1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Do I have a virus?????

Discussion in 'Windows XP' started by jceac, Nov 2, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. jceac

    jceac Thread Starter

    Joined:
    Sep 14, 2007
    Messages:
    152
    So I downloaded a wallpaper off of wincustomize.com, as I've done countless times in the past, and applied it to my desktop. A few moments later, several of my applications started to crash (Yahoo messenger, intellitype pro, intellipoint, etc.) and I get an error saying something about a module and that it's to protect something from being damaged by viruses... - sorry I don't have the exact error, I panicked and closed everything and restarted. I checked eventviewer, and i got these:

    Event Type: Error
    Event Source: Microsoft IntelliType Pro
    Event Category: None
    Event ID: 1000
    Date: 11/2/2007
    Time: 5:43:36 PM
    User: N/A
    Computer: JC
    Description:
    The description for Event ID ( 1000 ) in Source ( Microsoft IntelliType Pro ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: itype.exe, 6.10.156.0, unknown, 0.0.0.0, 00d71120.
    Data:
    0000: 41 70 70 6c 69 63 61 74 Applicat
    0008: 69 6f 6e 20 46 61 69 6c ion Fail
    0010: 75 72 65 20 20 69 74 79 ure ity
    0018: 70 65 2e 65 78 65 20 36 pe.exe 6
    0020: 2e 31 30 2e 31 35 36 2e .10.156.
    0028: 30 20 69 6e 20 75 6e 6b 0 in unk
    0030: 6e 6f 77 6e 20 30 2e 30 nown 0.0
    0038: 2e 30 2e 30 20 61 74 20 .0.0 at
    0040: 6f 66 66 73 65 74 20 30 offset 0
    0048: 30 64 37 31 31 32 30 0d 0d71120.
    0050: 0a .


    Event Type: Error
    Event Source: Microsoft IntelliPoint
    Event Category: None
    Event ID: 1000
    Date: 11/2/2007
    Time: 5:43:36 PM
    User: N/A
    Computer: JC
    Description:
    The description for Event ID ( 1000 ) in Source ( Microsoft IntelliPoint ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: ipoint.exe, 6.10.157.0, user32.dll, 5.1.2600.3099, 0000a629.
    Data:
    0000: 41 70 70 6c 69 63 61 74 Applicat
    0008: 69 6f 6e 20 46 61 69 6c ion Fail
    0010: 75 72 65 20 20 69 70 6f ure ipo
    0018: 69 6e 74 2e 65 78 65 20 int.exe
    0020: 36 2e 31 30 2e 31 35 37 6.10.157
    0028: 2e 30 20 69 6e 20 75 73 .0 in us
    0030: 65 72 33 32 2e 64 6c 6c er32.dll
    0038: 20 35 2e 31 2e 32 36 30 5.1.260
    0040: 30 2e 33 30 39 39 20 61 0.3099 a
    0048: 74 20 6f 66 66 73 65 74 t offset
    0050: 20 30 30 30 30 61 36 32 0000a62
    0058: 39 0d 0a 9..


    Event Type: Error
    Event Source: Application Error
    Event Category: (100)
    Event ID: 1000
    Date: 11/2/2007
    Time: 5:43:40 PM
    User: N/A
    Computer: JC
    Description:
    Faulting application explorer.exe, version 6.0.2900.3156, faulting module unknown, version 0.0.0.0, fault address 0x10001120.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 41 70 70 6c 69 63 61 74 Applicat
    0008: 69 6f 6e 20 46 61 69 6c ion Fail
    0010: 75 72 65 20 20 65 78 70 ure exp
    0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
    0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
    0028: 30 30 2e 33 31 35 36 20 00.3156
    0030: 69 6e 20 75 6e 6b 6e 6f in unkno
    0038: 77 6e 20 30 2e 30 2e 30 wn 0.0.0
    0040: 2e 30 20 61 74 20 6f 66 .0 at of
    0048: 66 73 65 74 20 31 30 30 fset 100
    0050: 30 31 31 32 30 01120


    Event Type: Error
    Event Source: Application Error
    Event Category: None
    Event ID: 1000
    Date: 11/2/2007
    Time: 5:43:43 PM
    User: N/A
    Computer: JC
    Description:
    Faulting application yahoomessenger.exe, version 8.1.0.402, faulting module unknown, version 0.0.0.0, fault address 0x01111120.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 41 70 70 6c 69 63 61 74 Applicat
    0008: 69 6f 6e 20 46 61 69 6c ion Fail
    0010: 75 72 65 20 20 79 61 68 ure yah
    0018: 6f 6f 6d 65 73 73 65 6e oomessen
    0020: 67 65 72 2e 65 78 65 20 ger.exe
    0028: 38 2e 31 2e 30 2e 34 30 8.1.0.40
    0030: 32 20 69 6e 20 75 6e 6b 2 in unk
    0038: 6e 6f 77 6e 20 30 2e 30 nown 0.0
    0040: 2e 30 2e 30 20 61 74 20 .0.0 at
    0048: 6f 66 66 73 65 74 20 30 offset 0
    0050: 31 31 31 31 31 32 30 0d 1111120.
    0058: 0a .


    Event Type: Information
    Event Source: Winlogon
    Event Category: None
    Event ID: 1002
    Date: 11/2/2007
    Time: 5:44:15 PM
    User: N/A
    Computer: JC
    Description:
    The shell stopped unexpectedly and Explorer.exe was restarted.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


    Event Type: Error
    Event Source: Application Error
    Event Category: None
    Event ID: 1000
    Date: 11/2/2007
    Time: 5:44:19 PM
    User: N/A
    Computer: JC
    Description:
    Faulting application igfxpers.exe, version 3.0.0.4543, faulting module unknown, version 0.0.0.0, fault address 0x00e91120.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 41 70 70 6c 69 63 61 74 Applicat
    0008: 69 6f 6e 20 46 61 69 6c ion Fail
    0010: 75 72 65 20 20 69 67 66 ure igf
    0018: 78 70 65 72 73 2e 65 78 xpers.ex
    0020: 65 20 33 2e 30 2e 30 2e e 3.0.0.
    0028: 34 35 34 33 20 69 6e 20 4543 in
    0030: 75 6e 6b 6e 6f 77 6e 20 unknown
    0038: 30 2e 30 2e 30 2e 30 20 0.0.0.0
    0040: 61 74 20 6f 66 66 73 65 at offse
    0048: 74 20 30 30 65 39 31 31 t 00e911
    0050: 32 30 0d 0a 20..


    Event Type: Error
    Event Source: Application Error
    Event Category: None
    Event ID: 1000
    Date: 11/2/2007
    Time: 5:44:23 PM
    User: N/A
    Computer: JC
    Description:
    Faulting application firefox.exe, version 1.8.20071.2514, faulting module unknown, version 0.0.0.0, fault address 0x003e1120.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 41 70 70 6c 69 63 61 74 Applicat
    0008: 69 6f 6e 20 46 61 69 6c ion Fail
    0010: 75 72 65 20 20 66 69 72 ure fir
    0018: 65 66 6f 78 2e 65 78 65 efox.exe
    0020: 20 31 2e 38 2e 32 30 30 1.8.200
    0028: 37 31 2e 32 35 31 34 20 71.2514
    0030: 69 6e 20 75 6e 6b 6e 6f in unkno
    0038: 77 6e 20 30 2e 30 2e 30 wn 0.0.0
    0040: 2e 30 20 61 74 20 6f 66 .0 at of
    0048: 66 73 65 74 20 30 30 33 fset 003
    0050: 65 31 31 32 30 0d 0a e1120..


    Event Type: Error
    Event Source: Application Error
    Event Category: None
    Event ID: 1000
    Date: 11/2/2007
    Time: 5:44:46 PM
    User: N/A
    Computer: JC
    Description:
    Faulting application syntpenh.exe, version 8.3.8.0, faulting module unknown, version 0.0.0.0, fault address 0x01101120.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 41 70 70 6c 69 63 61 74 Applicat
    0008: 69 6f 6e 20 46 61 69 6c ion Fail
    0010: 75 72 65 20 20 73 79 6e ure syn
    0018: 74 70 65 6e 68 2e 65 78 tpenh.ex
    0020: 65 20 38 2e 33 2e 38 2e e 8.3.8.
    0028: 30 20 69 6e 20 75 6e 6b 0 in unk
    0030: 6e 6f 77 6e 20 30 2e 30 nown 0.0
    0038: 2e 30 2e 30 20 61 74 20 .0.0 at
    0040: 6f 66 66 73 65 74 20 30 offset 0
    0048: 31 31 30 31 31 32 30 0d 1101120.
    0050: 0a .

    Here's a HijackThis log too:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:15:10 PM, on 11/2/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=presario&pf=laptop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
    O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    --
    End of file - 4477 bytes

    I also did a full scan with AVG Free and Spybot in safe mode and those turned up with nothing. I keep those two well-updated as well.

    I don't know if the wallpaper I got came with a virus or what but I deleted the thing as fast as I could, disconnected from the internet and did the scans.

    Please help! I'm pretty panicked right now and I'm really close to reformatting which I don't really want to do.

    I'm not sure what other information to provide but any help would be much appreciated.

    Thanks!

    Windows XP Home SP2
     
  2. Claymore

    Claymore

    Joined:
    May 20, 2005
    Messages:
    2,548
    You should wait for an expert, but that looks pretty clean, except perhaps for these two:

    O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
    O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)

    Leftovers from Norton.

    Going by the times of the errors, the first was a failure of your Microsoft Intellitype keyboard.

    Is the computer running OK now?
     
  3. jceac

    jceac Thread Starter

    Joined:
    Sep 14, 2007
    Messages:
    152
    Yeah the computer is running fine now.
    If I recall correctly, the error about the module closing to protect against damages from viruses came first, then the applications started crashing one by one, and then the module thing again.

    I'm not sure if you can answer this but could this error be produced without the computer actuallly being infected? By that I mean is it possible it is a "default" error for an incident that may or may not have been caused by a virus?

    Thanks for the response by the way!
     
  4. Claymore

    Claymore

    Joined:
    May 20, 2005
    Messages:
    2,548
    Actually your keyboard and mouse failed simultaneously first.
    Are you sure the message said about protecting against viruses, or did it simply say:
    "To help protect your computer, Windows has closed this program".
    Let it run and see if you get another failure.
    If you do, see if a particular module (e.g. xxxx.dll) is cited. If so, note down the module name.
     
  5. jceac

    jceac Thread Starter

    Joined:
    Sep 14, 2007
    Messages:
    152
    Oh ok. Yeah I'm positive it said something about protecting against viruses/virus attacks. Intellitype and Intellipoint are running right now. That's exactly what I'm trying to do right now: reproduce the errors. The computer is working like it usually does though. The only programs I had running then are objectdock, desktop sidebar, truetransparency, yahoo messenger, firefox and the others that run usually in the background.

    Does windows have errors like that though that may pertain to more than one thing? Or does it positively mean the computer is infected when it gives out errors like those?
     
  6. jceac

    jceac Thread Starter

    Joined:
    Sep 14, 2007
    Messages:
    152
    As a side note: if it was a virus, and had i gotten it from the wallpaper, was deleting the wallpaper the proper course of action? Would that take care of the virus? If not, what should I have done in that situation?

    Thanks again.
     
  7. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    If it was a virus, and your antivirus program was able to detect it, you would have been alerted....after that, the usual process is to decide if you want your AV program to Heal, Delete, or Quarantine the problem> some don't give you options, but the settings can be changed so you are always Quarantining them, which is generally preferred and just as safe as Deleting....

    A virus by definition, makes copies of itself...so, simply deleting whatever transported it into the computer, is not enough to do.

    The other types of malware these days, though they may not multiply copies of themselves, can download other modules....kind of like having an open house for computer bugs...



    It's not only "a virus" you have to worry about> malware these days is just as bad, when it is actually spyware, trojans, or rootkits.

    Your log does not show any antispyware programs running....

    You might turn up something by getting and scanning with this:

    Download SUPERAntiSpyware Free for Home Users
    alternate site
    • Double-click SUPERAntiSpyware.exe to install and use the default settings for installation.
      Under Configuration and Preferences, click the Preferences button.
      · Click the Scanning Control tab.
      · Under Scanner Options make sure the following are checked:
      o Close browsers before scanning
      o Scan for tracking cookies
      o Terminate memory threats before quarantining.
      o Please leave the others unchecked.
      o Click the Close button to leave the control center screen.
    • Run SUPERAntiSpyware and update the definitions before scanning by selecting "Check for Udates".
    • When done, select "Scan for Harmful Software".
    • There are three scanning options available. Choose "Perform Complete Scan" and click "Next".
    • When done, a Scan Summary will appear with potentially harmful items that were detected. Click "OK".
    • Place a checkmark next to items you wish to remove/quarantine and Click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked to Reboot, please do.
    • After Reboot, double-click on SuperAnti-Spyware icon on your Desktop.
    • Click Preferences, Click the Statistics/Logs Tab.
    • Under Scanner logs, Double-click SuperAnti-Spyware Scan Log.
    • It will open in your default test editor (such as Notepad or WordPad).
    • Please Highlight everything in the Notepad, then right-click and choose copy.
    • In your next reply, please post those results and include a fresh Hijackthis log.
    • Select close to exit the program.
    Note: If you encounter any problems while downloading the updates, manually download and unzip them from here.
     
  8. jceac

    jceac Thread Starter

    Joined:
    Sep 14, 2007
    Messages:
    152
    My log didn't show it? I did run a Spybot scan and it turned up with nothing as well. I don't mean to sound arrogant but I don't think spyware is my problem though. I went to the SUPERAntiSpyware website and read some articles on the forum and I don't think I have any of the "symptoms" of spyware infection.

    Other than a virus (or any other malware) though, is there anything else that can cause this kind of behavior?
     
  9. Bob1940

    Bob1940

    Joined:
    Oct 22, 2007
    Messages:
    45
    Are you by any chance running Vista???
     
  10. Bob1940

    Bob1940

    Joined:
    Oct 22, 2007
    Messages:
    45
    Sorry just noticed XP at bottem of your note
     
  11. Bob1940

    Bob1940

    Joined:
    Oct 22, 2007
    Messages:
    45
    My strongest advice is to listen to BYTEMAN, none of the ubeaut SpyScanners etc
    found out anything on my computer . Plus House Scans for Viruses etc

    Run the Superantyspyware its free, I used the Pro version
    Run AVG free
    Run Berlac free housecall this will show whats actually running on your computer and will give the good bad and nasty programs etc

    After being mucked around with Registry fixes etc etc etc, someone in one of these forums
    said you have the Winfixer.exe By this time it had altered the Desktop, removed Icons and would'nt allow some programs to operate using the Cntrl Alt Del feature.
    Actually it would,nt even allow access into Safe Mode

    He was,nt wrong, Superantispyware came up with Winfixer.exe plus all its associated dlls.
    I might add that I became extremily suspiciouse when I noticed my two connected machines showing exactly the same times when I knew they were 5 minutes difference.
    Before I knew it I lost two programs out of the second machine before I ripped the cord out

    When attempting to remedy using the XP Pro disk it would'nt allow account already had destroyed some registry areas. Thankfully most of my emails photos were already on a seperate USB drive.

    I had to reformat, I now have quite a few blocks on the drive which cannot be defragged
    and are locked so to speak.
     
  12. jceac

    jceac Thread Starter

    Joined:
    Sep 14, 2007
    Messages:
    152
    Ok i scanned with SUPERAntispyware and it didn't find anything either. I didn't get a log though. I just got a message that said nothing harmful was found. What should I do now? Should I also try online antivirus scanners? I heard that AVG is pretty reliable though.

    By the way thanks for taking the time to help guys. I really appreciate it.
     
  13. jceac

    jceac Thread Starter

    Joined:
    Sep 14, 2007
    Messages:
    152
    I don't know if you still want the hijackthis log but here it is:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:57:37 AM, on 11/3/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\svchost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=presario&pf=laptop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
    O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    --
    End of file - 4532 bytes
     
  14. jceac

    jceac Thread Starter

    Joined:
    Sep 14, 2007
    Messages:
    152
    Nevermind, sorry I was wrong. i went to preferences and found logs:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/03/2007 at 00:54 AM

    Application Version : 3.9.1008

    Core Rules Database Version : 3337
    Trace Rules Database Version: 1338

    Scan type : Complete Scan
    Total Scan Time : 00:40:17

    Memory items scanned : 242
    Memory threats detected : 0
    Registry items scanned : 5257
    Registry threats detected : 0
    File items scanned : 40488
    File threats detected : 0

    and this cause I went ahead and scanned twice.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/03/2007 at 09:45 AM

    Application Version : 3.9.1008

    Core Rules Database Version : 3337
    Trace Rules Database Version: 1338

    Scan type : Complete Scan
    Total Scan Time : 00:40:11

    Memory items scanned : 246
    Memory threats detected : 0
    Registry items scanned : 5257
    Registry threats detected : 0
    File items scanned : 40490
    File threats detected : 0
     
  15. jceac

    jceac Thread Starter

    Joined:
    Sep 14, 2007
    Messages:
    152
    By the way, is it normal that SUPERAntiSpyware is using almost 60,000kb of ram while just sitting in the system tray (not scanning)? I've only ever seen that kind of ram usage with Firefox.

    Thanks.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/647113

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice