Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very Slow System


  • This topic is locked This topic is locked
6 replies to this topic

#1 moony

moony

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 12 November 2005 - 02:47 PM

hi everyone i recently bought a second pc for the kids to play on, just a cheap one it came with windows 98 and i updated to xp the same day, the problem is that it runs very very slow, i have done spyware checks and clean ups but still the same im not sure if there is something wrong with the system here is a hjt log and a system suite diagnostic result to see if anyone can point out where my problems are

Logfile of HijackThis v1.99.1
Scan saved at 07:09:55, on 11/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

Diagnostics Results

Started: 11/09/2005 11:17:04
Finished: 11/09/2005 13:44:21

User: upstairs
System: BEDROOM

Test Depth was set to Average
Results for: Failed Tests

LPT Port 1 [LPT1] (0 seconds)
Started at 11:17:17 on 11/09/2005
Ended at 11:17:17 on 11/09/2005
Base I/O Address: 0x378
Manufacturer: Unknown
ECP Compatible: True
Bidirectional: True
ECP IRQ: 0
ECP DMA: 0
External Loopback Test
Started at 11:17:17 on 11/09/2005
Ended at 11:17:17 on 11/09/2005
Test ERROR loopback data bit: 1
This test failed. This may have been due to
A missing, incorrect, or faulty loopback device
A failure in the LPT connector
The LPT port may not support all status lines

COM Port 1 [COM1] (7 seconds)
Started at 11:17:17 on 11/09/2005
Ended at 11:17:25 on 11/09/2005
Port: COM1
Base I/O Address: 0x3f8
Interrupt: 4
maximum baud rate: 115200
RTS/CTS Test
Started at 11:17:17 on 11/09/2005
Ended at 11:17:18 on 11/09/2005
This test failed. This may have been due to
A missing, incorrect, or faulty loopback device
A serial connector or interface chip failure
The port may not support all the status/flow control lines
A faulty port/device/serial chip (UART or chipset)
Improper IRQ configuration
Test data rate may exceed device capability
DTR/DSR Test
Started at 11:17:18 on 11/09/2005
Ended at 11:17:19 on 11/09/2005
This test failed. This may have been due to
A missing, incorrect, or faulty loopback device
A serial connector or interface chip failure
The port may not support all the status/flow control lines
A faulty port/device/serial chip (UART or chipset)
Improper IRQ configuration
Test data rate may exceed device capability
Baud Rate Test
Started at 11:17:19 on 11/09/2005
Ended at 11:17:21 on 11/09/2005
This test failed. This may have been due to
A missing, incorrect, or faulty loopback device
A faulty port/device/serial chip (UART or chipset)
Improper IRQ configuration
Test data rate may exceed device capability
Stop Bit Test
Started at 11:17:21 on 11/09/2005
Ended at 11:17:23 on 11/09/2005
This test failed. This may have been due to
A missing, incorrect, or faulty loopback device
A faulty port/device/serial chip (UART or chipset)
Improper IRQ configuration
Test data rate may exceed device capability
Word Length Test
Started at 11:17:23 on 11/09/2005
Ended at 11:17:25 on 11/09/2005
This test failed. This may have been due to
A missing, incorrect, or faulty loopback device
A faulty port/device/serial chip (UART or chipset)
Improper IRQ configuration
Test data rate may exceed device capability

COM Port 2 [COM2] (8 seconds)
Started at 11:17:25 on 11/09/2005
Ended at 11:17:33 on 11/09/2005
Port: COM2
Base I/O Address: 0x2f8
Interrupt: 3
maximum baud rate: 115200
RTS/CTS Test
Started at 11:17:25 on 11/09/2005
Ended at 11:17:26 on 11/09/2005
This test failed. This may have been due to
A missing, incorrect, or faulty loopback device
A serial connector or interface chip failure
The port may not support all the status/flow control lines
A faulty port/device/serial chip (UART or chipset)
Improper IRQ configuration
Test data rate may exceed device capability
DTR/DSR Test
Started at 11:17:26 on 11/09/2005
Ended at 11:17:27 on 11/09/2005
This test failed. This may have been due to
A missing, incorrect, or faulty loopback device
A serial connector or interface chip failure
The port may not support all the status/flow control lines
A faulty port/device/serial chip (UART or chipset)
Improper IRQ configuration
Test data rate may exceed device capability
Baud Rate Test
Started at 11:17:27 on 11/09/2005
Ended at 11:17:29 on 11/09/2005
This test failed. This may have been due to
A missing, incorrect, or faulty loopback device
A faulty port/device/serial chip (UART or chipset)
Improper IRQ configuration
Test data rate may exceed device capability
Stop Bit Test
Started at 11:17:29 on 11/09/2005
Ended at 11:17:31 on 11/09/2005
This test failed. This may have been due to
A missing, incorrect, or faulty loopback device
A faulty port/device/serial chip (UART or chipset)
Improper IRQ configuration
Test data rate may exceed device capability
Word Length Test
Started at 11:17:31 on 11/09/2005
Ended at 11:17:33 on 11/09/2005
This test failed. This may have been due to
A missing, incorrect, or faulty loopback device
A faulty port/device/serial chip (UART or chipset)
Improper IRQ configuration
Test data rate may exceed device capability

Network Interface Card 1 [NIC Device] (31 seconds)
Started at 11:24:16 on 11/09/2005
Ended at 11:24:48 on 11/09/2005
Ping
Started at 11:24:43 on 11/09/2005
Ended at 11:24:43 on 11/09/2005
Ping IP Address:
This test failed. This may have been due to
No route to the internet
No network present
Disconnected network cable
Defective NIC
The diagnostic test reported:
Error : NULL IP address, cannot perform ping operation
Throughput
Started at 11:24:44 on 11/09/2005
Ended at 11:24:44 on 11/09/2005
Throughput IP Address:
This test failed. This may have been due to
No route to the internet
No network present
Disconnected network cable
Defective NIC
The diagnostic test reported:
Error : NULL IP address, cannot perform ping operation

Multimedia Systems 1 [MUL] (41 seconds)
Started at 11:24:48 on 11/09/2005
Ended at 11:25:29 on 11/09/2005
AVI Driver: mciavi.drv
CD Audio Driver: mcicda.drv
MPEG Driver: NONE
Sequencer Driver: mciseq.drv
Wave Driver: mciwave.drv
AVI Test File: printer.avi
MPEG Test File: spotlight.mpeg
Sequencer Test File: newage.mid
Wave Test File: spkrtest.wav
MIDI Sequencer Test
Started at 11:25:13 on 11/09/2005
Ended at 11:25:14 on 11/09/2005
This test failed. This may have been due to
Incorrect/unsupported driver
Unsupported format
The diagnostic test reported:
Cannot set speaker to default test value.
WAV Audio Test
Started at 11:25:29 on 11/09/2005
Ended at 11:25:29 on 11/09/2005
This test failed. This may have been due to
Incorrect/unsupported driver
Unsupported format

CD-ROM 1 [Drive D] (48 seconds)
Started at 13:30:25 on 11/09/2005
Ended at 13:31:13 on 11/09/2005
System I/O device name: \\.\D:
Cabinet Vendor: Vendor name unknown
Cabinet Model: Product name unknown
Drive Vendor:
Drive Model: ATAPI CDROM.48X
Cabinet #: 0
Drive #: 0
Media Station #: 0
User Drive Letter(s) Assigned:
Auto Insert Notification: 0
DMA Currently Used: 0
Volume Name:
Sectors per track: 0
Tracks: 0
Bytes per sector: 0
Sectors: 0
Capacity (MBytes): 0
Bus: IDE
Butterfly Seek Test
Started at 13:30:25 on 11/09/2005
Ended at 13:30:38 on 11/09/2005
Start Sector: 0
Stop Sector: 0
Sector Increment: 0
Test Iterations: 0
This test failed. This may have been due to
A defective CD
Defective read head devices
A defective drive motor
Non-data CD (i.e. Audio CD) in drive for this data test
Defective CD device driver
Host adapter address or IRQ conflict
A drive failure, either electronic or mechanical
The diagnostic test reported:
No Media!
Linear Seek Test
Started at 13:30:38 on 11/09/2005
Ended at 13:30:50 on 11/09/2005
Start Sector: 0
Stop Sector: 0
Sector Increment: 0
This test failed. This may have been due to
A defective CD
Defective read head devices
A defective drive motor
Non-data CD (i.e. Audio CD) in drive for this data test
Defective CD device driver
Host adapter address or IRQ conflict
A drive failure, either electronic or mechanical
The diagnostic test reported:
No Media!
Random Seek Test
Started at 13:30:50 on 11/09/2005
Ended at 13:31:02 on 11/09/2005
Start Sector: 0
Stop Sector: 0
Test Iterations: 0
This test failed. This may have been due to
A defective CD
Defective read head devices
A defective drive motor
Non-data CD (i.e. Audio CD) in drive for this data test
Defective CD device driver
Host adapter address or IRQ conflict
A drive failure, either electronic or mechanical
The diagnostic test reported:
No Media!
Eject Media Test
Started at 13:31:02 on 11/09/2005
Ended at 13:31:13 on 11/09/2005
This test failed. This may have been due to
A defective eject mechanism
Defective CD device driver
Host adapter address or IRQ conflict
A drive failure, either electronic or mechanical
The diagnostic test reported:
No Media!

Removable Media (Floppy Drive) 1 [Drive A] (2 seconds)
Started at 13:31:14 on 11/09/2005
Ended at 13:31:16 on 11/09/2005
System I/O device name: \\.\A:
Drive Vendor: Unknown
Drive Model: 3.5 inch
Drive #: 0
Sectors per track: 0
Tracks: 0
Bytes per sector: 0
Sectors: 0
Capacity (Bytes): 0
Bus: FDC
Butterfly Seek Test
Started at 13:31:14 on 11/09/2005
Ended at 13:31:15 on 11/09/2005
Start Sector: 0
Stop Sector: 0
Sector Increment: 0
Test Iterations: 0
This test failed. This may have been due to
A defective diskette
A cable or controller-to-drive failure
A drive failure, either electronic or mechanical
The diagnostic test reported:
No media!
Linear Seek Test
Started at 13:31:15 on 11/09/2005
Ended at 13:31:15 on 11/09/2005
Start Sector: 0
Stop Sector: 0
Sector Increment: 0
This test failed. This may have been due to
A defective drive head
A defective diskette
A drive failure, either electronic or mechanical
The diagnostic test reported:
No media!
Read/Write Test
Started at 13:31:15 on 11/09/2005
Ended at 13:31:15 on 11/09/2005
Start Sector: 0
Stop Sector: 0
Sector Increment: 0
This test failed. This may have been due to
A defective head or cylinder
A defective or incomplete low-level format
A drive failure, either electronic or mechanical
The diagnostic test reported:
No media!
Media Change Test
Started at 13:31:15 on 11/09/2005
Ended at 13:31:15 on 11/09/2005
This test failed. This may have been due to a drive failure, either electronic or mechanical
The diagnostic test reported:
No media!
Write Protect Test
Started at 13:31:15 on 11/09/2005
Ended at 13:31:16 on 11/09/2005
This test failed. This may have been due to
A drive failure, either electronic or mechanical
A write-protect tab was not in place
The diagnostic test reported:
No media!

the system suite diagnostic lists all the test that failed

if you need any other info let me know
thanky you

moony

BC AdBot (Login to Remove)

 


m

#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:04 PM

Posted 12 November 2005 - 05:31 PM

Download WindPFind

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe.
When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while.
When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.

David

#3 moony

moony
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 12 November 2005 - 06:23 PM

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...
UPX! 16/02/2005 19:06:16 218112 C:\HijackThis.exe

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 12/08/2004 13:56:50 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
aspack 12/08/2004 14:02:34 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 12/08/2004 14:04:02 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 12/08/2004 14:08:50 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
13/11/2005 22:58:08 S 2048 C:\WINDOWS\bootstat.dat
01/11/2005 06:22:04 RH 749 C:\WINDOWS\WindowsShell.Manifest
01/11/2005 06:22:22 H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
01/11/2005 06:25:14 HS 67 C:\WINDOWS\FONTS\desktop.ini
01/11/2005 06:22:22 H 65 C:\WINDOWS\Offline Web Pages\desktop.ini
01/11/2005 06:23:46 RHS 727 C:\WINDOWS\pchealth\helpctr\PackageStore\package_1.cab
01/11/2005 06:23:46 RHS 19854 C:\WINDOWS\pchealth\helpctr\PackageStore\package_2.cab
01/11/2005 06:23:46 RHS 244933 C:\WINDOWS\pchealth\helpctr\PackageStore\package_3.cab
01/11/2005 06:27:52 H 225280 C:\WINDOWS\repair\ntuser.dat
01/11/2005 06:22:04 RH 749 C:\WINDOWS\SYSTEM32\cdplayer.exe.manifest
01/11/2005 06:22:20 RH 488 C:\WINDOWS\SYSTEM32\logonui.exe.manifest
01/11/2005 06:22:04 RH 749 C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
01/11/2005 06:22:04 RH 749 C:\WINDOWS\SYSTEM32\nwc.cpl.manifest
01/11/2005 06:22:04 RH 749 C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
01/11/2005 06:22:20 RH 488 C:\WINDOWS\SYSTEM32\WindowsLogon.manifest
01/11/2005 06:22:04 RH 749 C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
13/11/2005 22:57:52 H 8192 C:\WINDOWS\SYSTEM32\config\default.LOG
03/11/2005 14:02:00 H 0 C:\WINDOWS\SYSTEM32\config\SAM.DFG.LOG
13/11/2005 22:58:24 H 1024 C:\WINDOWS\SYSTEM32\config\SAM.LOG
13/11/2005 22:58:16 H 20480 C:\WINDOWS\SYSTEM32\config\SECURITY.LOG
03/11/2005 14:02:00 H 0 C:\WINDOWS\SYSTEM32\config\software.DFG.LOG
13/11/2005 23:05:46 H 102400 C:\WINDOWS\SYSTEM32\config\software.LOG
03/11/2005 14:02:00 H 0 C:\WINDOWS\SYSTEM32\config\system.DFG.LOG
13/11/2005 22:57:06 H 1024 C:\WINDOWS\SYSTEM32\config\system.LOG
31/10/2005 21:59:08 H 1024 C:\WINDOWS\SYSTEM32\config\TempKey.LOG
31/10/2005 21:59:10 H 1024 C:\WINDOWS\SYSTEM32\config\userdiff.LOG
31/10/2005 22:03:42 HS 62 C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\desktop.ini
02/11/2005 06:55:00 S 558 C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
02/11/2005 06:55:00 S 144 C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
31/10/2005 22:03:42 HS 62 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\desktop.ini
01/11/2005 06:37:18 HS 113 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\History\desktop.ini
01/11/2005 06:37:18 HS 113 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini
01/11/2005 06:37:18 HS 67 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini
01/11/2005 06:37:18 HS 67 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
01/11/2005 06:37:18 HS 67 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1PYFCKNZ\desktop.ini
01/11/2005 06:37:18 HS 67 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3THFC66X\desktop.ini
01/11/2005 06:37:18 HS 67 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\A9OFL8XT\desktop.ini
01/11/2005 06:37:18 HS 67 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\TH26YEMO\desktop.ini
01/11/2005 06:22:28 HS 181 C:\WINDOWS\SYSTEM32\config\systemprofile\SendTo\desktop.ini
31/10/2005 22:03:42 HS 62 C:\WINDOWS\SYSTEM32\config\systemprofile\Start Menu\desktop.ini
01/11/2005 06:27:42 HS 148 C:\WINDOWS\SYSTEM32\config\systemprofile\Start Menu\Programs\desktop.ini
01/11/2005 06:27:38 HS 482 C:\WINDOWS\SYSTEM32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini
01/11/2005 06:27:40 HS 348 C:\WINDOWS\SYSTEM32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini
01/11/2005 06:27:40 HS 84 C:\WINDOWS\SYSTEM32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini
01/11/2005 06:27:40 HS 84 C:\WINDOWS\SYSTEM32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
01/11/2005 06:37:42 HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\447ce0e0-cce6-4cfb-b368-755380588a98
01/11/2005 06:37:42 HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
13/11/2005 22:56:52 H 6 C:\WINDOWS\TASKS\SA.DAT

Checking for CPL files...
Microsoft Corporation 12/08/2004 13:55:44 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 12/08/2004 13:55:48 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 12/08/2004 13:55:58 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 12/08/2004 13:56:50 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 12/08/2004 13:57:24 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 12/08/2004 13:57:42 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 12/08/2004 13:58:04 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 12/08/2004 13:58:08 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 12/08/2004 13:58:16 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 12/08/2004 13:58:22 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 27/08/2005 02:14:42 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 12/08/2004 13:59:12 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 12/08/2004 13:59:56 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 12/08/2004 14:01:36 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 12/08/2004 14:02:08 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 12/08/2004 14:02:44 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 12/08/2004 14:02:52 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 12/08/2004 14:03:40 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 12/08/2004 14:06:56 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 12/08/2004 14:07:14 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 12/08/2004 14:07:18 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 12/08/2004 14:10:30 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 12/08/2004 14:10:42 162304 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 12/08/2004 13:55:44 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 12/08/2004 13:55:48 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 12/08/2004 13:56:50 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 12/08/2004 13:57:24 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 12/08/2004 13:57:42 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 12/08/2004 13:58:04 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 12/08/2004 13:58:08 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 12/08/2004 13:58:22 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 12/08/2004 13:59:12 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 12/08/2004 13:59:56 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 12/08/2004 14:01:36 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 12/08/2004 14:02:08 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 12/08/2004 14:02:44 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 12/08/2004 14:02:52 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 12/08/2004 14:03:40 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 12/08/2004 09:04:40 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 12/08/2004 14:06:56 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 12/08/2004 14:07:14 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 12/08/2004 14:07:18 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 12/08/2004 14:10:30 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 12/08/2004 14:10:42 162304 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
01/11/2005 06:27:40 HS 84 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
31/10/2005 22:03:44 HS 62 C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
01/11/2005 06:27:40 HS 84 C:\Documents and Settings\Administrator.BEDROOM\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
31/10/2005 22:03:42 HS 62 C:\Documents and Settings\Administrator.BEDROOM\Application Data\desktop.ini

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Fix-It Menu
{A50302A0-8E15-11d2-887B-006008C1C087} = C:\Program Files\VCOM\SystemSuite\mxctxmnu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\PowerDesk Menu
{26E7F081-EB97-11d3-9239-006008D2D00F} = C:\Program Files\VCOM\PowerDesk\pdshext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Fix-It Menu
{A50302A0-8E15-11d2-887B-006008C1C087} = C:\Program Files\VCOM\SystemSuite\mxctxmnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\PowerDesk Menu
{26E7F081-EB97-11d3-9239-006008D2D00F} = C:\Program Files\VCOM\PowerDesk\pdshext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8B68564D-53FD-4293-B80C-993A9F3988EE} = Wanadoo : C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText = Messenger :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Fix-It AV C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE C:\WINDOWS\system32\CTFMON.EXE

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Washer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item washer
hkey HKCU
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 13/11/2005 23:10:52

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:04 PM

Posted 13 November 2005 - 05:42 AM

Download CleanUp!
  • A window will open and choose SAVE, then DESKTOP as the destination.
  • On your Desktop, click on Cleanup40.exe icon.
  • Then, click RUN and place a checkmark beside "I Agree"
  • Then click NEXT followed by START and OK.
  • A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
  • Click OK
  • Click on the "Cleanup" button and let it run.
  • Once its done, close the program.
Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck.
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful") Posted Image
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

Post a new HJT log and the ewido log at the end! :thumbsup:
David

#5 moony

moony
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 09 December 2005 - 05:05 PM

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 21:57:29, 12/10/2005
+ Report-Checksum: A6A27EF8

+ Scan result:

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
HKU\S-1-5-21-1993962763-1708537768-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-1993962763-1708537768-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-1993962763-1708537768-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
C:\System Volume Information\_restore{4B27A19F-F6EE-498E-AE28-8F7B96253BD9}\RP17\A0027678.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{4B27A19F-F6EE-498E-AE28-8F7B96253BD9}\RP17\A0027679.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{4B27A19F-F6EE-498E-AE28-8F7B96253BD9}\RP17\A0027681.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{4B27A19F-F6EE-498E-AE28-8F7B96253BD9}\RP17\A0027682.EXE -> Spyware.Wesbar : Cleaned with backup
C:\System Volume Information\_restore{4B27A19F-F6EE-498E-AE28-8F7B96253BD9}\RP17\A0027684.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{4B27A19F-F6EE-498E-AE28-8F7B96253BD9}\RP18\A0027692.dll -> Spyware.MyWebSearch : Cleaned with backup


::Report End
Logfile of HijackThis v1.99.1
Scan saved at 22:02:19, on 12/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:04 PM

Posted 09 December 2005 - 05:06 PM

How's the computer running?
David

#7 sUBs

sUBs

    sUBs


  • Malware Response Team
  • 2,489 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 31 December 2005 - 05:00 PM

* * * * * * * * *

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

* * * * * * * * *




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users