WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer Very Slow To Respond

Started by Wildwacker , May 27 2007 10:01 AM

This topic is locked

10 replies to this topic

#1 Wildwacker

New Member

Authentic Member
9 posts

Posted 27 May 2007 - 10:01 AM

I have a Computer with Pentium 4 1.4Ghz computer with Windows XP Service Pack 2 installed. I have run MalwareBot, Advanced WindowsCare V2 Personal, SpyCatcher, and Ad-Aware SE Personal to clean my system. It still runs very slowly. Log file follows a-squared HiJackFree Analysis a-squared a-squared HiJackFree Analysis www.hijackfree.com Version info: Result ToDo Good Your used version of a-squared HiJackFree: 2.1.0.34 The current version of a-squared HiJackFree: 2.0.0.429 Good Your used operating system version: Windows XP Service Pack 2 The current version of your operating system: Windows XP Service Pack 2 Registry Autoruns: Result ToDo Good Name: AVG7_CC Path: C:\Program Files\Grisoft\AVGFRE~1\avgcc.exe Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Good: 1 - Bad: 0 View Details Not Sure - may be bad Name: TkBellExe Path: C:\Program Files\Common Files\Real\Update_OB\realsched.exe Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Good: 5 - Bad: 4 View Details Requires Attention! Compare details with your local values and/or search at Google Not Sure - may be bad Name: SunJavaUpdateSched Path: C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Good: 2 - Bad: 3 View Details Requires Attention! Compare details with your local values and/or search at Google Good Name: DW4 Path: "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Good: 1 - Bad: 0 View Details Not Sure - may be bad Name: ctfmon.exe Path: C:\WINDOWS\system32\ctfmon.exe Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Good: 3 - Bad: 3 View Details Requires Attention! Compare details with your local values and/or search at Google Unknown - may be bad Name: Vidalia Path: "C:\Program Files\Vidalia\vidalia.exe" Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Good: 0 - Bad: 0 Unknown Item Search at Google Tricky and Other Autoruns: Result ToDo Unknown - may be bad Name: SET BLASTER Path: A220 I5 D1 P330 T3 Location: autoexec.nt Not checked Unknown Item Search at Google Unknown - may be bad Name: dos Path: high, umb Location: config.nt Not checked Unknown Item Search at Google Unknown - may be bad Name: device Path: %SystemRoot%\system32\himem.sys Location: config.nt Not checked Unknown Item Search at Google Unknown - may be bad Name: files Path: 40 Location: config.nt Not checked Unknown Item Search at Google Unknown - may be bad Name: Check Windows Disk Protection Path: Location: C:\Documents and Settings\Dad\Start Menu\Programs\Startup\ Not checked Unknown Item Search at Google Unknown - may be bad Name: Scheduler Path: Location: C:\Documents and Settings\Dad\Start Menu\Programs\Startup\ Not checked Unknown Item Search at Google Unknown - may be bad Name: Webshots Path: Location: C:\Documents and Settings\Dad\Start Menu\Programs\Startup\ Not checked Unknown Item Search at Google Unknown - may be bad Name: Privoxy Path: Location: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Not checked Unknown Item Search at Google Unknown - may be bad Name: MP Scheduled Scan Path: Location: C:\WINDOWS\tasks\ Not checked Unknown Item Search at Google Unknown - may be bad Name: SA Path: Location: C:\WINDOWS\tasks\ Not checked Unknown Item Search at Google Unknown - may be bad Name: AVG7_Run Path: C:\Program Files\Grisoft\AVGFRE~1\avgw.exe Location: HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run\ Not checked Unknown Item Search at Google Unknown - may be bad Name: Shell Path: Explorer.exe Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ Not checked Unknown Item Search at Google Unknown - may be bad Name: $LT;{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} Path: C:\WINDOWS\system32\ieudinit.exe Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Unknown - may be bad Name: $GT;{22d6f312-b0f6-11d0-94ab-0080c74c7e95} Path: C:\WINDOWS\inf\unregmp2.exe Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Unknown - may be bad Name: $GT;{26923b43-4d38-484f-9b9e-de460746276c} Path: C:\WINDOWS\system32\ie4uinit.exe Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Unknown - may be bad Name: $GT;{60B49E34-C7CC-11D0-8953-00A0C90347FF} Path: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Unknown - may be bad Name: $GT;{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS Path: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Unknown - may be bad Name: $GT;{881dd1c5-3dcf-431b-b061-f3f88e8be88a} Path: C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Unknown - may be bad Name: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} Path: C:\WINDOWS\system32\regsvr32.exe Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Unknown - may be bad Name: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} Path: "C:\Program Files\Outlook Express\setup50.exe" Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Unknown - may be bad Name: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Unknown - may be bad Name: {5945c046-1e7d-11d1-bc44-00c04fd912be} Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Unknown - may be bad Name: {6BF52A52-394A-11d3-B153-00C04F79FAA6} Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Unknown - may be bad Name: {7790769C-0471-11d2-AF11-00C04FA35D02} Path: "C:\Program Files\Outlook Express\setup50.exe" Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Unknown - may be bad Name: {89820200-ECBD-11cf-8B85-00AA005B4340} Path: regsvr32.exe Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Unknown - may be bad Name: {89820200-ECBD-11cf-8B85-00AA005B4383} Path: C:\WINDOWS\system32\ie4uinit.exe Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Unknown - may be bad Name: VBScript Script File Path: C:\WINDOWS\System32\WScript.exe "%1" %* Location: HKEY_CLASSES_ROOT\vbsfile\shell\open\command\ Not checked Unknown Item Search at Google Unknown - may be bad Name: VBScript Encoded Script File Path: C:\WINDOWS\System32\WScript.exe "%1" %* Location: HKEY_CLASSES_ROOT\vbefile\shell\open\command\ Not checked Unknown Item Search at Google Unknown - may be bad Name: JScript Script File Path: C:\WINDOWS\System32\WScript.exe "%1" %* Location: HKEY_CLASSES_ROOT\jsfile\shell\open\command\ Not checked Unknown Item Search at Google Unknown - may be bad Name: JScript Encoded Script File Path: C:\WINDOWS\System32\WScript.exe "%1" %* Location: HKEY_CLASSES_ROOT\jsefile\shell\open\command\ Not checked Unknown Item Search at Google Unknown - may be bad Name: Windows Script Host Settings File Path: C:\WINDOWS\System32\WScript.exe "%1" %* Location: HKEY_CLASSES_ROOT\wshfile\shell\open\command\ Not checked Unknown Item Search at Google Unknown - may be bad Name: Windows Script File Path: C:\WINDOWS\System32\WScript.exe "%1" %* Location: HKEY_CLASSES_ROOT\wsffile\shell\open\command\ Not checked Unknown Item Search at Google Unknown - may be bad Name: Application Path: "%1" %* Location: HKEY_CLASSES_ROOT\exefile\shell\open\command\ Not checked Unknown Item Search at Google Unknown - may be bad Name: MS-DOS Application Path: "%1" %* Location: HKEY_CLASSES_ROOT\comfile\shell\open\command\ Not checked Unknown Item Search at Google Unknown - may be bad Name: MS-DOS Batch File Path: "%1" %* Location: HKEY_CLASSES_ROOT\batfile\shell\open\command\ Not checked Unknown Item Search at Google Unknown - may be bad Name: Screen Saver Path: "%1" Location: HKEY_CLASSES_ROOT\scrfile\shell\open\command\ Not checked Unknown Item Search at Google Unknown - may be bad Name: Shortcut to MS-DOS Program Path: "%1" %* Location: HKEY_CLASSES_ROOT\piffile\shell\open\command\ Not checked Unknown Item Search at Google Unknown - may be bad Name: SCRNSAVE.EXE Path: C:\Program Files\Webshots\webshots.scr Location: HKCU\Control Panel\Desktop\ Not checked Unknown Item Search at Google Unknown - may be bad Name: PostBootReminder Path: C:\WINDOWS\system32\SHELL32.dll Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ Not checked Unknown Item Search at Google Unknown - may be bad Name: CDBurn Path: C:\WINDOWS\system32\SHELL32.dll Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ Not checked Unknown Item Search at Google Unknown - may be bad Name: WebCheck Path: C:\WINDOWS\system32\webcheck.dll Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ Not checked Unknown Item Search at Google Unknown - may be bad Name: SysTray Path: C:\WINDOWS\system32\stobject.dll Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ Not checked Unknown Item Search at Google Unknown - may be bad Name: WPDShServiceObj Path: C:\WINDOWS\system32\WPDShServiceObj.dll Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ Not checked Unknown Item Search at Google Layered Service Providers (LSP): Result ToDo Good Name: mswsock.dll Path: %SystemRoot%\system32\ Location: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ Good: 1 - Bad: 0 View Details Good Name: rsvpsp.dll Path: %SystemRoot%\system32\ Location: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ Good: 1 - Bad: 0 View Details Explorer And Browser Addons: Result ToDo Unknown - may be bad Name: SpywareBlock Class Path: C:\Program Files\SpyCatcher\SCActiveBlock.dll Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects ClsID: {0A87E45F-537A-40B4-B812-E2544C21A09F} Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Name: SSVHelper Class Path: C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects ClsID: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Name: URL Exec Hook Path: shell32.dll Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ClsID: {AEB6717E-7E19-11d0-97EE-00C04FD91972} Good: 0 - Bad: 0 Unknown Item Search at Google Local Open Ports: Result ToDo Good Port: 135 TCP Path: C:\WINDOWS\system32\svchost.exe (Process ID: 1056) Good: 1 - Bad: 0 View Details Good Port: 445 TCP Path: system (Process ID: 4) Good: 1 - Bad: 0 View Details Not Sure - may be bad Port: 1029 TCP Path: C:\WINDOWS\System32\alg.exe (Process ID: 1184) Good: 1 - Bad: 1 View Details Requires Attention! Compare details with your local values and/or search at Google Not Sure - may be bad Port: 1034 TCP Path: system (Process ID: 0) Good: 1 - Bad: 1 View Details Requires Attention! Compare details with your local values and/or search at Google Unknown - may be bad Port: 1048 TCP Path: C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe (Process ID: 2008) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1060 TCP Path: system (Process ID: 0) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1063 TCP Path: C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE (Process ID: 3096) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1064 TCP Path: system (Process ID: 0) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1065 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1066 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1067 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1068 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1069 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1070 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1072 TCP Path: C:\Program Files\Microsoft Office\Office\WINWORD.EXE (Process ID: 2988) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1073 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1074 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1075 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1076 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1076 TCP Path: system (Process ID: 0) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1077 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1077 TCP Path: system (Process ID: 0) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1078 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1079 TCP Path: C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe (Process ID: 2008) Good: 0 - Bad: 0 Unknown Item Search at Google Not Sure - may be bad Port: 1080 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 1 - Bad: 1 View Details Requires Attention! Compare details with your local values and/or search at Google Bad Port: 1081 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 1 View Details Requires Attention! Compare details with your local values and/or search at Google Bad Port: 1082 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 1 View Details Requires Attention! Compare details with your local values and/or search at Google Bad Port: 1083 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 1 View Details Requires Attention! Compare details with your local values and/or search at Google Unknown - may be bad Port: 1084 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1085 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1086 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1086 TCP Path: system (Process ID: 0) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1087 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1088 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1089 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1089 TCP Path: system (Process ID: 0) Good: 0 - Bad: 0 Unknown Item Search at Google Bad Port: 1090 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 1 View Details Requires Attention! Compare details with your local values and/or search at Google Bad Port: 1090 TCP Path: system (Process ID: 0) Good: 0 - Bad: 1 View Details Requires Attention! Compare details with your local values and/or search at Google Unknown - may be bad Port: 1091 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1092 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1093 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1094 TCP Path: C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe (Process ID: 2008) Good: 0 - Bad: 0 Unknown Item Search at Google Bad Port: 1095 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 1 View Details Requires Attention! Compare details with your local values and/or search at Google Bad Port: 1095 TCP Path: system (Process ID: 0) Good: 0 - Bad: 1 View Details Requires Attention! Compare details with your local values and/or search at Google Unknown - may be bad Port: 1096 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Bad Port: 1097 TCP Path: C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE (Process ID: 3096) Good: 0 - Bad: 1 View Details Requires Attention! Compare details with your local values and/or search at Google Bad Port: 1098 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 1 View Details Requires Attention! Compare details with your local values and/or search at Google Bad Port: 1099 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 1 View Details Requires Attention! Compare details with your local values and/or search at Google Not Sure - may be bad Port: 1100 TCP Path: system (Process ID: 0) Good: 1 - Bad: 1 View Details Requires Attention! Compare details with your local values and/or search at Google Unknown - may be bad Port: 1102 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1103 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1103 TCP Path: system (Process ID: 0) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1104 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1105 TCP Path: C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe (Process ID: 2008) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1106 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1107 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1108 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1109 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1110 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1110 TCP Path: system (Process ID: 0) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1111 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1112 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1113 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1114 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1118 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1118 TCP Path: system (Process ID: 0) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1119 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1120 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1120 TCP Path: system (Process ID: 0) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1121 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1122 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1126 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1127 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1127 TCP Path: system (Process ID: 0) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1128 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1129 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1130 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1131 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1131 TCP Path: system (Process ID: 0) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1132 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1132 TCP Path: system (Process ID: 0) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1133 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1134 TCP Path: C:\Program Files\MOZILL~1\FIREFOX.EXE (Process ID: 3280) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1134 TCP Path: system (Process ID: 0) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1135 TCP Path: C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE (Process ID: 3096) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 4999 TCP Path: C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe (Process ID: 2008) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 8118 TCP Path: C:\Program Files\Privoxy\privoxy.exe (Process ID: 204) Good: 0 - Bad: 0 Unknown Item Search at Google Good Port: 123 UDP Path: C:\WINDOWS\System32\svchost.exe (Process ID: 1096) Good: 1 - Bad: 0 View Details Good Port: 445 UDP Path: system (Process ID: 4) Good: 1 - Bad: 0 View Details Good Port: 500 UDP Path: C:\WINDOWS\system32\lsass.exe (Process ID: 736) Good: 1 - Bad: 0 View Details Not Sure - may be bad Port: 1025 UDP Path: C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe (Process ID: 2008) Good: 1 - Bad: 1 View Details Requires Attention! Compare details with your local values and/or search at Google Unknown - may be bad Port: 1038 UDP Path: C:\WINDOWS\system32\svchost.exe (Process ID: 1192) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1055 UDP Path: C:\WINDOWS\system32\svchost.exe (Process ID: 1192) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1071 UDP Path: C:\Program Files\Microsoft Office\Office\WINWORD.EXE (Process ID: 2988) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1115 UDP Path: C:\WINDOWS\system32\svchost.exe (Process ID: 1192) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1116 UDP Path: C:\WINDOWS\system32\svchost.exe (Process ID: 1192) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1117 UDP Path: C:\WINDOWS\system32\svchost.exe (Process ID: 1192) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 1900 UDP Path: C:\WINDOWS\system32\svchost.exe (Process ID: 1248) Good: 0 - Bad: 0 Unknown Item Search at Google Unknown - may be bad Port: 4500 UDP Path: C:\WINDOWS\system32\lsass.exe (Process ID: 736) Good: 0 - Bad: 0 Unknown Item Search at Google Running Processes: Result ToDo Good Name: [System Process] Process ID: 0 Path: Info: Threads: 1 - Priority: N/A - Visible: No Good: 1 - Bad: 0 View Details Good Name: System Process ID: 4 Path: Info: Threads: 68 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Good Name: privoxy.exe Process ID: 204 Path: C:\Program Files\Privoxy\privoxy.exe Info: Threads: 2 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Good Name: Scheduler daemon.exe Process ID: 264 Path: C:\Program Files\SpyCatcher\Scheduler daemon.exe Info: Threads: 1 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Unknown - may be bad Name: webshots.scr Process ID: 308 Path: C:\Program Files\Webshots\webshots.scr Info: Threads: 1 - Priority: Normal - Visible: No Good: 0 - Bad: 0 Unknown Item Search at Google Submit new process info Not Sure - may be bad Name: smss.exe Process ID: 608 Path: C:\WINDOWS\System32\smss.exe Info: Threads: 3 - Priority: Normal - Visible: No Good: 1 - Bad: 2 View Details Requires Attention! Compare details with your local values and/or search at Google Not Sure - may be bad Name: csrss.exe Process ID: 656 Path: C:\WINDOWS\system32\csrss.exe Info: Threads: 12 - Priority: Normal - Visible: No Good: 1 - Bad: 3 View Details Requires Attention! Compare details with your local values and/or search at Google Not Sure - may be bad Name: winlogon.exe Process ID: 680 Path: C:\WINDOWS\system32\winlogon.exe Info: Threads: 19 - Priority: High - Visible: No Good: 1 - Bad: 2 View Details Requires Attention! Compare details with your local values and/or search at Google Not Sure - may be bad Name: services.exe Process ID: 724 Path: C:\WINDOWS\system32\services.exe Info: Threads: 15 - Priority: Normal - Visible: No Good: 1 - Bad: 3 View Details Requires Attention! Compare details with your local values and/or search at Google Good Name: lsass.exe Process ID: 736 Path: C:\WINDOWS\system32\lsass.exe Info: Threads: 19 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Good Name: SRVANY.EXE Process ID: 920 Path: C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE Info: Threads: 1 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Unknown - may be bad Name: SCTThresholdMonitor.EXE Process ID: 972 Path: C:\Program Files\Microsoft Shared Computer Toolkit\bin\SCTThresholdMonitor.exe Info: Threads: 1 - Priority: Normal - Visible: No Good: 0 - Bad: 0 Unknown Item Search at Google Submit new process info Not Sure - may be bad Name: svchost.exe Process ID: 984 Path: C:\WINDOWS\system32\svchost.exe Info: Threads: 15 - Priority: Normal - Visible: No Good: 1 - Bad: 2 View Details Requires Attention! Compare details with your local values and/or search at Google Not Sure - may be bad Name: svchost.exe Process ID: 1056 Path: C:\WINDOWS\system32\svchost.exe Info: Threads: 10 - Priority: Normal - Visible: No Good: 1 - Bad: 2 View Details Requires Attention! Compare details with your local values and/or search at Google Not Sure - may be bad Name: svchost.exe Process ID: 1096 Path: C:\WINDOWS\System32\svchost.exe Info: Threads: 64 - Priority: Normal - Visible: No Good: 1 - Bad: 2 View Details Requires Attention! Compare details with your local values and/or search at Google Not Sure - may be bad Name: alg.exe Process ID: 1184 Path: C:\WINDOWS\System32\alg.exe Info: Threads: 6 - Priority: Normal - Visible: No Good: 1 - Bad: 1 View Details Requires Attention! Compare details with your local values and/or search at Google Not Sure - may be bad Name: svchost.exe Process ID: 1192 Path: C:\WINDOWS\system32\svchost.exe Info: Threads: 6 - Priority: Normal - Visible: No Good: 1 - Bad: 2 View Details Requires Attention! Compare details with your local values and/or search at Google Not Sure - may be bad Name: svchost.exe Process ID: 1248 Path: C:\WINDOWS\system32\svchost.exe Info: Threads: 13 - Priority: Normal - Visible: No Good: 1 - Bad: 2 View Details Requires Attention! Compare details with your local values and/or search at Google Not Sure - may be bad Name: explorer.exe (Software) Process ID: 1504 Path: C:\WINDOWS\Explorer.EXE Info: Threads: 15 - Priority: Normal - Visible: Yes Good: 2 - Bad: 1 View Details Requires Attention! Compare details with your local values and/or search at Google Good Name: spoolsv.exe Process ID: 1512 Path: C:\WINDOWS\system32\spoolsv.exe Info: Threads: 12 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Good Name: avgamsvr.exe Process ID: 1648 Path: C:\Program Files\Grisoft\AVGFRE~1\avgamsvr.exe Info: Threads: 8 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Good Name: avgupsvc.exe Process ID: 1804 Path: C:\Program Files\Grisoft\AVGFRE~1\avgupsvc.exe Info: Threads: 3 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Good Name: avgcc.exe Process ID: 1932 Path: C:\Program Files\Grisoft\AVGFRE~1\avgcc.exe Info: Threads: 6 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Good Name: realsched.exe Process ID: 1968 Path: C:\Program Files\Common Files\Real\Update_OB\realsched.exe Info: Threads: 4 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Good Name: jusched.exe Process ID: 1976 Path: C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe Info: Threads: 1 - Priority: Normal - Visible: No Good: 2 - Bad: 0 View Details Unknown - may be bad Name: DesktopWeather.exe Process ID: 2008 Path: C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe Info: Threads: 10 - Priority: Normal - Visible: No Good: 0 - Bad: 0 Unknown Item Search at Google Submit new process info Not Sure - may be bad Name: ctfmon.exe Process ID: 2016 Path: C:\WINDOWS\system32\ctfmon.exe Info: Threads: 1 - Priority: Normal - Visible: No Good: 2 - Bad: 1 View Details Requires Attention! Compare details with your local values and/or search at Google Good Name: vidalia.exe Process ID: 2024 Path: C:\Program Files\Vidalia\vidalia.exe Info: Threads: 2 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Good Name: uphclean.exe Process ID: 2032 Path: C:\Program Files\UPHClean\uphclean.exe Info: Threads: 2 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Good Name: WINWORD.EXE (HijackThis Logfile Procedures.doc - Microsoft Word) Process ID: 2988 Path: C:\Program Files\Microsoft Office\Office\WINWORD.EXE Info: Threads: 4 - Priority: Normal - Visible: Yes Good: 1 - Bad: 0 View Details Good Name: OUTLOOK.EXE (Inbox - Microsoft Outlook) Process ID: 3076 Path: C:\Program Files\MICROS~2\Office\OUTLOOK.EXE Info: Threads: 7 - Priority: Normal - Visible: Yes Good: 1 - Bad: 0 View Details Unknown - may be bad Name: MAPISP32.EXE Process ID: 3096 Path: C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE Info: Threads: 6 - Priority: Normal - Visible: No Good: 0 - Bad: 0 Unknown Item Search at Google Submit new process info Good Name: a2hijackfree.exe (a-squared HiJackFree) Process ID: 3128 Path: C:\Program Files\a-squared HiJackFree\a2hijackfree.exe Info: Threads: 4 - Priority: Normal - Visible: Yes Good: 1 - Bad: 0 View Details Good Name: firefox.exe (Posting New Topic - TomCoyote - Mozilla Firefox) Process ID: 3280 Path: C:\Program Files\MOZILL~1\FIREFOX.EXE Info: Threads: 11 - Priority: Normal - Visible: Yes Good: 1 - Bad: 0 View Details Good Name: EXCEL.EXE (Microsoft Excel - Accts 27 May 07.xls) Process ID: 3868 Path: C:\Program Files\Microsoft Office\Office\EXCEL.EXE Info: Threads: 4 - Priority: Normal - Visible: Yes Good: 1 - Bad: 0 View Details This analysis is saved and available for at least 7 days at this website address. Request any help you can provide. Thanks,

Advertisements

Register to Remove

#2 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 10 June 2007 - 11:09 AM

Wildwacker,

Welcome to the forum.

Hijackthis 1.99.1
Its important that Hijackthis is installed in its own permanent folder for backup purposes.

Go to where you currently have HJT installed and delete the whole folder.
Use the link above or the links in my signature to download HJT 1.99.1 setup to your desktop
Double Click on the Setup icon and by defaut it will unzip to C:\Program Files\Hijackthis

Open HJT Scan and Save a Log File, it will open in Notepad
Go to Format and make sure Wordwrap is Unchecked
Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread.
Please use and not

DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#3 Wildwacker

New Member

Authentic Member
9 posts

Posted 10 June 2007 - 06:13 PM

Here is the new log file and thanks again for your help:
Logfile of HijackThis v1.99.1
Scan saved at 8:07:33 PM, on 6/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE
C:\Program Files\Microsoft Shared Computer Toolkit\bin\SCTThresholdMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Vidalia\vidalia.exe
C:\Program Files\Privoxy\privoxy.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....cid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - C:\Program Files\Copernic Desktop Search\CopernicDesktopSearchIntegration977.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia\vidalia.exe"
O4 - Startup: Check Windows Disk Protection.lnk = C:\Program Files\Microsoft Shared Computer Toolkit\CheckWDP.hta
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1149448994887
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1158888199190
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E763306-1A93-46D2-9CA5-6D25444DF1A6}: NameServer = 72.236.228.6 72.236.228.17
O20 - AppInit_DLLs: secuload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SCTThresholdMonitor (SCTThresholdMon) - Unknown owner - C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE
O23 - Service: WDPOperations - Unknown owner - C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE

#4 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 10 June 2007 - 06:38 PM

Wildwacker,

What can you tell me about this, is it something you know about and use?? If not it could be malware.
C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE

Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Post the Combofix log and a New HJT log please

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#5 Wildwacker

New Member

Authentic Member
9 posts

Posted 10 June 2007 - 08:24 PM

Here is the new Hijackthis file Logfile of HijackThis v1.99.1
Scan saved at 10:16:08 PM, on 6/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE
C:\Program Files\Microsoft Shared Computer Toolkit\bin\SCTThresholdMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Vidalia\vidalia.exe
C:\Program Files\Privoxy\privoxy.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\explorer.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - C:\Program Files\Copernic Desktop Search\CopernicDesktopSearchIntegration977.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia\vidalia.exe"
O4 - Startup: Check Windows Disk Protection.lnk = C:\Program Files\Microsoft Shared Computer Toolkit\CheckWDP.hta
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1149448994887
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1158888199190
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E763306-1A93-46D2-9CA5-6D25444DF1A6}: NameServer = 72.236.228.6 72.236.228.17
O20 - AppInit_DLLs: secuload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SCTThresholdMonitor (SCTThresholdMon) - Unknown owner - C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE
O23 - Service: WDPOperations - Unknown owner - C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE

And here is the combofix file
ComboFix 07-06-11.3 - C:\My Downloads\ComboFix.exe
"Dad" - 2007-06-10 21:50:24 - Service Pack 2 NTFS

((((((((((((((((((((((((( Files Created from 2007-05-11 to 2007-06-11 )))))))))))))))))))))))))))))))

2007-06-10 21:48 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-31 18:28 <DIR> d-------- C:\DOCUME~1\Dad\APPLIC~1\U3
2007-05-20 07:24 <DIR> d-------- C:\DOCUME~1\Dad\APPLIC~1\gtopala
2007-05-19 22:50 <DIR> d-------- C:\Program Files\IObit
2007-05-19 21:29 <DIR> d-------- C:\Program Files\Vidalia
2007-05-19 21:29 <DIR> d-------- C:\Program Files\Tor
2007-05-19 21:29 <DIR> d-------- C:\Program Files\Privoxy
2007-05-19 21:29 <DIR> d-------- C:\DOCUME~1\Dad\APPLIC~1\Vidalia
2007-05-19 21:29 <DIR> d-------- C:\DOCUME~1\Dad\APPLIC~1\Tor
2007-05-19 15:55 40,960 --a-s---- C:\WINDOWS\system32\ProcessKiller.dll
2007-05-19 15:55 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2007-05-19 15:55 169,544 --a-s---- C:\WINDOWS\system32\SecuLoad.dll
2007-05-19 15:55 1,103,944 --a-s---- C:\WINDOWS\system32\Protector.dll
2007-05-19 15:55 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2007-05-19 07:53 <DIR> d--h----- C:\BJPrinter
2007-05-19 07:52 <DIR> d-------- C:\Program Files\Copernic Desktop Search
2007-05-19 05:29 <DIR> d-------- C:\Program Files\Copernic Desktop Search 2(3)
2007-05-10 21:06 <DIR> d-------- C:\Program Files\MalwareBot

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-11 00:03:18 -------- d-----w C:\Program Files\a-squared HiJackFree
2007-06-02 10:44:30 -------- d-----w C:\Program Files\Quicken
2007-05-19 20:17:39 -------- d-----w C:\Program Files\WhatsRunning
2007-05-19 19:55:57 -------- d-----w C:\Program Files\SpyCatcher
2007-05-19 11:55:03 -------- d-----w C:\DOCUME~1\Dad\APPLIC~1\AdobeUM
2007-05-19 11:53:33 -------- d-----w C:\Program Files\Windows Defender
2007-05-19 11:52:59 -------- d-----w C:\Program Files\Copernic Desktop Search 2(2)
2007-05-19 11:49:06 -------- d-----w C:\Program Files\Eusing Free Registry Cleaner
2007-05-19 11:49:01 -------- d-----w C:\Program Files\ImgBurn
2007-04-29 01:52:01 -------- d-----w C:\DOCUME~1\Dad\APPLIC~1\Roxio
2007-04-29 01:48:06 -------- d-----w C:\DOCUME~1\Dad\APPLIC~1\ImgBurn
2007-04-27 23:22:01 -------- d-----w C:\DOCUME~1\Dad\APPLIC~1\Tenebril
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 02:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 02:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-03-19 09:47:42 262,144 ----a-w C:\WINDOWS\system32\default_user_class.dat
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 22:16:42 236,928 ----a-w C:\WINDOWS\system32\WgaLogon(2)(3).dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{0A87E45F-537A-40B4-B812-E2544C21A09F}=C:\Program Files\SpyCatcher\SCActiveBlock.dll [2005-08-22 21:57]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-05-19 09:16]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-18 12:39]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2006-04-19 09:30]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]
"Vidalia"="C:\Program Files\Vidalia\vidalia.exe" [2006-08-30 20:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=secuload.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe -a

Contents of the 'Scheduled Tasks' folder
2007-06-10 05:50:01 C:\WINDOWS\tasks\MP Scheduled Scan.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-10 21:58:36
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwQueryDirectoryFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-10 22:00:18

--- E O F ---

#6 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 11 June 2007 - 04:40 AM

Good Morning,

What can you tell me about this, is it something you know about and use?? If not it could be malware.
C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE

Open HijackThis > Do a System Scan Only, close your browser and all open windows, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O20 - AppInit_DLLs: secuload.dll

You need to enable windows to show all files and folders, instructions Here

Do a search for this file secuload.dll and delete it, it should be here C:\windows\system32\secuload.dll

Post a new HJT log.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#7 Wildwacker

New Member

Authentic Member
9 posts

Posted 11 June 2007 - 03:55 PM

I did as you recommended and here is the HJT log

Logfile of HijackThis v1.99.1
Scan saved at 5:47:04 PM, on 6/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE
C:\Program Files\Microsoft Shared Computer Toolkit\bin\SCTThresholdMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\UPHClean\uphclean.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vidalia\vidalia.exe
C:\Program Files\Privoxy\privoxy.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - C:\Program Files\Copernic Desktop Search\CopernicDesktopSearchIntegration977.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia\vidalia.exe"
O4 - Startup: Check Windows Disk Protection.lnk = C:\Program Files\Microsoft Shared Computer Toolkit\CheckWDP.hta
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1149448994887
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1158888199190
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SCTThresholdMonitor (SCTThresholdMon) - Unknown owner - C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE
O23 - Service: WDPOperations - Unknown owner - C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE

#8 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 11 June 2007 - 05:16 PM

Log looks fine :thumbup:

How is your system running now??

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#9 Wildwacker

New Member

Authentic Member
9 posts

Posted 11 June 2007 - 07:35 PM

My system seems to be running normally now. Thank you very much for all your help. Terry

#10 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 11 June 2007 - 07:39 PM

Thats great, glad we could help.

How did I get infected in the first place ? Read these links and find out how to prevent getting infected again.

Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
Tom Coyote
TonyKlein CastleCops
Grinler BleepingComputer
Geeks To Go
Dslreports

Here are some free programs to install, don't leave home without them

Spybot Search and Destroy 1.4
Check for Updates/ Immunize and run a Full System Scan on a regular basis.
Ad-Aware SE Personal 1.06
Check for Updates and run a Full System Scan on a regular basis.
Spyware Blaster It will prevent most spyware from ever being installed.
Spyware Guard It offers realtime protection from spyware installation attempts.
Win Patrol This program will warn you when any changes are being made to your system and give you the option to deny the change.
IE-Spyad
IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
Firefox 2.0 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
Zone Alarm Here is a free Firewall from Zone Labs, I wouldn't access the internet without it.

Thanks for stopping by Tom Coyote , I'm glad I was able to help you.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#11 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 12 June 2007 - 04:40 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Body Background

skin color theme