pc worse after removing trojen and malwar

Discussion in 'Windows - Virus and spyware problems' started by bellyn, Feb 14, 2008.

  1. bellyn

    bellyn Member

    Joined:
    Aug 30, 2007
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    11
    Hello,

    I was hoping someone could help me somehow! I am fairly PC illiterate and with 2 young boys I don't have the time to learn much.

    It all started yesterday when I received a message from Symantec telling me my PCs integrity has been violated (my subscription to Norton run out several months ago so I have not been receiving new updates).

    I then downloaded Antivir, spybot - seek and destroy and panda.
    I also removed Norton and replaced it with a trial version of "The Shield Deluxe 2008".
    All these programmes found several Trojan viruses, worms and a lot of malware, spyware (Backdoor.Win32.IRCBot.dd, blumblebee,webdir,comet,). I removed them as per the programmes advise only now my PC is running so painfully slow it literally freezes constantly? Antivir alerts me to several probs with my registry and files it cannot open, but I am to worried to attempt to fix these.

    I am working in the dark and finding it very hard.

    Any advice would be immensly appreciated, thank's
    Belinda
     
  2. bellyn

    bellyn Member

    Joined:
    Aug 30, 2007
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    11
    I forgot to add, I can supply any info if needed. (depending on what it is, I may need help on how)
    Thanks, Belinda
     
  3. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
    Last edited: Feb 14, 2008
  4. bellyn

    bellyn Member

    Joined:
    Aug 30, 2007
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    11
    Hi, thank you for the responding, I think this is it.

    Logfile of HijackThis v1.99.1
    Scan saved at 12:54:55 PM, on 15/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Media Manager\Viiv\MediaManager.Service.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com.au/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\SCROLL~1\MouseElf.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [AntiVirusProMFC] C:\Program Files\Antivirus Pro\Antivirus Pro.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: Dora Fairytale Adventures Registration.lnk = D:\ATR1.exe
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\scieplugin.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061023/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: The Shield Deluxe 2008 (AVP) - Unknown owner - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe" -r (file missing)
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: MediaManagerService - Unknown owner - C:\Program Files\Media Manager\Viiv\MediaManager.Service.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    Thank you.
     
  5. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
    Yes, that is the correct program. But, an old outdated version. It's important I have the newest version. Delete your old version of HJK. Download the newest version from the download.com link I sent you. Post a new log.
     
  6. bellyn

    bellyn Member

    Joined:
    Aug 30, 2007
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    11
    Hi, this is the log from the new link,

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:13:30 PM, on 15/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Media Manager\Viiv\MediaManager.Service.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com.au/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\SCROLL~1\MouseElf.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [AntiVirusProMFC] C:\Program Files\Antivirus Pro\Antivirus Pro.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Dora Fairytale Adventures Registration.lnk = D:\ATR1.exe
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\scieplugin.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061023/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: The Shield Deluxe 2008 (AVP) - PCSecurityShield - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: MediaManagerService - Unknown owner - C:\Program Files\Media Manager\Viiv\MediaManager.Service.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 10286 bytes
     
  7. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
    OK, great! Please, remove one of your two Anti-Virus programs by going to add/remove programs and deleting. Keep your favorite one for now. You can not have two, causes problems. I'm be back shortly.

    EDIT: Do you know this program?
    O4 - HKCU\..\Run: [AntiVirusProMFC] C:\Program Files\Antivirus Pro\Antivirus Pro.exe
     
    Last edited: Feb 14, 2008
  8. bellyn

    bellyn Member

    Joined:
    Aug 30, 2007
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    11
    Hi, I have removed Anivir and I have spybot and the shield deluxe, can I have them both or should I remove spybot?

    It takes me a while to do anything on my pc, so sorry for the delay, infact after i removed Antivir, I was prompted to shut down my pc, it seems to be working a little faster since??

    Thank's, Belinda
     
  9. bellyn

    bellyn Member

    Joined:
    Aug 30, 2007
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    11
    Hi,

    No, I don't know that programme? Do you think my pc has problems? Thank's for your help!

    Belinda.
     
  10. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
    Yes, I think the entry is a backdoor trojan. Not to worry, we'll get rid of it soon.
    Do you know how to search your hard drive?
    Get rid of shield deluxe. We will download something else.
    Is the teatimer running in Sypbot? That's the small window that keeps poping up over by your clock saying are you sure you want to make changes to the registry, or something like that. Don't remember the exact words.
    Download CCleaner. http://www.majorgeeks.com/download4191.html
    I'll explain how to use this in a few.
    Let me know once you have downloaded it.

    EDIT: Download this free antivirus. http://www.download.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10320142.html Run a full system scan. If it finds anything, quarantine the results, then delete all. Write down want it finds and let me know. Don't worry about cookies, just things like trojans.
     
    Last edited: Feb 14, 2008
  11. bellyn

    bellyn Member

    Joined:
    Aug 30, 2007
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    11
    Hi, I am having trouble removing The Shield Deluxe, it is giving me an error message: error 1921.service the shield dexule 2008 could not be stopped. Verify that you have sufficient privilages to stop the system services?

    I will do a search and try and see if I can fix this, then I will download ccleaner, yes the teatimer in spybot is working, it has given me the registry messages today.

    Thank you again for the help.
    Belinda
     
  12. club42

    club42 Regular member

    Joined:
    Sep 11, 2005
    Messages:
    297
    Likes Received:
    0
    Trophy Points:
    26
    Good idea to use ccleaner. My friend just had a zlob trojan and the registry cleaner sped the computer up enough to fix the problem. Good luck Quickdraw.
     
  13. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
    What steps are you talking to remove shield deluxe? Are you doing this from add/ remove programs? Note: If this program has an icon by the system clock. R/click and shut it down. Then try once again to remove the program.

    We will turn off the tea timer it is a resourse hog! And you will not need it once we are though installing other programs.

    Disable Spybot's TeaTimer. This is a two step process.
    First:
    - Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
    - Choose Exit Spybot S&D Resident
    Second:
    - Open Spybot S&D
    - Click Mode, check Advanced Mode
    - Go To Left Panel, Click Tools, then also in left panel, click Resident
    - If your firewall raises a question, say OK
    - Uncheck the box labeled Resident Tea-Timer and OK any prompts.
    - Use File, Exit to terminate Spybot
    - Reboot your machine for the changes to take effect.
     
    Last edited: Feb 14, 2008
  14. bellyn

    bellyn Member

    Joined:
    Aug 30, 2007
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    11
    Hi, I have removed the shield, I had to disable it first. I have turned of teatimer and installed AVG I am still waiting for the scan to finish, then I will reboot and install ccleaner and post the resualts of AVG, I'm getting there, sorry about the delay,
    Thank you, Belinda.
     
  15. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
    Hello Club42! Yes, Crap Cleaner is certainly a good registry cleaner, very easy to use. Best of all it's Free! Should be ran once per week.
     
  16. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
    Hey, your doing just great! Let me know when you get tired and we can continue later. Always shut down a program before trying to uninstall. This is why you got the earlier error message. This can be done in Task Manager. So how do you like AVG Anti-virus? Download Ad-aware 2007. http://www.download.com/Ad-Aware-2007/3000-8022_4-10045910.html We will be using this later. Do you know how to use Disc Cleanup and Disc Defragmenter?
     
    Last edited: Feb 15, 2008
  17. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
    How to use CCleaner:

    No one likes a slow computer, especially when a PC feels sluggish performing regular activities such as Web surfing, opening programs, or even starting up. If your system seems as if it's swimming through molasses, don't buy a new computer just yet.

    The main reason for overall system sluggishness is spyware. It's that simple. The second-biggest culprit is a lack of routine maintenance. Unused programs, old cache and temp files, and extraneous Registry entries will clog your system over time.

    CCleaner (short for "Crap Cleaner") knows exactly where to find the files that slow down your computer. Get a quick understanding of CCleaner's features, and learn how to properly maintain your system to keep your computer quick and nimble.

    Step 1: Focus your efforts

    For a deep cleaning of your PC, you'll want to get into the nooks and crannies of your system. Using the Cleaner window (the default window when you launch CCleaner), you'll notice several checked boxes that indicate which areas of your computer will be cleaned. Most of the boxes are checked by default, so pay close attention if you only want to scrub certain areas. Tabs at the top offer the ability to clean Windows areas and other applications. Switching between the two tabs allows you to make your choices for a customized cleaning.

    When you're done with your settings, click the Analyze button on the lower left to see which items will be cleaned. You'll see every file CCleaner will delete and also exactly how much memory will be returned to your system after the cleaning.

    Note: It pays to peruse this list before hitting the Run Cleaner button to make sure you're not deleting something important. When you're ready, hit Run Cleaner and watch CCleaner go to work.

    Step 2: Out with the old

    The next step in our spring-cleaning protocol is akin to sorting through and cleaning out those old boxes in the garage. Click the Issues button on the left side of the interface to bring up another set of checked boxes. This set of tasks does everything from eliminating unused file extensions to trashing obsolete software. Uncheck the boxes you don't want to scan and click the Scan for Issues button. At the end of the scan you'll be given the option to click the Fix Selected Issues button.

    Note: We highly recommend you save your current Registry configuration at the prompt in case of a malfunction later. An additional window will ask if you wish to delete specific items. If you know of a specific item in the list that is not a problem, simply tell CCleaner not to fix it. Remember, if you save your configuration beforehand a mistake here is easily reversible.

    Step 3: Uninstall and Startup manager

    Windows comes with its own Add or Remove Programs utility, but it's often slow to load and not the easiest Control Panel item to configure. CCleaner quickly lists all of your active programs, and lets you highlight and uninstall software you no longer want. This part of the program utilizes tools already included in Windows, but the convenience and speed for quick uninstallations is tough to beat.

    To manage your start-up programs, click the Startup button under the Uninstall button in the upper left of the interface. You'll see a list of active start-up items that launch when you boot up your system. Be very careful here: some items are not immediately identifiable and you wouldn't want to shut down your firewall, antivirus program, or any other important program.

    Once you've run through the entire cleaning process, don't be surprised if your computer runs a bit faster. Depending on the capacity of your hard drive, you'll also free up a shocking amount of space if you haven't run a program like CCleaner recently.
     
  18. bellyn

    bellyn Member

    Joined:
    Aug 30, 2007
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    11
    Hi, the AVG scan is finished and no threats where found, I have downloaded ccleaner, I will re-boot now.

    AVG looks great, much better thank the others I installed and it displays information good for a novice like me. I like it!

    I really do appreciate the your help and the time involved, thanks again.

    Belinda.


     
  19. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
    Read through all my posts, make sure you have read everything. Please, address all my questions, they are important and will help me help you fix your computer faster. Go ahead and finish the other downloads. I've also provided instructions for using CCleaner. For now just use the first two steps. We can discuss the other stuff later. We will need to configure your startup programs, you have too many running at the same time. This slows your system down during startup and uses up memory needed for other applications. Here's another free Anti-spyware program to download. http://www.superantispyware.com/download.html Run a complete scan with it later. Let me know the results. Note: Important! Always make sure you first update any anti-virus or anti-spyware program before running them!
     
    Last edited: Feb 15, 2008
  20. bellyn

    bellyn Member

    Joined:
    Aug 30, 2007
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    11
    I have followed all the steps with ccleaer, I have downloaded superantispyware and performed a scan, it is at 19min and so far has found 2 adware cookies , I have downloaded adaware also.

    I hope I havn't left it to long,
    Thank's Belinda.
     

Share This Page