|
|
|
pc worse after removing trojen and malwar
|
|
|
bellyn
Newbie
|
14. February 2008 @ 21:36 |
Link to this message
|
Hello,
I was hoping someone could help me somehow! I am fairly PC illiterate and with 2 young boys I don't have the time to learn much.
It all started yesterday when I received a message from Symantec telling me my PCs integrity has been violated (my subscription to Norton run out several months ago so I have not been receiving new updates).
I then downloaded Antivir, spybot - seek and destroy and panda.
I also removed Norton and replaced it with a trial version of "The Shield Deluxe 2008".
All these programmes found several Trojan viruses, worms and a lot of malware, spyware (Backdoor.Win32.IRCBot.dd, blumblebee,webdir,comet,). I removed them as per the programmes advise only now my PC is running so painfully slow it literally freezes constantly? Antivir alerts me to several probs with my registry and files it cannot open, but I am to worried to attempt to fix these.
I am working in the dark and finding it very hard.
Any advice would be immensly appreciated, thank's
Belinda
|
|
Advertisement
|
|
|
|
|
bellyn
Newbie
|
14. February 2008 @ 21:42 |
Link to this message
|
|
I forgot to add, I can supply any info if needed. (depending on what it is, I may need help on how)
Thanks, Belinda
|
Senior Member
|
14. February 2008 @ 21:56 |
Link to this message
|
This message has been edited since posting. Last time this message was edited on 14. February 2008 @ 21:58
|
|
bellyn
Newbie
|
14. February 2008 @ 21:59 |
Link to this message
|
Hi, thank you for the responding, I think this is it.
Logfile of HijackThis v1.99.1
Scan saved at 12:54:55 PM, on 15/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Media Manager\Viiv\MediaManager.Service.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\SCROLL~1\MouseElf.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVP] "C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AntiVirusProMFC] C:\Program Files\Antivirus Pro\Antivirus Pro.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Dora Fairytale Adventures Registration.lnk = D:\ATR1.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\scieplugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/2006...ex/qtplugin.cab
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resourc...lscbase4009.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: The Shield Deluxe 2008 (AVP) - Unknown owner - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe" -r (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: MediaManagerService - Unknown owner - C:\Program Files\Media Manager\Viiv\MediaManager.Service.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Thank you.
|
Senior Member
|
14. February 2008 @ 22:08 |
Link to this message
|
|
Yes, that is the correct program. But, an old outdated version. It's important I have the newest version. Delete your old version of HJK. Download the newest version from the download.com link I sent you. Post a new log.
|
|
bellyn
Newbie
|
14. February 2008 @ 22:15 |
Link to this message
|
Hi, this is the log from the new link,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:13:30 PM, on 15/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Media Manager\Viiv\MediaManager.Service.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\SCROLL~1\MouseElf.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVP] "C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AntiVirusProMFC] C:\Program Files\Antivirus Pro\Antivirus Pro.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dora Fairytale Adventures Registration.lnk = D:\ATR1.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\scieplugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/2006...ex/qtplugin.cab
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resourc...lscbase4009.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: The Shield Deluxe 2008 (AVP) - PCSecurityShield - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: MediaManagerService - Unknown owner - C:\Program Files\Media Manager\Viiv\MediaManager.Service.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 10286 bytes
|
Senior Member
|
14. February 2008 @ 22:25 |
Link to this message
|
|
OK, great! Please, remove one of your two Anti-Virus programs by going to add/remove programs and deleting. Keep your favorite one for now. You can not have two, causes problems. I'm be back shortly.
EDIT: Do you know this program?
O4 - HKCU\..\Run: [AntiVirusProMFC] C:\Program Files\Antivirus Pro\Antivirus Pro.exe
This message has been edited since posting. Last time this message was edited on 14. February 2008 @ 22:36
|
|
bellyn
Newbie
|
14. February 2008 @ 22:39 |
Link to this message
|
Hi, I have removed Anivir and I have spybot and the shield deluxe, can I have them both or should I remove spybot?
It takes me a while to do anything on my pc, so sorry for the delay, infact after i removed Antivir, I was prompted to shut down my pc, it seems to be working a little faster since??
Thank's, Belinda
|
|
bellyn
Newbie
|
14. February 2008 @ 22:46 |
Link to this message
|
|
Hi,
No, I don't know that programme? Do you think my pc has problems? Thank's for your help!
Belinda.
|
Senior Member
|
14. February 2008 @ 22:53 |
Link to this message
|
Yes, I think the entry is a backdoor trojan. Not to worry, we'll get rid of it soon.
Do you know how to search your hard drive?
Get rid of shield deluxe. We will download something else.
Is the teatimer running in Sypbot? That's the small window that keeps poping up over by your clock saying are you sure you want to make changes to the registry, or something like that. Don't remember the exact words.
Download CCleaner. http://www.majorgeeks.com/download4191.html
I'll explain how to use this in a few.
Let me know once you have downloaded it.
EDIT: Download this free antivirus. http://www.download.com/AVG-Anti-Virus-F...4-10320142.html Run a full system scan. If it finds anything, quarantine the results, then delete all. Write down want it finds and let me know. Don't worry about cookies, just things like trojans.
This message has been edited since posting. Last time this message was edited on 14. February 2008 @ 23:09
|
|
bellyn
Newbie
|
14. February 2008 @ 23:11 |
Link to this message
|
Hi, I am having trouble removing The Shield Deluxe, it is giving me an error message: error 1921.service the shield dexule 2008 could not be stopped. Verify that you have sufficient privilages to stop the system services?
I will do a search and try and see if I can fix this, then I will download ccleaner, yes the teatimer in spybot is working, it has given me the registry messages today.
Thank you again for the help.
Belinda
|
Member
|
14. February 2008 @ 23:16 |
Link to this message
|
Good idea to use ccleaner. My friend just had a zlob trojan and the registry cleaner sped the computer up enough to fix the problem. Good luck Quickdraw.
|
Senior Member
|
14. February 2008 @ 23:16 |
Link to this message
|
What steps are you talking to remove shield deluxe? Are you doing this from add/ remove programs? Note: If this program has an icon by the system clock. R/click and shut it down. Then try once again to remove the program.
We will turn off the tea timer it is a resourse hog! And you will not need it once we are though installing other programs.
Disable Spybot's TeaTimer. This is a two step process.
First:
- Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
- Choose Exit Spybot S&D Resident
Second:
- Open Spybot S&D
- Click Mode, check Advanced Mode
- Go To Left Panel, Click Tools, then also in left panel, click Resident
- If your firewall raises a question, say OK
- Uncheck the box labeled Resident Tea-Timer and OK any prompts.
- Use File, Exit to terminate Spybot
- Reboot your machine for the changes to take effect.
This message has been edited since posting. Last time this message was edited on 14. February 2008 @ 23:41
|
|
bellyn
Newbie
|
14. February 2008 @ 23:47 |
Link to this message
|
Hi, I have removed the shield, I had to disable it first. I have turned of teatimer and installed AVG I am still waiting for the scan to finish, then I will reboot and install ccleaner and post the resualts of AVG, I'm getting there, sorry about the delay,
Thank you, Belinda.
|
Senior Member
|
14. February 2008 @ 23:48 |
Link to this message
|
Originally posted by club42:
Good idea to use ccleaner. My friend just had a zlob trojan and the registry cleaner sped the computer up enough to fix the problem. Good luck Quickdraw.
Hello Club42! Yes, Crap Cleaner is certainly a good registry cleaner, very easy to use. Best of all it's Free! Should be ran once per week.
|
Senior Member
|
14. February 2008 @ 23:54 |
Link to this message
|
Hey, your doing just great! Let me know when you get tired and we can continue later. Always shut down a program before trying to uninstall. This is why you got the earlier error message. This can be done in Task Manager. So how do you like AVG Anti-virus? Download Ad-aware 2007. http://www.download.com/Ad-Aware-2007/3000-8022_4-10045910.html We will be using this later. Do you know how to use Disc Cleanup and Disc Defragmenter?
This message has been edited since posting. Last time this message was edited on 15. February 2008 @ 00:14
|
Senior Member
|
15. February 2008 @ 00:33 |
Link to this message
|
How to use CCleaner:
No one likes a slow computer, especially when a PC feels sluggish performing regular activities such as Web surfing, opening programs, or even starting up. If your system seems as if it's swimming through molasses, don't buy a new computer just yet.
The main reason for overall system sluggishness is spyware. It's that simple. The second-biggest culprit is a lack of routine maintenance. Unused programs, old cache and temp files, and extraneous Registry entries will clog your system over time.
CCleaner (short for "Crap Cleaner") knows exactly where to find the files that slow down your computer. Get a quick understanding of CCleaner's features, and learn how to properly maintain your system to keep your computer quick and nimble.
Step 1: Focus your efforts
For a deep cleaning of your PC, you'll want to get into the nooks and crannies of your system. Using the Cleaner window (the default window when you launch CCleaner), you'll notice several checked boxes that indicate which areas of your computer will be cleaned. Most of the boxes are checked by default, so pay close attention if you only want to scrub certain areas. Tabs at the top offer the ability to clean Windows areas and other applications. Switching between the two tabs allows you to make your choices for a customized cleaning.
When you're done with your settings, click the Analyze button on the lower left to see which items will be cleaned. You'll see every file CCleaner will delete and also exactly how much memory will be returned to your system after the cleaning.
Note: It pays to peruse this list before hitting the Run Cleaner button to make sure you're not deleting something important. When you're ready, hit Run Cleaner and watch CCleaner go to work.
Step 2: Out with the old
The next step in our spring-cleaning protocol is akin to sorting through and cleaning out those old boxes in the garage. Click the Issues button on the left side of the interface to bring up another set of checked boxes. This set of tasks does everything from eliminating unused file extensions to trashing obsolete software. Uncheck the boxes you don't want to scan and click the Scan for Issues button. At the end of the scan you'll be given the option to click the Fix Selected Issues button.
Note: We highly recommend you save your current Registry configuration at the prompt in case of a malfunction later. An additional window will ask if you wish to delete specific items. If you know of a specific item in the list that is not a problem, simply tell CCleaner not to fix it. Remember, if you save your configuration beforehand a mistake here is easily reversible.
Step 3: Uninstall and Startup manager
Windows comes with its own Add or Remove Programs utility, but it's often slow to load and not the easiest Control Panel item to configure. CCleaner quickly lists all of your active programs, and lets you highlight and uninstall software you no longer want. This part of the program utilizes tools already included in Windows, but the convenience and speed for quick uninstallations is tough to beat.
To manage your start-up programs, click the Startup button under the Uninstall button in the upper left of the interface. You'll see a list of active start-up items that launch when you boot up your system. Be very careful here: some items are not immediately identifiable and you wouldn't want to shut down your firewall, antivirus program, or any other important program.
Once you've run through the entire cleaning process, don't be surprised if your computer runs a bit faster. Depending on the capacity of your hard drive, you'll also free up a shocking amount of space if you haven't run a program like CCleaner recently.
|
|
bellyn
Newbie
|
15. February 2008 @ 00:37 |
Link to this message
|
Hi, the AVG scan is finished and no threats where found, I have downloaded ccleaner, I will re-boot now.
AVG looks great, much better thank the others I installed and it displays information good for a novice like me. I like it!
I really do appreciate the your help and the time involved, thanks again.
Belinda.
|
Senior Member
|
15. February 2008 @ 00:42 |
Link to this message
|
Read through all my posts, make sure you have read everything. Please, address all my questions, they are important and will help me help you fix your computer faster. Go ahead and finish the other downloads. I've also provided instructions for using CCleaner. For now just use the first two steps. We can discuss the other stuff later. We will need to configure your startup programs, you have too many running at the same time. This slows your system down during startup and uses up memory needed for other applications. Here's another free Anti-spyware program to download. http://www.superantispyware.com/download.html Run a complete scan with it later. Let me know the results. Note: Important! Always make sure you first update any anti-virus or anti-spyware program before running them!
This message has been edited since posting. Last time this message was edited on 15. February 2008 @ 01:01
|
|
bellyn
Newbie
|
15. February 2008 @ 03:45 |
Link to this message
|
|
I have followed all the steps with ccleaer, I have downloaded superantispyware and performed a scan, it is at 19min and so far has found 2 adware cookies , I have downloaded adaware also.
I hope I havn't left it to long,
Thank's Belinda.
|
|
bellyn
Newbie
|
15. February 2008 @ 03:58 |
Link to this message
|
Hi,
Super antispyware scan is finished it found 2 adware cookies, one I recognise as one of my ISP's cookies, the other is in documents and settings.oem.cookies/oem@atdmt(2).txt.
Thank's Belinda
|
Senior Member
|
15. February 2008 @ 04:19 |
Link to this message
|
I assume by now you have completely cleaned your registry using CCleaner. Did it find a lot of old files? I forgot to tell you earlier to run the registry cleaner a few times to make sure all the crap is cleaned out. Keep the three anti-spyware tools, those are the best free programs out there. OK, time to install a Firewall. You have two choices, the first is Zonealarm http://www.download.com/ZoneAlarm-Firewa...4-10039884.html The second is Comodo http://www.download.com/Comodo-Firewall-...4-10460704.html Take your pick. I'd try both, see which one you like. But, make sure you only run one at a time. After using the first firewall, disable it before downloading and activating the other. If you don't like the second one, just delete it and re-activate the first one. Since all your malware scans are comming up negative. Time to stop scanning, the system appears to be clean. I'll show you later how to run Spybot and Ad-aware in safe mode. I would like you to check the file which was in question. (Navigate to this file) O4 - HKCU\..\Run: [AntiVirusProMFC] C:\Program Files\Antivirus Pro\Antivirus Pro.exe If you find it there delete it. Important! If you don't find it, let me know. A couple of questions I asked earlier which you did not address. What brand and model computer do you have? Do you know how to use Disc Cleanup and Disc Defragmenter? Here's another Anti-spyware you should install. Download Windows Defender. http://www.microsoft.com/downloads/detai...&displaylang=en Go here and make sure your operating system is fully updated. http://www.update.microsoft.com/microsof...t.aspx?ln=en-us
This message has been edited since posting. Last time this message was edited on 15. February 2008 @ 14:16
|
|
bellyn
Newbie
|
15. February 2008 @ 22:58 |
Link to this message
|
Hi, sorry, I will answer all questions,
I have used disk defragmenter before, I just let it do it's thing (I didn't do anything custom). I have never used disk clean up.
I am using ms windows xp version 2002, service pack 2 (oem) Intel Pentium dual 3.20ghz - 3.20ghz, 896 mb of ram. I connect to the Internet via broad ban cable. I still have a lot of memory left.
I have windows defender, I downloaded it yesterday when all my probs began.
I used ccleaner thoroughly, but I had trouble afterwards, I could not access the website, ninemsn.com a popular news site, I saved my current registry when prompted and reversed it (does this mean that all the cleaning process has been reversed?).
I have looked through ccleaner and done searches and can't find how to eliminate ninemsn, so it won't be affected? I will keep looking! Yes, it found lot's of old files, it also found a lot of things left behind from uninstalling programmes, (sorry I'm not very good with terms.) I will keep trying to find a way to eliminate ninemsn, then I will perform the clean again several times.
I installed comodo yesterday, today I downloaded zone alarm, which I prefer, I think it's really good. I removed comodo and turned of windows firewall.
I searched my pc for the file you mentioned and couldn't find it, I hope that is what you meant? Could you tell me what you mean by navigate, does that just mean a file search?
I went to the ms update site, it wants to update my pc with:
Microsoft .NET Framework 3.0 Service Pack 1 (KB929300)
Microsoft .NET Framework 2.0 Service Pack 1 (KB110806)
Is this o.k? I have service pack 2.
I know how to search my harddrive through "my computer" and click on 'hard disk drives" and then "local disk (c:)".
Thank you for your help, I feel far more comfortable with my pc now, the speed is a little better, and I have not performed all of your recommendations yet. (I have to work out ccleaner)
I have noticed a lot of people post the results of the hijack this log when asking for help. How do you know what is in the log? Is there a site or article I can read to learn?
I hope I have answered everything, I am looking after my kids, so I will let you know if I have to take a break, rather than just disappearing.
Thanks Belinda.
|
Senior Member
|
15. February 2008 @ 23:02 |
Link to this message
|
Go to the ms update site, and install both Framework updates. Run another scan to see if there is any other updates.
All I can say about CCleaner, is you'll have to figure out which file not to remove from the list. I've never used ninemsn. You could first try eliminating the obvious. Then start removing 3 files at a time until you find which one affects the ninemsn. Restore the backup. Not sure but there my be an option to have the program over look this file in future scans. We can look into that later once you've located the correct file to keep.
Follow this path: Start\All Programs\Accessories\System tools\Disc cleanup. Open disc cleanup and place a tick next to the first two, and the third and forth entries in the list. Skipping the third entry. Click OK and yes to start the scan. I use both disc cleanup and disc defragmenter at least once per week. You might think about putting a short cut on the desktop for both programs. Makes it a lot easier to access.
To seach your HDD. Start\My Computer\Search\All files and folders\All or part of the file name. type in the file your looking for. Note: this will take a practice understand what to remove. I can teach you this some other time when we are not fixing your computer.
I think Zonalarm would be my choice, too. Hey, try doing a HDD search for Comodo. Using the method I just showed you above. Let me know what comes up.
There's the website you asked about. http://www.hijackthis.de/ Copy and paste your HJK log into it. Google each result in question. And the more you use it the better you'll get.
Use CCleaner and Disc Defragmenter at least once per week. This will help you keep your PC running good.
Have you ever used msconfig?
What home page opens when click on Internet Explorer? Do you know how to change your Internet home page?
This message has been edited since posting. Last time this message was edited on 16. February 2008 @ 00:16
|
|
Advertisement
|
|
|
|
bellyn
Newbie
|
16. February 2008 @ 02:52 |
Link to this message
|
Hi, I have updated at the ms site, and completed the disk cleanup, I haven't put a shortcut yet but will.
I searched for the files, this is what came up:
comodo - in: c/program files - type: file folder
antivirus pro - in: c/windows - type: file folder
I deleted antivirus pro should I delete comodo?
I run ccleaner and unchecked, adobe acrobat 7.0, adobe flash player, quick time player and zone alarm logs which I thought I should keep at the moment? Adobe and quick time you need to view pictures on the web? Should I uncheck remote desktop? I haven't worked out what to eliminate in the registry but am still trying.
I will use ccleaner regularly thanks for the advise.
My home page is bigpond.net.au, it is my isp home page. Yes I can change it.
I can't be at my pc constantly at the moment so maybe it would be better if I can come back same time tomorrow (or when you have time), so I don't leave my responses way to long.
I will definitely look at the website and learn about the logs.
By tomorrow I will have finished all, I will work out ccleaner tonight if it kills me.
Thanks again, Belinda
|
|
