leobrzl

leobrzl
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 18 December 2007 - 12:47 PM

is this what you need?

http://www.pcpitstop.com/techexpress.asp?id=TN3BSW9LULVS9LUV

#15 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:10 PM

Posted 20 December 2007 - 01:29 PM

Hello,

Yes, thanks. That looks terrible. :blink: Can you click on each of those and follow the directions for fixing each of them? If not, I'll help you, but it'll make a huge difference in performance when you fix them. :thumbsup:

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users