1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: PC freezing seconds after i start scan!

Discussion in 'Virus & Other Malware Removal' started by D-tremens, Oct 24, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. D-tremens

    D-tremens Thread Starter

    Joined:
    Sep 13, 2005
    Messages:
    57
    Could anyone check my hijack this log?The pc is freezing totaly after i run scan with ewido ...pc must be infected with some kind of **** again...could anyone check my log and see if /what its wrong? thanks
    ps: by the way what is this file "CTEaxSpl.EXE/run" ?
     
  2. D-tremens

    D-tremens Thread Starter

    Joined:
    Sep 13, 2005
    Messages:
    57
    ogfile of HijackThis v1.99.1
    Scan saved at 18:19:13, on 2005-10-24
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\System32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\Explorer.EXE
    F:\WINDOWS\system32\spoolsv.exe
    F:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
    F:\Program Files\ewido\security suite\ewidoctrl.exe
    F:\Program Files\Ahead\InCD\InCDsrv.exe
    F:\WINDOWS\system32\nvsvc32.exe
    F:\WINDOWS\system32\MsPMSPSv.exe
    F:\WINDOWS\system32\CTHELPER.EXE
    F:\WINDOWS\system32\rundll32.exe
    F:\Program Files\Ahead\InCD\InCD.exe
    F:\WINDOWS\system32\WinSys.exe
    F:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    F:\WINDOWS\system32\devldr32.exe
    F:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    F:\WINDOWS\system32\ctfmon.exe
    F:\WINDOWS\system32\wscntfy.exe
    F:\Program Files\Internet Explorer\iexplore.exe
    F:\Documents and Settings\Dtr\Επιφάνεια εργασίας\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sportime.gr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [NVRaidService] F:\WINDOWS\system32\nvraidservice.exe
    O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [Jet Detection] F:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [LiveMonitor] F:\Program Files\MSI\Live Update 3\LMonitor.exe
    O4 - HKLM\..\Run: [InCD] F:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SW20] F:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [SW24] F:\WINDOWS\system32\sw24.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WinSys] F:\WINDOWS\system32\WinSys.exe
    O4 - HKLM\..\Run: [MimBoot] F:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] F:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SurfAccuracy] F:\Program Files\SurfAccuracy\SAcc.exe
    O4 - HKLM\..\Run: [Ad-watch] "F:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
    O4 - HKLM\..\Run: [CTStartup] F:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: Send To &Bluetooth - F:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - F:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
    O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - F:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - F:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PAVFIRES - Panda Software - (no file)
    O23 - Service: PAVSRV - Panda Software - (no file)
     
  3. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"


    Go to the forum here and upload these files:

    F:\Windows\System32\sw20.exe
    F:\Windows\System32\sw24.exe


    Here are the directions for uploading the files:

    Just click "New Topic", fill in the needed details and post a link to your thread here. Click the "Browse" button. Navigate to the files on your computer. If there are multiple files to be uploaded click the "More attachments" button for each extra file and browse to the files. When all the files are listed in the windows click "Post" to upload the files.
     
  4. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    * Go to Add/Remove programs and uninstall SurfAccuracy.


    *Download Cleanup from Here
    • Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
    • Click the Options... button on the right.
    • Move the arrow down to "Custom CleanUp!"
    • Put a check next to the following (Make sure nothing else is checked!):
      • Empty Recycle Bins
      • Delete Cookies
      • Delete Prefetch files
      • Cleanup! All Users
      Click OK
    • DO NOT RUN IT YET


    * Click Here and download Killbox and save it to your desktop.


    * Click here for info on how to boot to safe mode if you don't already know how.


    * Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


    * Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R3 - Default URLSearchHook is missing

    O4 - HKLM\..\Run: [WinSys] F:\WINDOWS\system32\WinSys.exe

    O4 - HKLM\..\Run: [SurfAccuracy] F:\Program Files\SurfAccuracy\SAcc.exe



    * Restart your computer into safe mode now. Perform the following steps in safe mode:


    * Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste the following line then click on the button that has the red circle with the X in the middle. It will ask for confimation to delete the file. Click Yes.

    F:\WINDOWS\system32\WinSys.exe

    Exit the Killbox.


    * Delete this folder:

    F:\Program Files\SurfAccuracy


    * Run Cleanup:
    • Click on the "Cleanup" button and let it run.
    • Once its done, close the program.


    * Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


    * Restart back into Windows normally now.


    * Run ActiveScan online virus scan here

    When the scan is finished, anything that it cannot clean have it delete it.
    - Save the results from the scan!

    Post a new HiJackThis log along with the results from ActiveScan
     
  5. D-tremens

    D-tremens Thread Starter

    Joined:
    Sep 13, 2005
    Messages:
    57
    I posted those two files to the other site and then did as you told me....heres the new hijack this log and the online scan results...but i think surf accuracy is still there:Incident Status Location

    Adware:adware/surfaccuracy No disinfected Windows Registry
    Logfile of HijackThis v1.99.1
    Scan saved at 21:39:29, on 2005-10-24
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\System32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\Explorer.EXE
    F:\WINDOWS\system32\CTHELPER.EXE
    F:\WINDOWS\system32\rundll32.exe
    F:\Program Files\MSI\Live Update 3\LMonitor.exe
    F:\Program Files\Ahead\InCD\InCD.exe
    F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    F:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    F:\WINDOWS\system32\rundll32.exe
    F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    F:\WINDOWS\system32\ctfmon.exe
    F:\Program Files\MSI\3D!Turbo Experience\3D!Turbo.exe
    F:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
    F:\Program Files\Internet Explorer\iexplore.exe
    F:\WINDOWS\system32\devldr32.exe
    F:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
    F:\Program Files\ewido\security suite\ewidoctrl.exe
    F:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
    F:\Program Files\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
    F:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
    F:\Program Files\Ahead\InCD\InCDsrv.exe
    F:\WINDOWS\system32\nvsvc32.exe
    F:\Program Files\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
    F:\WINDOWS\system32\MsPMSPSv.exe
    F:\WINDOWS\system32\wscntfy.exe
    F:\Program Files\F-Secure Anti-Virus\Common\FSLAUNCH.EXE
    F:\Documents and Settings\Dtr\Τα έγγραφά μου\PROS\Hijack This\HijackThis.exe

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [NVRaidService] F:\WINDOWS\system32\nvraidservice.exe
    O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [Jet Detection] F:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [LiveMonitor] F:\Program Files\MSI\Live Update 3\LMonitor.exe
    O4 - HKLM\..\Run: [InCD] F:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SW20] F:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [SW24] F:\WINDOWS\system32\sw24.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MimBoot] F:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] F:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CTStartup] F:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WinSys] F:\WINDOWS\system32\WinSys.exe
    O4 - HKLM\..\Run: [SurfAccuracy] F:\Program Files\SurfAccuracy\SAcc.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "F:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "F:\Program Files\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "F:\Program Files\F-Secure Anti-Virus\FSGUI\FSSW.EXE" /reboot
    O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: Send To &Bluetooth - F:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O23 - Service: F-Secure Anti-Virus 2005 (BackWeb Plug-in - 4476822) - Unknown owner - F:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - F:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
    O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - F:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - F:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - F:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - F:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
    O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - F:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PAVFIRES - Panda Software - (no file)
    O23 - Service: PAVSRV - Panda Software - (no file)
     
  6. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Go through this again:
     
  7. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Those two files are OK.
     
  8. D-tremens

    D-tremens Thread Starter

    Joined:
    Sep 13, 2005
    Messages:
    57
    heres the new hjkthis log:
    Logfile of HijackThis v1.99.1
    Scan saved at 10:09:34, on 2005-10-25
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\System32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\Explorer.EXE
    F:\WINDOWS\system32\CTHELPER.EXE
    F:\WINDOWS\system32\rundll32.exe
    F:\Program Files\MSI\Live Update 3\LMonitor.exe
    F:\Program Files\Ahead\InCD\InCD.exe
    F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    F:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE
    F:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    F:\WINDOWS\system32\ctfmon.exe
    F:\WINDOWS\system32\devldr32.exe
    F:\WINDOWS\system32\rundll32.exe
    F:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
    F:\Program Files\F-Secure Anti-Virus\backweb\4476822\Program\fspex.exe
    F:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
    F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    F:\Program Files\MSI\3D!Turbo Experience\3D!Turbo.exe
    F:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
    F:\Program Files\ewido\security suite\ewidoctrl.exe
    F:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
    F:\Program Files\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
    F:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
    F:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
    F:\Program Files\Ahead\InCD\InCDsrv.exe
    F:\Program Files\F-Secure Anti-Virus\Common\FSMB32.EXE
    F:\Program Files\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
    F:\WINDOWS\system32\nvsvc32.exe
    F:\Program Files\F-Secure Anti-Virus\Common\FCH32.EXE
    F:\WINDOWS\system32\MsPMSPSv.exe
    F:\Program Files\F-Secure Anti-Virus\Common\FAMEH32.EXE
    F:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
    F:\WINDOWS\system32\wscntfy.exe
    F:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
    F:\Program Files\F-Secure Anti-Virus\FSGUI\fsguiexe.exe
    F:\WINDOWS\system32\wuauclt.exe
    F:\Documents and Settings\Dtr\Τα έγγραφά μου\PROS\Hijack This\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sportime.gr/xst/
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [NVRaidService] F:\WINDOWS\system32\nvraidservice.exe
    O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [Jet Detection] F:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [LiveMonitor] F:\Program Files\MSI\Live Update 3\LMonitor.exe
    O4 - HKLM\..\Run: [InCD] F:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SW20] F:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [SW24] F:\WINDOWS\system32\sw24.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MimBoot] F:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] F:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CTStartup] F:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [F-Secure Manager] "F:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "F:\Program Files\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "F:\Program Files\F-Secure Anti-Virus\FSGUI\FSSW.EXE" /reboot
    O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: Send To &Bluetooth - F:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O23 - Service: F-Secure Anti-Virus 2005 (BackWeb Plug-in - 4476822) - Unknown owner - F:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - F:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
    O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - F:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - F:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - F:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - F:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
    O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - F:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PAVFIRES - Panda Software - (no file)
    O23 - Service: PAVSRV - Panda Software - (no file)
     
  9. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    * Go here and download Ad-Aware SE.
    • Install the program and launch it.
    • First in the main window look in the bottom right corner and click on Check for updates now
    • Click Connect and download the latest reference files.
    • From main window click Start then under Select a scan Mode tick Perform full system scan.
    • Next deselect Search for negligible risk entries.
    • Now to scan just click the Next button.
    • When the scan is finished mark everything for removal and get rid of it.
    • Right-click the window and choose select all from the drop down menu and click Next
    • Restart your computer.



    * Go here and download Microsoft Antispyware Beta.
    • Install the program and launch it.
    • First in the top menu click File then Check for updates to download the definitons updates.
    • After updating look in the right side of the main window under "Run Quick Scan Now" and click Spyware scan options.
    • Put a tick by Run a full system scan and then put a check by all three options below that
    • Click Run Scan now.
    • When the scan is finished, let it fix anything that it finds
    • Have it quarantine the items that have that option rather than delete just in case.
    • Restart your computer.


    * Go here and do an online virus scan. Choose "Complete Scan" and select all drives to scan.

    When the scan is finished, anything that it cannot clean have it delete it. Click "Print Report". The report will open in your browser. Go to File > Save As and save the file to your desktop. Under "Save as type" click the dropdown menu and choose "Text file (*.txt) and save it as a text file.

    Post a new HiJackThis log along with the report from the Housecall scan
     
  10. D-tremens

    D-tremens Thread Starter

    Joined:
    Sep 13, 2005
    Messages:
    57
    well thanks anyways i backed up everything and formated the disk so theres no problem anymore...
     
  11. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    OK.

    Since this problem has been solved, I'm closing this thread.

    Anyone else with a similar problem please start a "New Thread".
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/410682

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice