1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer runs real slow, i know somethings wrong but cant figure it out, help please.

Discussion in 'Virus & Other Malware Removal' started by Crammit, Dec 3, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. Crammit

    Crammit Thread Starter

    Joined:
    Dec 2, 2007
    Messages:
    108
    please walk me through figuring out the problem, i know my computer should run faster than it does, i cant seem to get it going good again, usually i can figure it out, but this time aorund some help would be nice, thanks in advance
     
  2. Sponsor

  3. Crammit

    Crammit Thread Starter

    Joined:
    Dec 2, 2007
    Messages:
    108
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 08:09:49 AM, on 2009-12-03
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 81.169.128.183:3128
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\CAMERO~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148865810437
    O16 - DPF: {90070880-E4D2-4D1C-AF7E-8FEB5EAB3E96} (ATMD Installer) - https://dl001.atmdirect.com/ATMD/ATMDInstaller.cab
    O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
    O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.solidstatenetworks.com/demos/plugintest/solidstateion.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
    O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

    --
    End of file - 7331 bytes
     
  4. Crammit

    Crammit Thread Starter

    Joined:
    Dec 2, 2007
    Messages:
    108
    Avira AntiVir Personal
    Report file date: 2009-12-03 08:18

    Scanning for 1411743 virus strains and unwanted programs.

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : DGDD2281

    Version information:
    BUILD.DAT : 9.0.0.415 21609 Bytes 2009-11-08 10:00:00
    AVSCAN.EXE : 9.0.3.10 466689 Bytes 2009-11-20 21:43:46
    AVSCAN.DLL : 9.0.3.0 40705 Bytes 2009-02-27 15:58:24
    LUKE.DLL : 9.0.3.2 209665 Bytes 2009-02-20 16:35:49
    LUKERES.DLL : 9.0.2.0 12033 Bytes 2009-02-27 15:58:52
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 2009-11-06 21:43:38
    VBASE001.VDF : 7.10.1.0 1372672 Bytes 2009-11-19 21:43:40
    VBASE002.VDF : 7.10.1.1 2048 Bytes 2009-11-19 21:43:40
    VBASE003.VDF : 7.10.1.2 2048 Bytes 2009-11-19 21:43:40
    VBASE004.VDF : 7.10.1.3 2048 Bytes 2009-11-19 21:43:40
    VBASE005.VDF : 7.10.1.4 2048 Bytes 2009-11-19 21:43:40
    VBASE006.VDF : 7.10.1.5 2048 Bytes 2009-11-19 21:43:41
    VBASE007.VDF : 7.10.1.6 2048 Bytes 2009-11-19 21:43:41
    VBASE008.VDF : 7.10.1.7 2048 Bytes 2009-11-19 21:43:41
    VBASE009.VDF : 7.10.1.8 2048 Bytes 2009-11-19 21:43:41
    VBASE010.VDF : 7.10.1.9 2048 Bytes 2009-11-19 21:43:41
    VBASE011.VDF : 7.10.1.10 2048 Bytes 2009-11-19 21:43:41
    VBASE012.VDF : 7.10.1.11 2048 Bytes 2009-11-19 21:43:41
    VBASE013.VDF : 7.10.1.79 209920 Bytes 2009-11-25 21:17:12
    VBASE014.VDF : 7.10.1.128 197632 Bytes 2009-11-30 15:25:26
    VBASE015.VDF : 7.10.1.129 2048 Bytes 2009-11-30 15:25:27
    VBASE016.VDF : 7.10.1.130 2048 Bytes 2009-11-30 15:25:27
    VBASE017.VDF : 7.10.1.131 2048 Bytes 2009-11-30 15:25:27
    VBASE018.VDF : 7.10.1.132 2048 Bytes 2009-11-30 15:25:27
    VBASE019.VDF : 7.10.1.133 2048 Bytes 2009-11-30 15:25:27
    VBASE020.VDF : 7.10.1.134 2048 Bytes 2009-11-30 15:25:27
    VBASE021.VDF : 7.10.1.135 2048 Bytes 2009-11-30 15:25:27
    VBASE022.VDF : 7.10.1.136 2048 Bytes 2009-11-30 15:25:27
    VBASE023.VDF : 7.10.1.137 2048 Bytes 2009-11-30 15:25:27
    VBASE024.VDF : 7.10.1.138 2048 Bytes 2009-11-30 15:25:27
    VBASE025.VDF : 7.10.1.139 2048 Bytes 2009-11-30 15:25:27
    VBASE026.VDF : 7.10.1.140 2048 Bytes 2009-11-30 15:25:27
    VBASE027.VDF : 7.10.1.141 2048 Bytes 2009-11-30 15:25:27
    VBASE028.VDF : 7.10.1.142 2048 Bytes 2009-11-30 15:25:27
    VBASE029.VDF : 7.10.1.143 2048 Bytes 2009-11-30 15:25:27
    VBASE030.VDF : 7.10.1.144 2048 Bytes 2009-11-30 15:25:27
    VBASE031.VDF : 7.10.1.158 69120 Bytes 2009-12-02 15:25:59
    Engineversion : 8.2.1.92
    AEVDF.DLL : 8.1.1.2 106867 Bytes 2009-10-17 23:23:29
    AESCRIPT.DLL : 8.1.2.45 586108 Bytes 2009-11-18 03:18:50
    AESCN.DLL : 8.1.2.5 127346 Bytes 2009-10-17 23:23:29
    AESBX.DLL : 8.1.1.1 246132 Bytes 2009-11-20 21:43:45
    AERDL.DLL : 8.1.3.4 479605 Bytes 2009-12-01 15:25:28
    AEPACK.DLL : 8.2.0.3 422261 Bytes 2009-11-08 16:59:23
    AEOFFICE.DLL : 8.1.0.38 196987 Bytes 2009-06-18 14:13:06
    AEHEUR.DLL : 8.1.0.184 2146681 Bytes 2009-12-01 15:25:28
    AEHELP.DLL : 8.1.7.5 237942 Bytes 2009-11-25 21:17:13
    AEGEN.DLL : 8.1.1.78 364917 Bytes 2009-11-25 21:17:13
    AEEMU.DLL : 8.1.1.0 393587 Bytes 2009-10-17 23:23:28
    AECORE.DLL : 8.1.8.5 180598 Bytes 2009-12-02 15:25:59
    AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-09 19:32:40
    AVWINLL.DLL : 9.0.0.3 18177 Bytes 2008-12-12 13:47:59
    AVPREF.DLL : 9.0.3.0 44289 Bytes 2009-10-17 23:23:29
    AVREP.DLL : 8.0.0.3 155905 Bytes 2009-01-20 19:34:28
    AVREG.DLL : 9.0.0.0 36609 Bytes 2008-12-05 15:32:09
    AVARKT.DLL : 9.0.0.3 292609 Bytes 2009-04-27 22:13:03
    AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 2009-01-30 15:37:08
    SQLITE3.DLL : 3.6.1.0 326401 Bytes 2009-01-28 20:03:49
    SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2009-02-02 13:21:33
    NETNT.DLL : 9.0.0.0 11521 Bytes 2008-12-05 15:32:10
    RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 2009-06-10 07:09:41
    RCTEXT.DLL : 9.0.73.0 86785 Bytes 2009-11-20 21:43:28

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:,
    Process scan........................: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium
    Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

    Start of the scan: 2009-12-03 08:18

    Starting search for hidden objects.
    '64318' objects were checked, '0' hidden objects were found.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'devldr32.exe' - '1' Module(s) have been scanned
    Scan process 'AAWTray.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'UNSECAPP.EXE' - '1' Module(s) have been scanned
    Scan process 'nmsrvc.exe' - '1' Module(s) have been scanned
    Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
    Scan process 'jqs.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
    Scan process 'AAWService.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    34 processes with 34 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan executable files (registry).
    The registry was scanned ( '55' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    [NOTE] This file is a Windows system file.
    [NOTE] This file cannot be opened for scanning.
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    [NOTE] This file is a Windows system file.
    [NOTE] This file cannot be opened for scanning.
    C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\SYSTEM32\DRIVERS\sptd1357.sys
    [WARNING] The file could not be opened!


    End of the scan: 2009-12-03 09:33
    Used time: 1:15:15 Hour(s)

    The scan has been done completely.

    8812 Scanned directories
    321177 Files were scanned
    0 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    4 Files cannot be scanned
    321173 Files not concerned
    3628 Archives were scanned
    4 Warnings
    2 Notes
    64318 Objects were scanned with rootkit scan
    0 Hidden objects were found
     
  5. Crammit

    Crammit Thread Starter

    Joined:
    Dec 2, 2007
    Messages:
    108
    Logfile created: 2009-12-03 12:28:18
    Lavasoft Ad-Aware version: 8.1.0
    User performing scan: Admin

    *********************** Definitions database information ***********************
    Lavasoft definition file: 149.93
    Genotype definition file version: 2009/11/16 08:39:50

    ******************************** Scan results: *********************************
    Scan profile name: Full Scan (ID: full)
    Objects scanned: 137382
    Objects detected: 42


    Type Detected
    ==========================
    Processes.......: 0
    Registry entries: 0
    Hostfile entries: 0
    Files...........: 0
    Folders.........: 0
    LSPs............: 0
    Cookies.........: 42
    Browser hijacks.: 0
    MRU objects.....: 0



    Removed items:
    Description: *real* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408817 Family ID: 0
    Description: *247realmedia* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408945 Family ID: 0
    Description: *realmedia* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409139 Family ID: 0
    Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0
    Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0
    Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
    Description: *advertis* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408918 Family ID: 0
    Description: *advertising* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409017 Family ID: 0
    Description: *.bridgetrack* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409095 Family ID: 0
    Description: *pointroll* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408826 Family ID: 0
    Description: *ads.pointroll* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408927 Family ID: 0
    Description: *pointroll* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408826 Family ID: 0
    Description: *ads.pointroll* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408927 Family ID: 0
    Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0
    Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0
    Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0
    Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0
    Description: *adultfriendfinder* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409164 Family ID: 0
    Description: *advertis* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408918 Family ID: 0
    Description: *advertising* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409017 Family ID: 0
    Description: *apmebf* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409163 Family ID: 0
    Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
    Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0
    Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0
    Description: *trafficmp* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408787 Family ID: 0
    Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0
    Description: *fastclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408869 Family ID: 0
    Description: *insightexpressai* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409259 Family ID: 0
    Description: *mediaplex* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408991 Family ID: 0
    Description: *real* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408817 Family ID: 0
    Description: *247realmedia* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408945 Family ID: 0
    Description: *realmedia* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409139 Family ID: 0
    Description: *pointroll* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408826 Family ID: 0
    Description: *questionmarket* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408819 Family ID: 0
    Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0
    Description: *specificclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0
    Description: *pointroll* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408826 Family ID: 0
    Description: *tacoda* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409123 Family ID: 0
    Description: *trafficmp* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408787 Family ID: 0
    Description: *unicast* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409281 Family ID: 0
    Description: zedo* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408736 Family ID: 0
    Description: zedo* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408736 Family ID: 0

    Scan and cleaning complete: Finished correctly after 4689 seconds

    *********************************** Settings ***********************************

    Scan profile:
    ID: full, enabled:1, value: Full Scan
    ID: folderstoscan, enabled:1, value: C:\
    ID: useantivirus, enabled:0, value: true
    ID: sections, enabled:1
    ID: scancriticalareas, enabled:1, value: true
    ID: scanrunningapps, enabled:1, value: true
    ID: scanregistry, enabled:1, value: true
    ID: scanlsp, enabled:1, value: true
    ID: scanads, enabled:1, value: true
    ID: scanhostsfile, enabled:1, value: true
    ID: scanmru, enabled:1, value: true
    ID: scanbrowserhijacks, enabled:1, value: true
    ID: scantrackingcookies, enabled:1, value: true
    ID: closebrowsers, enabled:1, value: false
    ID: filescanningoptions, enabled:1
    ID: archives, enabled:1, value: true
    ID: onlyexecutables, enabled:1, value: false
    ID: skiplargerthan, enabled:1, value: 20480
    ID: scanrootkits, enabled:1, value: true
    ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
    ID: usespywareheuristics, enabled:1, value: true
    ID: heuristicslevel, enabled:1, value: mild, domain: medium,mild,strict

    Scan global:
    ID: global, enabled:1
    ID: addtocontextmenu, enabled:1, value: true
    ID: playsoundoninfection, enabled:1, value: false
    ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

    Scheduled scan settings:
    <Empty>

    Update settings:
    ID: updates, enabled:1
    ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
    ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
    ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
    ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
    ID: schedules, enabled:1, value: true
    ID: updatedaily1, enabled:0, value: Daily 1
    ID: time, enabled:0, value: Fri Nov 06 08:40:00 2009
    ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly
    ID: weekdays, enabled:0
    ID: monday, enabled:0, value: false
    ID: tuesday, enabled:0, value: false
    ID: wednesday, enabled:0, value: false
    ID: thursday, enabled:0, value: false
    ID: friday, enabled:0, value: false
    ID: saturday, enabled:0, value: false
    ID: sunday, enabled:0, value: false
    ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31
    ID: scanprofile, enabled:0, value:
    ID: auto_deal_with_infections, enabled:0, value: false
    ID: updatedaily2, enabled:0, value: Daily 2
    ID: time, enabled:0, value: Fri Nov 06 14:40:00 2009
    ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly
    ID: weekdays, enabled:0
    ID: monday, enabled:0, value: false
    ID: tuesday, enabled:0, value: false
    ID: wednesday, enabled:0, value: false
    ID: thursday, enabled:0, value: false
    ID: friday, enabled:0, value: false
    ID: saturday, enabled:0, value: false
    ID: sunday, enabled:0, value: false
    ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31
    ID: scanprofile, enabled:0, value:
    ID: auto_deal_with_infections, enabled:0, value: false
    ID: updatedaily3, enabled:0, value: Daily 3
    ID: time, enabled:0, value: Fri Nov 06 20:40:00 2009
    ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly
    ID: weekdays, enabled:0
    ID: monday, enabled:0, value: false
    ID: tuesday, enabled:0, value: false
    ID: wednesday, enabled:0, value: false
    ID: thursday, enabled:0, value: false
    ID: friday, enabled:0, value: false
    ID: saturday, enabled:0, value: false
    ID: sunday, enabled:0, value: false
    ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31
    ID: scanprofile, enabled:0, value:
    ID: auto_deal_with_infections, enabled:0, value: false
    ID: updatedaily4, enabled:0, value: Daily 4
    ID: time, enabled:0, value: Fri Nov 06 02:40:00 2009
    ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly
    ID: weekdays, enabled:0
    ID: monday, enabled:0, value: false
    ID: tuesday, enabled:0, value: false
    ID: wednesday, enabled:0, value: false
    ID: thursday, enabled:0, value: false
    ID: friday, enabled:0, value: false
    ID: saturday, enabled:0, value: false
    ID: sunday, enabled:0, value: false
    ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31
    ID: scanprofile, enabled:0, value:
    ID: auto_deal_with_infections, enabled:0, value: false
    ID: updateweekly1, enabled:1, value: Weekly
    ID: time, enabled:1, value: Fri Nov 06 08:40:00 2009
    ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
    ID: weekdays, enabled:1
    ID: monday, enabled:1, value: true
    ID: tuesday, enabled:1, value: false
    ID: wednesday, enabled:1, value: false
    ID: thursday, enabled:1, value: false
    ID: friday, enabled:1, value: true
    ID: saturday, enabled:1, value: false
    ID: sunday, enabled:1, value: false
    ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
    ID: scanprofile, enabled:1, value:
    ID: auto_deal_with_infections, enabled:1, value: false

    Appearance settings:
    ID: appearance, enabled:1
    ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
    ID: showtrayicon, enabled:1, value: true
    ID: autoentertainmentmode, enabled:0, value: true
    ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
    ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

    Realtime protection settings:
    ID: realtime, enabled:1
    ID: modules, enabled:1
    ID: processprotection, enabled:1, value: true
    ID: registryprotection, enabled:0, value: true
    ID: networkprotection, enabled:0, value: true
    ID: layers, enabled:1
    ID: useantivirus, enabled:0, value: true
    ID: usespywareheuristics, enabled:0, value: true
    ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
    ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant


    ****************************** System information ******************************
    Computer name: DGDD2281
    Processor name: Intel(R) Celeron(R) CPU 2.40GHz
    Processor identifier: x86 Family 15 Model 4 Stepping 1
    Processor speed: ~2394MHZ
    Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 1025, number of processors 1, processor features: [MMX,SSE,SSE2]
    Physical memory available: 82575360 bytes
    Physical memory total: 534757376 bytes
    Virtual memory available: 1988276224 bytes
    Virtual memory total: 2147352576 bytes
    Memory load: 84%
    Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Windows startup mode:

    Running processes:
    PID: 628 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 700 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 724 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 772 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 784 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 952 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 1032 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
    PID: 1128 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 1176 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 1448 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
    PID: 1584 name: C:\WINDOWS\Explorer.EXE owner: Admin domain: DGDD2281
    PID: 1692 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
    PID: 1748 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 1824 name: C:\WINDOWS\system32\LEXBCES.EXE owner: SYSTEM domain: NT AUTHORITY
    PID: 1852 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 1872 name: C:\WINDOWS\system32\LEXPPS.EXE owner: SYSTEM domain: NT AUTHORITY
    PID: 1976 name: C:\Program Files\Avira\AntiVir Desktop\sched.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 232 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
    PID: 384 name: C:\Program Files\Avira\AntiVir Desktop\avguard.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 480 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 584 name: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 912 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 1112 name: C:\WINDOWS\system32\MsPMSPSv.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 1348 name: C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 2652 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 2860 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
    PID: 2912 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 3136 name: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe owner: Admin domain: DGDD2281
    PID: 3152 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: Admin domain: DGDD2281
    PID: 3272 name: C:\WINDOWS\system32\ctfmon.exe owner: Admin domain: DGDD2281
    PID: 3596 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Admin domain: DGDD2281
    PID: 2376 name: C:\WINDOWS\system32\devldr32.exe owner: Admin domain: DGDD2281
    PID: 836 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Admin domain: DGDD2281

    Startup items:
    Name: avgnt
    imagepath: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    Name: SunJavaUpdateSched
    imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe"
    Name: ISUSPM Startup
    imagepath: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    Name: QuickTime Task
    imagepath: "C:\Program Files\QuickTime\qttask.exe" -atboottime
    Name: Adobe Reader Speed Launcher
    imagepath: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    Name: Adobe ARM
    imagepath: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    Name: PostBootReminder
    imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
    Name: CDBurn
    imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
    Name: WebCheck
    imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
    Name: SysTray
    imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
    Name: WPDShServiceObj
    imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
    Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
    imagepath: Browseui preloader
    Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
    imagepath: Component Categories cache daemon
    Name:
    imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
    Name:
    imagepath: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\DESKTOP.INI

    Bootexecute items:
    Name:
    imagepath: autocheck autochk *
    Name:
    imagepath: lsdelete

    Running services:
    Name: ALG
    displayname: Application Layer Gateway Service
    Name: AntiVirSchedulerService
    displayname: Avira AntiVir Scheduler
    Name: AntiVirService
    displayname: Avira AntiVir Guard
    Name: AudioSrv
    displayname: Windows Audio
    Name: Browser
    displayname: Computer Browser
    Name: CryptSvc
    displayname: Cryptographic Services
    Name: DcomLaunch
    displayname: DCOM Server Process Launcher
    Name: Dhcp
    displayname: DHCP Client
    Name: Dnscache
    displayname: DNS Client
    Name: ERSvc
    displayname: Error Reporting Service
    Name: Eventlog
    displayname: Event Log
    Name: EventSystem
    displayname: COM+ Event System
    Name: FastUserSwitchingCompatibility
    displayname: Fast User Switching Compatibility
    Name: helpsvc
    displayname: Help and Support
    Name: HidServ
    displayname: HID Input Service
    Name: JavaQuickStarterService
    displayname: Java Quick Starter
    Name: lanmanserver
    displayname: Server
    Name: lanmanworkstation
    displayname: Workstation
    Name: Lavasoft Ad-Aware Service
    displayname: Lavasoft Ad-Aware Service
    Name: LexBceS
    displayname: LexBce Server
    Name: LmHosts
    displayname: TCP/IP NetBIOS Helper
    Name: Netman
    displayname: Network Connections
    Name: Nla
    displayname: Network Location Awareness (NLA)
    Name: nmservice
    displayname: Pure Networks Network Magic Service
    Name: PlugPlay
    displayname: Plug and Play
    Name: PolicyAgent
    displayname: IPSEC Services
    Name: ProtectedStorage
    displayname: Protected Storage
    Name: RasMan
    displayname: Remote Access Connection Manager
    Name: RpcSs
    displayname: Remote Procedure Call (RPC)
    Name: SamSs
    displayname: Security Accounts Manager
    Name: Schedule
    displayname: Task Scheduler
    Name: SeaPort
    displayname: SeaPort
    Name: seclogon
    displayname: Secondary Logon
    Name: SENS
    displayname: System Event Notification
    Name: SharedAccess
    displayname: Windows Firewall/Internet Connection Sharing (ICS)
    Name: ShellHWDetection
    displayname: Shell Hardware Detection
    Name: Spooler
    displayname: Print Spooler
    Name: srservice
    displayname: System Restore Service
    Name: SSDPSRV
    displayname: SSDP Discovery Service
    Name: stisvc
    displayname: Windows Image Acquisition (WIA)
    Name: TapiSrv
    displayname: Telephony
    Name: TermService
    displayname: Terminal Services
    Name: Themes
    displayname: Themes
    Name: TrkWks
    displayname: Distributed Link Tracking Client
    Name: upnphost
    displayname: Universal Plug and Play Device Host
    Name: w32time
    displayname: Windows Time
    Name: WebClient
    displayname: WebClient
    Name: winmgmt
    displayname: Windows Management Instrumentation
    Name: WMDM PMSP Service
    displayname: WMDM PMSP Service
    Name: wscsvc
    displayname: Security Center
    Name: wuauserv
    displayname: Automatic Updates
    Name: WudfSvc
    displayname: Windows Driver Foundation - User-mode Driver Framework
    Name: WZCSVC
    displayname: Wireless Zero Configuration





    see not much comes up as far as wut i have for anti virus/adware ect.. but there has to be something im missing with these programs... unless, could it just be that my computer is like 5 years old? im just looking for another opinion or some help digging a little deeper, please and thank u for your time and help
     
  6. Crammit

    Crammit Thread Starter

    Joined:
    Dec 2, 2007
    Messages:
    108
    and another thing i should mention, i have anti virus ads that pop up on startup and periodically while my computer is running, also awhile ago my antivirus detected a key logger, that had accured several times on my virus scanning with avira, but now it doesnt come up i hope i got it off, but i know i still got something else going on with this thing
     
  7. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,079
    Run HJT again and put a check in the following:

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 81.169.128.183:3128
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    Close all applications and browser windows before you click "fix checked".



    Download ATF Cleaner by Atribune.

    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.

    Click Exit on the Main menu to close the program.




    [​IMG] Download Malwarebytes' Anti-Malware.

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.



    Please run ESET Online Scanner

    Note: You can use IE or FireFox for this scan. You need to disable your current installed Anti-Virus. If you need help with that look here.

    Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

    • Please go ESET Online Scanner and click on the ESET Online Scanner button
    • Select the option YES, I accept the Terms of Use then click on Start
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on Start
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on Finish
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.
    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
     
  8. Crammit

    Crammit Thread Starter

    Joined:
    Dec 2, 2007
    Messages:
    108
    Malwarebytes' Anti-Malware 1.42
    Database version: 3300
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    2009-12-05 10:35:05 AM
    mbam-log-2009-12-05 (10-35-05).txt

    Scan type: Quick Scan
    Objects scanned: 123947
    Time elapsed: 14 minute(s), 25 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 18
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 3
    Files Infected: 13

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\Installer\UpgradeCodes\a1dc0fc00707a5a47b1b8c47064e8e01 (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\a1dc0fc00707a5a47b1b8c47064e8e01 (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7e5ead8fa251c5a45a24533a7762dc9e (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\bc59f3451579e1940a4c1d66df324d81 (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\d3fbc9a707fa89d43a63227c7e3b0b6d (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.Ascentive) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.Ascentive) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.Ascentive) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.Ascentive) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\QdrDrive (Adware.ISM) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\SYSTEM32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Documents and Settings\Admin\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Admin\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Admin\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

    Files Infected:
    C:\WINDOWS\SYSTEM32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Admin\Application Data\RegistrySmart\DataBaseNew.ref (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Admin\Application Data\RegistrySmart\Registry Backups\2007-10-26_13-08-14.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Admin\Application Data\RegistrySmart\Registry Backups\2007-10-27_03-40-11.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Admin\Application Data\RegistrySmart\Registry Backups\2007-10-28_21-55-30.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Admin\Application Data\RegistrySmart\Registry Backups\2007-10-29_15-14-50.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Admin\Application Data\RegistrySmart\Registry Backups\2007-10-31_08-25-31.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Admin\Application Data\RegistrySmart\Registry Backups\2007-11-07_14-59-13.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Admin\Application Data\RegistrySmart\Registry Backups\2007-11-22_03-40-53.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Admin\Application Data\RegistrySmart\Registry Backups\2007-12-02_03-43-31.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Admin\Application Data\RegistrySmart\Registry Backups\2007-12-02_20-28-13.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\RECYCLER\ADAPT_Installer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\ebook_library.dll (Trojan.Agent) -> Quarantined and deleted successfully.


    ----------------------------------------------------------------------------------------------------------------------

    All i could find to export from ESET was this

    C:\Jordan\Myspace Scripts\friendblasterpro.-patch.exe a variant of Win32/HackTool.Patcher.A application

    i didnt see anything to export a whole log file like the above one from mbam, is that what you where looking for or did you need a whole log? If so how do i get the whole log from ESET becuase there was nothing else there
     
  9. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,079
    That log is fine.

    The P2P programs you have installed expose you to risks because of the nature of the P2P file sharing process. File sharing/P2P programs rely on members giving and gaining unrestricted access to computers across the P2P network. This practice can make you vulnerable to data and identity theft. It also exposes you to very malicious worms and trojans. You change those risky default settings to a safer configuration but the act of downloading files from an anonymous source greatly increases your exposure to infection.


    Are you having any problems now?
     
  10. Crammit

    Crammit Thread Starter

    Joined:
    Dec 2, 2007
    Messages:
    108
    yea i was thinking about uninstalling it again, i didnt have one for awhile since the last time i used this site to get my computer fixed, but some months ago i got it again.. ill get rid of it

    pages are loading faster, but i just turned my computer on and got the anti-virus ad again on start up, i just looked at my SCU>startup and there was a blank line checked, why would there be a blank line in startup?

    and do u have free anti-virus/malware programs that you would recommend? or any other programs that i should use periodically? like mbam?
     
  11. Crammit

    Crammit Thread Starter

    Joined:
    Dec 2, 2007
    Messages:
    108
    also for some certain things like (online poker and some online games) my connection is week and or faulty and i disconnect,, do u think its more likely to be a hardware or software problem? i have a 5mb internet speed
     
  12. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,079
    MBAM is a good product to keep around, IMO.


    While we try our hardest to avoid them, accidents do happen. With today's malware being as it is, we will not be held responsible for any loss of your data. You are following the instructions given at your own risk. We recommend that you back up any data that&#8217;s important to you beforehand, just in case the worst happens.

    1. As a general rule, to offset any unexpected mishaps, your personal data should be backed up regularly. If you do not already have a process in place that backs up your data, it is highly recommended you do this now. Click here here for guidelines on what to back up and how to do it.

    2. Uninstall the following via Add or Remove Programs in Control Panel:

    If you have more than one antivirus software installed, leave only ONE and uninstall the others.
    CD emulation software, such as DAEMON Tools or Alcohol, see this page for complete instructions. These can be reinstalled once any malware removal efforts are completed.

    p2p programs like uTorrent, Bittorrent, LimeWire, Morpheus, etc., as they are a major conduit for malware and a likely source of your current issues.



    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
    If you are not sure how to disable see this help page.



    Download ComboFix from one of these locations:

    Link 1
    Link 2

    **Note: It is important that it is saved directly to your desktop**


    Double click on ComboFix.exe & follow the prompts.


    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
     
  13. Crammit

    Crammit Thread Starter

    Joined:
    Dec 2, 2007
    Messages:
    108
    i was already supose to be getting an external harddrive from some one so im going to try to get ahold of them and see when they are shipping it, so i can do a backup befor doing what u have suggested
     
  14. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,079
    No problem. Post back when you have a good back up.
     
  15. Crammit

    Crammit Thread Starter

    Joined:
    Dec 2, 2007
    Messages:
    108
    the first link for combo fix says theres a problem with it that needs to be fixed and to wait for them to rerelease it, but the second link prompts the download, is it good to download or should i wait?
     
  16. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,079
    As far as I know it has not re-released.


    Click Start - Run, type in MSCONFIG, then click OK - "Startup" tab. Select the "services" tab and check hide Microsoft Services.

    Then uncheck all the NON Microsoft services and reboot. Let me know how things are then. Just do this briefly as a test as your anti-virus program will be disabled. Be sure to go back and put a check beside the same items that were checked before.
     
  17. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/882507