Solved: Do I have a virus?????

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

jceac

Thread Starter
Joined
Sep 14, 2007
Messages
152
So I downloaded a wallpaper off of wincustomize.com, as I've done countless times in the past, and applied it to my desktop. A few moments later, several of my applications started to crash (Yahoo messenger, intellitype pro, intellipoint, etc.) and I get an error saying something about a module and that it's to protect something from being damaged by viruses... - sorry I don't have the exact error, I panicked and closed everything and restarted. I checked eventviewer, and i got these:

Event Type: Error
Event Source: Microsoft IntelliType Pro
Event Category: None
Event ID: 1000
Date: 11/2/2007
Time: 5:43:36 PM
User: N/A
Computer: JC
Description:
The description for Event ID ( 1000 ) in Source ( Microsoft IntelliType Pro ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: itype.exe, 6.10.156.0, unknown, 0.0.0.0, 00d71120.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 74 79 ure ity
0018: 70 65 2e 65 78 65 20 36 pe.exe 6
0020: 2e 31 30 2e 31 35 36 2e .10.156.
0028: 30 20 69 6e 20 75 6e 6b 0 in unk
0030: 6e 6f 77 6e 20 30 2e 30 nown 0.0
0038: 2e 30 2e 30 20 61 74 20 .0.0 at
0040: 6f 66 66 73 65 74 20 30 offset 0
0048: 30 64 37 31 31 32 30 0d 0d71120.
0050: 0a .


Event Type: Error
Event Source: Microsoft IntelliPoint
Event Category: None
Event ID: 1000
Date: 11/2/2007
Time: 5:43:36 PM
User: N/A
Computer: JC
Description:
The description for Event ID ( 1000 ) in Source ( Microsoft IntelliPoint ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: ipoint.exe, 6.10.157.0, user32.dll, 5.1.2600.3099, 0000a629.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 70 6f ure ipo
0018: 69 6e 74 2e 65 78 65 20 int.exe
0020: 36 2e 31 30 2e 31 35 37 6.10.157
0028: 2e 30 20 69 6e 20 75 73 .0 in us
0030: 65 72 33 32 2e 64 6c 6c er32.dll
0038: 20 35 2e 31 2e 32 36 30 5.1.260
0040: 30 2e 33 30 39 39 20 61 0.3099 a
0048: 74 20 6f 66 66 73 65 74 t offset
0050: 20 30 30 30 30 61 36 32 0000a62
0058: 39 0d 0a 9..


Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 11/2/2007
Time: 5:43:40 PM
User: N/A
Computer: JC
Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module unknown, version 0.0.0.0, fault address 0x10001120.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 65 78 70 ure exp
0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 33 31 35 36 20 00.3156
0030: 69 6e 20 75 6e 6b 6e 6f in unkno
0038: 77 6e 20 30 2e 30 2e 30 wn 0.0.0
0040: 2e 30 20 61 74 20 6f 66 .0 at of
0048: 66 73 65 74 20 31 30 30 fset 100
0050: 30 31 31 32 30 01120


Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 11/2/2007
Time: 5:43:43 PM
User: N/A
Computer: JC
Description:
Faulting application yahoomessenger.exe, version 8.1.0.402, faulting module unknown, version 0.0.0.0, fault address 0x01111120.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 79 61 68 ure yah
0018: 6f 6f 6d 65 73 73 65 6e oomessen
0020: 67 65 72 2e 65 78 65 20 ger.exe
0028: 38 2e 31 2e 30 2e 34 30 8.1.0.40
0030: 32 20 69 6e 20 75 6e 6b 2 in unk
0038: 6e 6f 77 6e 20 30 2e 30 nown 0.0
0040: 2e 30 2e 30 20 61 74 20 .0.0 at
0048: 6f 66 66 73 65 74 20 30 offset 0
0050: 31 31 31 31 31 32 30 0d 1111120.
0058: 0a .


Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1002
Date: 11/2/2007
Time: 5:44:15 PM
User: N/A
Computer: JC
Description:
The shell stopped unexpectedly and Explorer.exe was restarted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 11/2/2007
Time: 5:44:19 PM
User: N/A
Computer: JC
Description:
Faulting application igfxpers.exe, version 3.0.0.4543, faulting module unknown, version 0.0.0.0, fault address 0x00e91120.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 67 66 ure igf
0018: 78 70 65 72 73 2e 65 78 xpers.ex
0020: 65 20 33 2e 30 2e 30 2e e 3.0.0.
0028: 34 35 34 33 20 69 6e 20 4543 in
0030: 75 6e 6b 6e 6f 77 6e 20 unknown
0038: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 30 65 39 31 31 t 00e911
0050: 32 30 0d 0a 20..


Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 11/2/2007
Time: 5:44:23 PM
User: N/A
Computer: JC
Description:
Faulting application firefox.exe, version 1.8.20071.2514, faulting module unknown, version 0.0.0.0, fault address 0x003e1120.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 66 69 72 ure fir
0018: 65 66 6f 78 2e 65 78 65 efox.exe
0020: 20 31 2e 38 2e 32 30 30 1.8.200
0028: 37 31 2e 32 35 31 34 20 71.2514
0030: 69 6e 20 75 6e 6b 6e 6f in unkno
0038: 77 6e 20 30 2e 30 2e 30 wn 0.0.0
0040: 2e 30 20 61 74 20 6f 66 .0 at of
0048: 66 73 65 74 20 30 30 33 fset 003
0050: 65 31 31 32 30 0d 0a e1120..


Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 11/2/2007
Time: 5:44:46 PM
User: N/A
Computer: JC
Description:
Faulting application syntpenh.exe, version 8.3.8.0, faulting module unknown, version 0.0.0.0, fault address 0x01101120.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 73 79 6e ure syn
0018: 74 70 65 6e 68 2e 65 78 tpenh.ex
0020: 65 20 38 2e 33 2e 38 2e e 8.3.8.
0028: 30 20 69 6e 20 75 6e 6b 0 in unk
0030: 6e 6f 77 6e 20 30 2e 30 nown 0.0
0038: 2e 30 2e 30 20 61 74 20 .0.0 at
0040: 6f 66 66 73 65 74 20 30 offset 0
0048: 31 31 30 31 31 32 30 0d 1101120.
0050: 0a .

Here's a HijackThis log too:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:15:10 PM, on 11/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=presario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 4477 bytes

I also did a full scan with AVG Free and Spybot in safe mode and those turned up with nothing. I keep those two well-updated as well.

I don't know if the wallpaper I got came with a virus or what but I deleted the thing as fast as I could, disconnected from the internet and did the scans.

Please help! I'm pretty panicked right now and I'm really close to reformatting which I don't really want to do.

I'm not sure what other information to provide but any help would be much appreciated.

Thanks!

Windows XP Home SP2
 
Joined
May 20, 2005
Messages
2,548
You should wait for an expert, but that looks pretty clean, except perhaps for these two:

O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)

Leftovers from Norton.

Going by the times of the errors, the first was a failure of your Microsoft Intellitype keyboard.

Is the computer running OK now?
 

jceac

Thread Starter
Joined
Sep 14, 2007
Messages
152
Yeah the computer is running fine now.
If I recall correctly, the error about the module closing to protect against damages from viruses came first, then the applications started crashing one by one, and then the module thing again.

I'm not sure if you can answer this but could this error be produced without the computer actuallly being infected? By that I mean is it possible it is a "default" error for an incident that may or may not have been caused by a virus?

Thanks for the response by the way!
 
Joined
May 20, 2005
Messages
2,548
Actually your keyboard and mouse failed simultaneously first.
Are you sure the message said about protecting against viruses, or did it simply say:
"To help protect your computer, Windows has closed this program".
Let it run and see if you get another failure.
If you do, see if a particular module (e.g. xxxx.dll) is cited. If so, note down the module name.
 

jceac

Thread Starter
Joined
Sep 14, 2007
Messages
152
Oh ok. Yeah I'm positive it said something about protecting against viruses/virus attacks. Intellitype and Intellipoint are running right now. That's exactly what I'm trying to do right now: reproduce the errors. The computer is working like it usually does though. The only programs I had running then are objectdock, desktop sidebar, truetransparency, yahoo messenger, firefox and the others that run usually in the background.

Does windows have errors like that though that may pertain to more than one thing? Or does it positively mean the computer is infected when it gives out errors like those?
 

jceac

Thread Starter
Joined
Sep 14, 2007
Messages
152
As a side note: if it was a virus, and had i gotten it from the wallpaper, was deleting the wallpaper the proper course of action? Would that take care of the virus? If not, what should I have done in that situation?

Thanks again.
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
If it was a virus, and your antivirus program was able to detect it, you would have been alerted....after that, the usual process is to decide if you want your AV program to Heal, Delete, or Quarantine the problem> some don't give you options, but the settings can be changed so you are always Quarantining them, which is generally preferred and just as safe as Deleting....

A virus by definition, makes copies of itself...so, simply deleting whatever transported it into the computer, is not enough to do.

The other types of malware these days, though they may not multiply copies of themselves, can download other modules....kind of like having an open house for computer bugs...



It's not only "a virus" you have to worry about> malware these days is just as bad, when it is actually spyware, trojans, or rootkits.

Your log does not show any antispyware programs running....

You might turn up something by getting and scanning with this:

Download SUPERAntiSpyware Free for Home Users
alternate site
  • Double-click SUPERAntiSpyware.exe to install and use the default settings for installation.
    Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
  • Run SUPERAntiSpyware and update the definitions before scanning by selecting "Check for Udates".
  • When done, select "Scan for Harmful Software".
  • There are three scanning options available. Choose "Perform Complete Scan" and click "Next".
  • When done, a Scan Summary will appear with potentially harmful items that were detected. Click "OK".
  • Place a checkmark next to items you wish to remove/quarantine and Click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked to Reboot, please do.
  • After Reboot, double-click on SuperAnti-Spyware icon on your Desktop.
  • Click Preferences, Click the Statistics/Logs Tab.
  • Under Scanner logs, Double-click SuperAnti-Spyware Scan Log.
  • It will open in your default test editor (such as Notepad or WordPad).
  • Please Highlight everything in the Notepad, then right-click and choose copy.
  • In your next reply, please post those results and include a fresh Hijackthis log.
  • Select close to exit the program.
Note: If you encounter any problems while downloading the updates, manually download and unzip them from here.
 

jceac

Thread Starter
Joined
Sep 14, 2007
Messages
152
My log didn't show it? I did run a Spybot scan and it turned up with nothing as well. I don't mean to sound arrogant but I don't think spyware is my problem though. I went to the SUPERAntiSpyware website and read some articles on the forum and I don't think I have any of the "symptoms" of spyware infection.

Other than a virus (or any other malware) though, is there anything else that can cause this kind of behavior?
 
Joined
Oct 22, 2007
Messages
45
My strongest advice is to listen to BYTEMAN, none of the ubeaut SpyScanners etc
found out anything on my computer . Plus House Scans for Viruses etc

Run the Superantyspyware its free, I used the Pro version
Run AVG free
Run Berlac free housecall this will show whats actually running on your computer and will give the good bad and nasty programs etc

After being mucked around with Registry fixes etc etc etc, someone in one of these forums
said you have the Winfixer.exe By this time it had altered the Desktop, removed Icons and would'nt allow some programs to operate using the Cntrl Alt Del feature.
Actually it would,nt even allow access into Safe Mode

He was,nt wrong, Superantispyware came up with Winfixer.exe plus all its associated dlls.
I might add that I became extremily suspiciouse when I noticed my two connected machines showing exactly the same times when I knew they were 5 minutes difference.
Before I knew it I lost two programs out of the second machine before I ripped the cord out

When attempting to remedy using the XP Pro disk it would'nt allow account already had destroyed some registry areas. Thankfully most of my emails photos were already on a seperate USB drive.

I had to reformat, I now have quite a few blocks on the drive which cannot be defragged
and are locked so to speak.
 

jceac

Thread Starter
Joined
Sep 14, 2007
Messages
152
Ok i scanned with SUPERAntispyware and it didn't find anything either. I didn't get a log though. I just got a message that said nothing harmful was found. What should I do now? Should I also try online antivirus scanners? I heard that AVG is pretty reliable though.

By the way thanks for taking the time to help guys. I really appreciate it.
 

jceac

Thread Starter
Joined
Sep 14, 2007
Messages
152
I don't know if you still want the hijackthis log but here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:37 AM, on 11/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=presario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 4532 bytes
 

jceac

Thread Starter
Joined
Sep 14, 2007
Messages
152
Nevermind, sorry I was wrong. i went to preferences and found logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/03/2007 at 00:54 AM

Application Version : 3.9.1008

Core Rules Database Version : 3337
Trace Rules Database Version: 1338

Scan type : Complete Scan
Total Scan Time : 00:40:17

Memory items scanned : 242
Memory threats detected : 0
Registry items scanned : 5257
Registry threats detected : 0
File items scanned : 40488
File threats detected : 0

and this cause I went ahead and scanned twice.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/03/2007 at 09:45 AM

Application Version : 3.9.1008

Core Rules Database Version : 3337
Trace Rules Database Version: 1338

Scan type : Complete Scan
Total Scan Time : 00:40:11

Memory items scanned : 246
Memory threats detected : 0
Registry items scanned : 5257
Registry threats detected : 0
File items scanned : 40490
File threats detected : 0
 

jceac

Thread Starter
Joined
Sep 14, 2007
Messages
152
By the way, is it normal that SUPERAntiSpyware is using almost 60,000kb of ram while just sitting in the system tray (not scanning)? I've only ever seen that kind of ram usage with Firefox.

Thanks.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top