Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Startup Problem /preformance Problem


  • This topic is locked This topic is locked
15 replies to this topic

#1 Grimyone

Grimyone

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 03 May 2007 - 03:28 PM

I have one programs called spyware doctor thats not in msconfig for startup yet it starts up and my pc starts up slow i need help on what to keep and what to remove plus my computer has been slow lately i need info on how to speed it up

Logfile of HijackThis v1.99.1
Scan saved at 4:07:03 PM, on 5/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Daniel\LOCALS~1\Temp\Rar$EX00.157\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {81A35F39-4850-474E-92C9-B4CF283207E0} - (no file)
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~3\masalert.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*

BC AdBot (Login to Remove)

 


#2 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:31 AM

Posted 04 May 2007 - 08:23 PM

Hi :thumbsup:

This HijackThis log is truncated. Please post a fresh HijackThis log and I'll be happy to look at it.

#3 Grimyone

Grimyone
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 05 May 2007 - 11:51 AM

Logfile of HijackThis v1.99.1
Scan saved at 12:49:03 PM, on 5/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\ping.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Daniel\LOCALS~1\Temp\Rar$EX00.312\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {81A35F39-4850-474E-92C9-B4CF283207E0} - (no file)
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#4 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:31 AM

Posted 05 May 2007 - 12:15 PM

Hi,

Open HijackThis and go into the Config option when you start HijackThis, and then click on the Misc Tools button at the top. You will then click on the button labeled "Generate StartupList Log". Once you click that button, the program will automatically open up a notepad filled with the Startup items from your computer. Save it to your desktop please.
==============================
Run HJT and click on Open the Misc Tools section.
In the next window, click on Open Uninstall Managerů
In the final window, click on Save list... and save it to your Desktop.
=============================
Next, scan with HijackThis and put a checkmark against the following entries:

O2 - BHO: (no name) - {81A35F39-4850-474E-92C9-B4CF283207E0} - (no file)
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - Global Startup: Logitech SetPoint.lnk = ?


Close all browsers, including this one, and click on "fix checked".
===============================

Restart your computer.
===============================
Post a fresh HijackThis log, StartupList, and the Uninstall list please.

#5 Grimyone

Grimyone
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 06 May 2007 - 12:00 PM

uninstall list

Ad-Aware SE Professional
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9
Adobe Shockwave Player
AIM 6
Apple Software Update
Azureus
CDDRV_Installer
Data Lifeguard Tools
DivX Codec
DivX Content Uploader
DivX Player
DivX Web Player
Download Accelerator Plus (DAP)
EPoX Magic BIOS
EPoX Unified System Diagnostic Manager (USDM)
FileSpecs plug-in for Ad-Aware SE
HexDump plug-in for Ad-Aware SE
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
J2SE Runtime Environment 5.0 Update 11
Java™ SE Runtime Environment 6 Update 1
KhalSetup
LastChaos
Lavasoft VX2 Cleaner
Logitech Desktop Messenger
Logitech SetPoint
LSP Explorer plug-in for Ad-Aware SE
McAfee SecurityCenter
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.3)
NETGEAR WG311v2 802.11g Wireless PCI Adapter
NVIDIA Drivers
Photo Gadget Viewer
QuickTime
Realtek AC'97 Audio
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Spyware Doctor 5.0
System Requirements Lab
TuneUp Utilities 2007
Update for Windows XP (KB894391)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
Viewpoint Media Player
VirtualCloneDrive
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
World of Warcraft



Logfile of HijackThis v1.99.1
Scan saved at 12:55:01 PM, on 5/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\DOCUME~1\Daniel\LOCALS~1\Temp\Rar$EX00.203\HijackThis.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#6 Grimyone

Grimyone
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 06 May 2007 - 12:02 PM

StartupList report, 5/6/2007, 1:00:24 PM
StartupList version: 1.52.2
Started from : C:\DOCUME~1\Daniel\LOCALS~1\Temp\Rar$EX00.093\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16414)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Daniel\LOCALS~1\Temp\Rar$EX00.093\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
nwiz = nwiz.exe /install

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
AWMON = "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
scriptproxy - c:\program files\mcafee\virusscan\scriptcl.dll - {7DB2D5A0-7241-4E79-B68D-6309F01C5231}

--------------------------------------------------

Enumerating Task Scheduler jobs:

1-Click Maintenance.job
AppleSoftwareUpdate.job
McDefragTask.job
McQcTask.job

--------------------------------------------------

Enumerating Download Program Files:

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://download.microsoft.com/download/3/9...heckControl.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
CODEBASE = http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 5,141 bytes
Report generated in 0.062 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#7 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:31 AM

Posted 06 May 2007 - 12:36 PM

Hi,

Can't see any indications of malware.

Please go to Start>Control Panel>Add/Remove Programs and remove this old version of Java:

J2SE Runtime Environment 5.0 Update 11

I notice that you are using Azureus, a p2p file sharing program. I think the nature of P2P filesharing is so that even if one is using a "clean" program, many of the files downloaded from non-documented sources have the potential of being infected. Even if the program you use is not infected itself, it will still bring malware into your system because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. I recommend that you remove it from your system via Add/Remove Programs in Control Panel.

You are also using Download Accelerator - DAP. Be informed that it delivers popup/popunder ads, and tracks your internet usage. You can find safer alternatives here: http://www.spywareinfo.com/downloads.php?cat=dlman#dlman
I suggest you remove that also.


=====================================

Please download:
1. Ccleaner and save it to your desktop.
Tutorial for CCleaner
During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it. Do not scan with it yet.


2. ComboFix

Note: It is important that it is saved directly to your desktop. Don't do anything with it yet.

3. AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

Posted Image
  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

========================================

Reboot your computer in Safe Mode using the F8 method below.
a. If the computer is running, shut down Windows, and then turn off the power.
b. Wait 30 seconds, and then turn the computer on.
c. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
d. Ensure that the Safe Mode option is selected.
e. Press Enter. The computer then begins to start in Safe mode.

=======================================

From Safe Mode run Ccleaner
  • Click on Options,
  • Select Advanced
  • Now UNCHECK "Only delete files in Windows Temp folders older than 48 hours"
  • Make sure the Cleaner block on the left is selected.
  • Do not use the "Issues" block . It's meant for professionals.
  • Choose the Windows tab.
  • Check everything EXCEPT Advanced part of the Menu.
  • Click on "Analyze". This process could take a while.
  • If you don't want to loose your login passwords to certain sites, click on Options
  • Select cookies and move the ones you want to keep to the "cookies to keep" section, by highlighting and using the arrows in the middle.
  • Choose Run Cleaner.
When CCleaner shows how much has been removed, cleaning is finished. Click Exit.
If you have more than one users, run Ccleaner for every user

========================================

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware.
=========================================

Reboot in Normal Mode.

=========================================

Perform an online scan using Internet Explorer with Panda ActiveScan
  • Click on Posted Image located at the bottom of the page.
  • A "pop up" window will appear. Please ensure that your pop up blocker doesn't block it
  • Enter your e-mail address, country, and state & click "Free Online Scan" The download of the 8 MB Panda's ActiveX control will take place
Begin the scan by selecting Posted Image
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on Posted Image then click Posted Image and post back the contents please.
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.

==========================================
  • Close any open browsers.
  • Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
  • Post the ComboFix.txt in your next reply.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


==========================================

You are running HijackThis from a temporary directory. Please Click on HERE to download a self extractable version of hijackthis Posted Image. Double click on hijackthis.exe to extract hijackthis to folder c:\hijackthis. It will extract it to that folder and open the folder for you. It will also create a shortcut on your desktop to hijackthis.

Scan with HijackThis. Save the log and post it here in your reply in this thread.

===========================================

Please post back the results from AVG Anti-Spyware and Panda online scans, the latestComboFix.txt and a fresh HijackThis log.

#8 Grimyone

Grimyone
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 06 May 2007 - 03:51 PM

both spyware scans found nothing here is combo fix log


"Daniel" - 2007-05-06 16:45:31 Service Pack 2
ComboFix 07-05.06.1.V - Running from: "C:\Documents and Settings\Daniel\Desktop\stuff\downloads\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\launcher.exe


((((((((((((((((((((((((((((((( Files Created from 2007-04-06 to 2007-05-06 ))))))))))))))))))))))))))))))))))


2007-05-06 16:37 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-05-06 16:37 <DIR> d-------- C:\WINDOWS\LastGood
2007-05-06 13:55 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-05-05 14:41 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-05-05 14:41 <DIR> d-------- C:\DOCUME~1\Daniel\APPLIC~1\CyberLink
2007-05-05 14:40 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2007-05-05 14:39 <DIR> d-------- C:\Program Files\CyberLink
2007-05-04 19:24 <DIR> d-------- C:\DOCUME~1\Daniel\.housecall6.6
2007-05-03 21:11 <DIR> d-------- C:\Program Files\XemiComputers
2007-05-03 18:18 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-05-03 15:42 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-04-28 23:19 172,894 --a------ C:\WINDOWS\DisturbedScreenSaver.scr
2007-04-28 01:10 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-04-28 01:10 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-04-28 01:10 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-04-28 01:10 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-04-28 01:10 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-04-27 15:26 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-04-26 22:09 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-04-26 22:09 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
2007-04-26 22:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-26 21:48 <DIR> d-------- C:\DOCUME~1\Daniel\APPLIC~1\SlySoft
2007-04-26 21:48 <DIR> d-------- C:\DOCUME~1\Daniel\APPLIC~1\PC Tools
2007-04-26 01:14 <DIR> d-------- C:\DOCUME~1\Daniel\APPLIC~1\SystemRequirementsLab
2007-04-16 15:57 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
2007-04-16 00:32 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-04-11 12:48 7,509,504 --a------ C:\WINDOWS\system32\RTLCPL.EXE
2007-04-11 12:48 67,584 --a------ C:\WINDOWS\SOUNDMAN.EXE
2007-04-11 12:48 626,977 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2007-04-11 12:48 400,384 --a------ C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2007-04-11 12:48 40,448 --------- C:\WINDOWS\system32\ChCfg.exe
2007-04-11 12:48 208,896 --------- C:\WINDOWS\alcupd.exe
2007-04-11 12:48 155,648 --a------ C:\WINDOWS\system32\RTLCPAPI.dll
2007-04-11 12:48 139,264 --------- C:\WINDOWS\alcrmv.exe
2007-04-11 12:48 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2007-04-11 12:48 <DIR> d-------- C:\Program Files\AvRack
2007-04-11 01:38 <DIR> d-------- C:\Program Files\DAP
2007-04-06 05:41 <DIR> d-------- C:\WINDOWS\system32\logs


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-06 20:33:17 -------- d-----w C:\Program Files\Apple Software Update
2007-05-06 02:17:34 -------- d-----w C:\DOCUME~1\Daniel\APPLIC~1.\Azureus
2007-05-05 20:21:33 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-05 18:41:20 -------- d-----w C:\DOCUME~1\Daniel\APPLIC~1.\CyberLink
2007-05-04 10:10:52 -------- d-----w C:\Program Files\AWS
2007-04-27 01:49:38 -------- d-----w C:\DOCUME~1\Daniel\APPLIC~1.\SystemRequirementsLab
2007-04-27 01:48:57 -------- d-----w C:\DOCUME~1\Daniel\APPLIC~1.\SlySoft
2007-04-27 01:48:57 -------- d-----w C:\DOCUME~1\Daniel\APPLIC~1.\PC Tools
2007-04-27 01:24:11 -------- d-----w C:\Program Files\Azureus
2007-04-27 01:17:58 6,553 ----a-w C:\WINDOWS\mozver.dat
2007-04-26 23:15:18 19 ----a-w C:\WINDOWS\popcinfo.dat
2007-04-13 18:19:39 -------- d-----w C:\Program Files\McAfee
2007-04-06 20:53:19 -------- d-----w C:\Program Files\NETGEAR WG311v2 Adapter
2007-04-05 04:20:21 -------- d-----w C:\Program Files\DivX
2007-04-04 00:11:37 -------- d-----w C:\Program Files\AIM6
2007-04-04 00:10:29 -------- d-----w C:\Program Files\Common Files\AOL
2007-04-04 00:04:40 -------- d-----w C:\Program Files\Common Files\McAfee
2007-04-04 00:04:27 -------- d-----w C:\Program Files\McAfee.com
2007-04-03 23:20:51 22,748 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-04-03 21:40:18 -------- d-----w C:\Program Files\Viewpoint
2007-04-03 04:08:07 -------- d-----w C:\DOCUME~1\Daniel\APPLIC~1.\DivX
2007-04-01 12:34:21 86,016 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2007-03-27 07:55:57 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-03-27 07:55:48 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 07:55:32 2,560 ----a-w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-03-27 07:55:32 2,432 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-03-27 07:55:31 36,624 ----a-w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-03-27 07:55:31 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-03-27 07:55:31 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-03-27 07:55:31 116,472 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-03-27 07:55:23 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-03-27 07:55:23 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-03-27 07:49:07 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-03-27 07:49:07 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-03-27 07:49:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 07:49:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 07:49:02 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-03-27 07:49:02 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-03-27 07:48:59 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 07:48:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 07:48:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 07:48:58 639,066 ----a-w C:\WINDOWS\system32\DivX.dll
2007-03-23 10:07:56 1,683,280 ----a-w C:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 10:07:54 583,504 ----a-w C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-23 00:25:02 124,928 ----a-w C:\WINDOWS\system32\prntvpt.dll
2007-03-20 21:06:46 -------- d-----w C:\Program Files\EPOX
2007-03-20 14:49:52 18,432 ----a-w C:\WINDOWS\system32\drivers\Alpham2.sys
2007-03-20 14:49:48 42,240 ----a-w C:\WINDOWS\system32\drivers\Alpham1.sys
2007-03-19 22:28:45 -------- d-----w C:\DOCUME~1\Daniel\APPLIC~1.\acccore
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-03 01:52:08 1 ----a-w C:\WINDOWS\system32\wab.dat
2007-03-03 01:52:08 1 ----a-w C:\WINDOWS\system32\ps.dat
2007-03-03 01:52:08 1 ----a-w C:\WINDOWS\system32\cookie.dat
2007-02-24 16:33:14 249,856 ----a-w C:\WINDOWS\Setup1.exe
2007-02-24 16:33:13 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-02-23 21:06:23 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2007-02-23 20:33:14 4,212 ---ha-w C:\WINDOWS\system32\zllictbl.dat
2007-02-16 01:40:35 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-02-14 03:39:26 127,034 ----a-r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-02-13 23:32:20 118,784 ----a-r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"="c:\program files\mcafee\virusscan\scriptcl.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"nwiz"="nwiz.exe /install"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AWMON"="\"C:\\PROGRA~1\\Lavasoft\\AD-AWA~1\\Ad-Watch.exe\""
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"DelayShred"="\"C:\\Program Files\\McAfee.com\\Shredder\\SHRED32.EXE\" /q C:\\DOCUME~1\\Daniel\\LOCALS~1\\TEMPOR~1\\Content.IE5\\COL4WJP0\\NONVOI~1.SH! C:\\DOCUME~1\\Daniel\\LOCALS~1\\TEMPOR~1\\Content.IE5\\H5AL1F3X\\AIM_UA~2.SH! C:\\DOCUME~1\\Daniel\\LOCALS~1\\TEMPOR~1\\Content.IE5\\H5AL1F3X\\OPTN_6~1.SH! C:\\DOCUME~1\\Daniel\\LOCALS~1\\TEMPOR~1\\Content.IE5\\H5AL1F3X\\NONVOI~1.SH! C:\\DOCUME~1\\Daniel\\LOCALS~1\\TEMPOR~1\\Content.IE5\\YC7Q0POW\\AIM_UA~1.SH! C:\\DOCUME~1\\Daniel\\LOCALS~1\\TEMPOR~1\\Content.IE5\\H5AL1F3X\\UPDATE~1.SH! C:\\DOCUME~1\\Daniel\\LOCALS~1\\TEMPOR~1\\Content.IE5\\Q01RCFOS\\AIM_UA~2.SH! C:\\DOCUME~1\\Daniel\\LOCALS~1\\TEMPOR~1\\Content.IE5\\COL4WJP0\\IFRAME~2.SH! C:\\DOCUME~1\\Daniel\\LOCALS~1\\TEMPOR~1\\Content.IE5\\YC7Q0POW\\ADS9_1~1.SH! C:\\DOCUME~1\\Daniel\\LOCALS~1\\TEMPOR~1\\Content.IE5\\YC7Q0POW\\ADS_2_~1.SH! C:\\DOCUME~1\\Daniel\\LOCALS~1\\TEMPOR~1\\Content.IE5\\H5AL1F3X\\WELCOM~1.SH! C:\\DOCUME~1\\Daniel\\LOCALS~1\\TEMPOR~1\\Content.IE5\\Q01RCFOS\\ADS9_4~1.SH! C:\\DOCUME~1\


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdAuxService"=dword:00000002
"sdCoreService"=dword:00000002

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"DownloadAccelerator"="\"C:\\Program Files\\DAP\\DAP.EXE\" /STARTUP"
"EPoXUSDM"="\"C:\\Program Files\\EPOX\\USDM\\USDM.EXE\" \"5000\""
"nwiz"="nwiz.exe /install"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
WudfServiceGroup WUDFSvc\0\0

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp




[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bbf45c2-2baa-11db-929e-806d6172696f}]
Shell\AutoRun\command D:\Launcher.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-06 16:46:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-06 16:46:59
C:\ComboFix-quarantined-files.txt ... 2007-05-06 16:46

#9 Grimyone

Grimyone
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 06 May 2007 - 03:53 PM

Logfile of HijackThis v1.99.1
Scan saved at 4:48:54 PM, on 5/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\DOCUME~1\Daniel\LOCALS~1\Temp\Rar$EX00.234\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

#10 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:31 AM

Posted 06 May 2007 - 05:46 PM

Hi,

both spyware scans found nothing


That's good, but I would like to see the reports, because I see a file that should have been removed by AVG Anti Spyware, yet it's still there.

Looks like you want to keep DAP.

I have one programs called spyware doctor thats not in msconfig for startup yet it starts up and my pc starts up slow i need help on what to keep and what to remove plus my computer has been slow lately i need info on how to speed it up


If you want to remove Spyware Doctor, go to Start>Control Panel>Add/Remove Programs and remove it. If you want to disable it, this is how:
  • Click the Spyware Doctor icon in the System Tray.
  • Click Settings.
  • Click Startup Settings under Pick a Category.
  • Uncheck Run at Windows startup.
  • Click Apply and Exit Spyware Doctor

A colleague of ours has excellent information and tips on the prevention of malware here and more on improving speed/system performance after malware removal here .

Please post back the reports from AVG Anti Spyware and Panda. Thanks.

#11 Grimyone

Grimyone
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 06 May 2007 - 06:50 PM

yeah im keeping DAP i dont use internet explorer only on very rare ocasion that the website relaly needs to use it i use Firefox its much better and the AVG antispyware log didnt really show any files and spyware doctor shows that ad-watch form lava soft is a trojan downloader is that true or does spyware doctor ust wnt to be my main spyware program i dont wnt it to be it uses too much memory and thx for telling me how to make spyware doctor not start up anymore after every time i open it and now im computer is right now i have firefox windows live messenger ,Aim and im listening to music only using 486mb of ram thanks for you help

and wat file do u see that should be found by AVG as spyware i have lavasoft adaware se pro and spyware doctor neither have found anything

Edited by Grimyone, 06 May 2007 - 06:51 PM.


#12 Grimyone

Grimyone
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 06 May 2007 - 06:55 PM

my other topic post about help with msconfig no one repyed to help me does anyone know how or wat and can u delete it if u can help me with it

#13 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:31 AM

Posted 06 May 2007 - 08:52 PM

and wat file do u see that should be found by AVG as spyware i have lavasoft adaware se pro and spyware doctor neither have found anything


I don't see it anymore. I must have been looking at something else.

my other topic post about help with msconfig no one repyed to help me does anyone know how or wat and can u delete it if u can help me with it


Here is a little tool that may help you in deciding what to keep and what to disable.

Download Startup Inspector from here
This program will help you to decide exactly what programs you disable from running at startup.
The Readme.txt file included has instructions on how to use it.

#14 Grimyone

Grimyone
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 07 May 2007 - 10:27 PM

since im getting no help with msconfig ill check back wenever i get time till then thx for help

#15 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:31 AM

Posted 08 May 2007 - 06:27 AM

since im getting no help with mscnfig ill check back wenever i get time till then thx for help



I am not sure what you mean by that. Can you explain it further. Msconfic is a Microsoft utility mostly used for stopping some applications from loading at start up. The tool I suggested to you will make that easier for you.

Edited by amateur, 08 May 2007 - 07:32 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users