| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 107022 | 2010-02-01 06:23:00 | N Program Problem | I_69_98 (15606) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 854273 | 2010-02-01 06:23:00 | I have the N-program problem. It slows down my PC. How do I remove this program? Here is Hijack This post. Please Help!!!!!!!!!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:55:51 PM, on 1/31/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyS ervice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\TUProgSt.exe C:\WINNT\system32\WgaTray.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\VTTimer.exe C:\Program Files\VIAudioi\SBADeck\ADeck.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy. exe C:\Documents and Settings\Chango\Application Data\mjusbsp\magicJack.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0 R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Chango\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy. exe" /hide O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - platformdl.adobe.com O20 - AppInit_DLLs: C:\WINNT\System32\ O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyS ervice.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing) O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINNT\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINNT\System32\TUProgSt.exe -- End of file - 7357 bytes |
I_69_98 (15606) | ||
| 854274 | 2010-02-01 06:52:00 | i would get rid of one antispyware program, ie comcast, as two will conflict. | GameJunkie (72) | ||
| 854275 | 2010-02-01 09:08:00 | You can tick these then tick fix checked Close browsers R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch. exe" -start O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl. exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe Yup and uninstall this you dont need it O4 - HKCU\..\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy. exe" /hide Whats this ? O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Chango\Application Data\mjusbsp\cdloader2. exe" MAGICJACK O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICW Desktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O20 - AppInit_DLLs: C:\WINNT\System32\ |
Speedy Gonzales (78) | ||
| 854276 | 2010-02-01 11:36:00 | Thanks. I ran hjt and got rid of everything you suggested except for this program which is my phone service. C:\Documents and Settings\Chango\Application Data\mjusbsp\magicJack.exe Here is the hjt report. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:25:36 AM, on 2/1/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyS ervice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\TUProgSt.exe C:\WINNT\system32\WgaTray.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\VTTimer.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\ Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy. exe C:\Documents and Settings\Chango\Application Data\mjusbsp\magicJack.exe C:\Program Files\Avira\AntiVir Desktop\avscan.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Chango\My Documents\zaSuiteSetup_80_400_020_en.exe C:\DOCUME~1\Chango\LOCALS~1\Temp\GLBF.tmp C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0 R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch. exe" -start O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20. exe" -t O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl. exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM. exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt. exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\ Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Chango\Application Data\mjusbsp\cdloader2. exe" MAGICJACK O4 - HKCU\..\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy. exe" /hide O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - platformdl.adobe.com O20 - AppInit_DLLs: C:\WINNT\System32\ O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyS ervice.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing) O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINNT\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINNT\System32\TUProgSt.exe -- End of file - 7483 bytes |
I_69_98 (15606) | ||
| 854277 | 2010-02-01 11:47:00 | Here was me thinking that bonjour was not really good either. | Sweep (90) | ||
| 854278 | 2010-02-02 07:34:00 | I'm assuming that HJT was OK . I'm going to post my Avira Antivir report can you guys please help with this . Avira AntiVir Personal Report file date: Monday, February 01, 2010 13:35 Scanning for 1712557 virus strains and unwanted programs . Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5 . 1 . 2600] Boot mode : Normally booted Username : SYSTEM Computer name : MONKEY Version information: BUILD . DAT : 9 . 0 . 0 . 419 21701 Bytes 1/22/2010 18:29:00 AVSCAN . EXE : 9 . 0 . 3 . 10 466689 Bytes 10/13/2009 19:26:33 AVSCAN . DLL : 9 . 0 . 3 . 0 40705 Bytes 2/27/2009 18:58:24 LUKE . DLL : 9 . 0 . 3 . 2 209665 Bytes 2/20/2009 19:35:49 LUKERES . DLL : 9 . 0 . 2 . 0 12033 Bytes 2/27/2009 18:58:52 VBASE000 . VDF : 7 . 10 . 0 . 0 19875328 Bytes 11/6/2009 15:35:52 VBASE001 . VDF : 7 . 10 . 1 . 0 1372672 Bytes 11/19/2009 11:26:23 VBASE002 . VDF : 7 . 10 . 3 . 1 3143680 Bytes 1/20/2010 05:28:29 VBASE003 . VDF : 7 . 10 . 3 . 75 996864 Bytes 1/26/2010 05:28:32 VBASE004 . VDF : 7 . 10 . 3 . 76 2048 Bytes 1/26/2010 05:28:33 VBASE005 . VDF : 7 . 10 . 3 . 77 2048 Bytes 1/26/2010 05:28:33 VBASE006 . VDF : 7 . 10 . 3 . 78 2048 Bytes 1/26/2010 05:28:33 VBASE007 . VDF : 7 . 10 . 3 . 79 2048 Bytes 1/26/2010 05:28:33 VBASE008 . VDF : 7 . 10 . 3 . 80 2048 Bytes 1/26/2010 05:28:33 VBASE009 . VDF : 7 . 10 . 3 . 81 2048 Bytes 1/26/2010 05:28:34 VBASE010 . VDF : 7 . 10 . 3 . 82 2048 Bytes 1/26/2010 05:28:34 VBASE011 . VDF : 7 . 10 . 3 . 83 2048 Bytes 1/26/2010 05:28:34 VBASE012 . VDF : 7 . 10 . 3 . 84 2048 Bytes 1/26/2010 05:28:34 VBASE013 . VDF : 7 . 10 . 3 . 85 2048 Bytes 1/26/2010 05:28:35 VBASE014 . VDF : 7 . 10 . 3 . 122 172544 Bytes 1/29/2010 05:36:11 VBASE015 . VDF : 7 . 10 . 3 . 123 2048 Bytes 1/29/2010 05:36:11 VBASE016 . VDF : 7 . 10 . 3 . 124 2048 Bytes 1/29/2010 05:36:11 VBASE017 . VDF : 7 . 10 . 3 . 125 2048 Bytes 1/29/2010 05:36:12 VBASE018 . VDF : 7 . 10 . 3 . 126 2048 Bytes 1/29/2010 05:36:12 VBASE019 . VDF : 7 . 10 . 3 . 127 2048 Bytes 1/29/2010 05:36:12 VBASE020 . VDF : 7 . 10 . 3 . 128 2048 Bytes 1/29/2010 05:36:13 VBASE021 . VDF : 7 . 10 . 3 . 129 2048 Bytes 1/29/2010 05:36:13 VBASE022 . VDF : 7 . 10 . 3 . 130 2048 Bytes 1/29/2010 05:36:13 VBASE023 . VDF : 7 . 10 . 3 . 131 2048 Bytes 1/29/2010 05:36:14 VBASE024 . VDF : 7 . 10 . 3 . 132 2048 Bytes 1/29/2010 05:36:14 VBASE025 . VDF : 7 . 10 . 3 . 133 2048 Bytes 1/29/2010 05:36:14 VBASE026 . VDF : 7 . 10 . 3 . 134 2048 Bytes 1/29/2010 05:36:15 VBASE027 . VDF : 7 . 10 . 3 . 135 2048 Bytes 1/29/2010 05:36:15 VBASE028 . VDF : 7 . 10 . 3 . 136 2048 Bytes 1/29/2010 05:36:15 VBASE029 . VDF : 7 . 10 . 3 . 137 2048 Bytes 1/29/2010 05:36:15 VBASE030 . VDF : 7 . 10 . 3 . 138 2048 Bytes 1/29/2010 05:36:16 VBASE031 . VDF : 7 . 10 . 3 . 140 12800 Bytes 1/31/2010 08:14:42 Engineversion : 8 . 2 . 1 . 154 AEVDF . DLL : 8 . 1 . 1 . 3 106868 Bytes 1/29/2010 05:28:46 AESCRIPT . DLL : 8 . 1 . 3 . 12 823675 Bytes 1/29/2010 05:28:45 AESCN . DLL : 8 . 1 . 4 . 0 127348 Bytes 1/29/2010 05:28:44 AESBX . DLL : 8 . 1 . 1 . 1 246132 Bytes 11/8/2009 15:38:44 AERDL . DLL : 8 . 1 . 3 . 4 479605 Bytes 1/15/2010 11:28:09 AEPACK . DLL : 8 . 2 . 0 . 5 422262 Bytes 1/15/2010 11:28:05 AEOFFICE . DLL : 8 . 1 . 0 . 38 196987 Bytes 11/8/2009 15:38:38 AEHEUR . DLL : 8 . 1 . 1 . 1 2322805 Bytes 1/29/2010 05:28:44 AEHELP . DLL : 8 . 1 . 10 . 0 237942 Bytes 1/15/2010 11:27:44 AEGEN . DLL : 8 . 1 . 1 . 85 369012 Bytes 1/29/2010 05:28:40 AEEMU . DLL : 8 . 1 . 1 . 0 393587 Bytes 11/8/2009 15:38:26 AECORE . DLL : 8 . 1 . 10 . 0 184695 Bytes 1/29/2010 05:28:39 AEBB . DLL : 8 . 1 . 0 . 3 53618 Bytes 11/8/2009 15:38:20 AVWINLL . DLL : 9 . 0 . 0 . 3 18177 Bytes 12/12/2008 16:47:59 AVPREF . DLL : 9 . 0 . 3 . 0 44289 Bytes 8/26/2009 23:14:02 AVREP . DLL : 8 . 0 . 0 . 3 155905 Bytes 1/20/2009 22:34:28 AVREG . DLL : 9 . 0 . 0 . 0 36609 Bytes 12/5/2008 18:32:09 AVARKT . DLL : 9 . 0 . 0 . 3 292609 Bytes 3/24/2009 23:05:41 AVEVTLOG . DLL : 9 . 0 . 0 . 7 167169 Bytes 1/30/2009 18:37:08 SQLITE3 . DLL : 3 . 6 . 1 . 0 326401 Bytes 1/28/2009 23:03:49 SMTPLIB . DLL : 9 . 2 . 0 . 25 28417 Bytes 2/2/2009 16:21:33 NETNT . DLL : 9 . 0 . 0 . 0 11521 Bytes 12/5/2008 18:32:10 RCIMAGE . DLL : 9 . 0 . 0 . 25 2438913 Bytes 5/15/2009 23:39:58 RCTEXT . DLL : 9 . 0 . 73 . 0 86785 Bytes 10/13/2009 20:25:47 Configuration settings for the scan: Jobname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . : Complete system scan Configuration file . . . . . . . . . . . . . . . . . . : c:\program files\avira\antivir desktop\sysscan . avp Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . : low Primary action . . . . . . . . . . . . . . . . . . . . . . : interactive Secondary action . . . . . . . . . . . . . . . . . . . . : ignore Scan master boot sector . . . . . . . . . . . . . : on Scan boot sector . . . . . . . . . . . . . . . . . . . . : on Boot sectors . . . . . . . . . . . . . . . . . . . . . . . . : C:, D:, Process scan . . . . . . . . . . . . . . . . . . . . . . . . : on Scan registry . . . . . . . . . . . . . . . . . . . . . . . : on Search for rootkits . . . . . . . . . . . . . . . . . : on Integrity checking of system files . . : off Scan all files . . . . . . . . . . . . . . . . . . . . . . : All files Scan archives . . . . . . . . . . . . . . . . . . . . . . . : on Recursion depth . . . . . . . . . . . . . . . . . . . . . : 20 Smart extensions . . . . . . . . . . . . . . . . . . . . : on Macro heuristic . . . . . . . . . . . . . . . . . . . . . : on File heuristic . . . . . . . . . . . . . . . . . . . . . . : medium Deviating risk categories . . . . . . . . . . . : +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR, Start of the scan: Monday, February 01, 2010 13:35 Starting search for hidden objects . '61143' objects were checked, '0' hidden objects were found . The scan of running processes will be started Scan process 'avscan . exe' - '1' Module(s) have been scanned Scan process 'avcenter . exe' - '1' Module(s) have been scanned Scan process 'magicJack . exe' - '1' Module(s) have been scanned Scan process 'svchost . exe' - '1' Module(s) have been scanned Scan process 'alg . exe' - '1' Module(s) have been scanned Scan process 'mantispm . exe' - '0' Module(s) have been scanned Scan process 'TUProgSt . exe' - '1' Module(s) have been scanned Scan process 'svchost . exe' - '1' Module(s) have been scanned Scan process 'sqlwriter . exe' - '1' Module(s) have been scanned Scan process 'jqs . exe' - '1' Module(s) have been scanned Scan process 'ctfmon . exe' - '1' Module(s) have been scanned Scan process 'ITMRTSVC . exe' - '1' Module(s) have been scanned Scan process 'zlclient . exe' - '0' Module(s) have been scanned Scan process 'avgnt . exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder . exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService . exe' - '1' Module(s) have been scanned Scan process 'ADeck . exe' - '1' Module(s) have been scanned Scan process 'VTTimer . exe' - '1' Module(s) have been scanned Scan process 'ComcastAntiSpyService . exe' - '1' Module(s) have been scanned Scan process 'explorer . exe' - '1' Module(s) have been scanned Scan process 'WgaTray . exe' - '1' Module(s) have been scanned Scan process 'ForceField . exe' - '0' Module(s) have been scanned Scan process 'avguard . exe' - '1' Module(s) have been scanned Scan process 'sched . exe' - '1' Module(s) have been scanned Scan process 'spoolsv . exe' - '1' Module(s) have been scanned Scan process 'ISWSVC . exe' - '0' Module(s) have been scanned Scan process 'vsmon . exe' - '0' Module(s) have been scanned Scan process 'svchost . exe' - '1' Module(s) have been scanned Scan process 'svchost . exe' - '1' Module(s) have been scanned Scan process 'svchost . exe' - '1' Module(s) have been scanned Scan process 'svchost . exe' - '1' Module(s) have been scanned Scan process 'svchost . exe' - '1' Module(s) have been scanned Scan process 'lsass . exe' - '1' Module(s) have been scanned Scan process 'services . exe' - '1' Module(s) have been scanned Scan process 'winlogon . exe' - '1' Module(s) have been scanned Scan process 'csrss . exe' - '1' Module(s) have been scanned Scan process 'smss . exe' - '1' Module(s) have been scanned 32 processes with 32 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! Master boot sector HD2 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Starting to scan executable files (registry) . The registry was scanned ( '56' files ) . Starting the file scan: Begin scan in 'C:\' C:\pagefile . sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file . [NOTE] This file cannot be opened for scanning . C:\Documents and Settings\Chango\My Documents\zaSuiteSetup_80_400_020_en . exe [0] Archive type: ZIP SFX (self extracting) --> SWITCHUNINST_44ZONE LABS . EXE [1] Archive type: RSRC --> WINDOWS6 . 0-KB929547-V2-X64 . MSU [1] Archive type: CAB (Microsoft) --> Windows6 . 0-KB929547-v2-x64 . cab [WARNING] No further files can be extracted from this archive . The archive will be closed C:\Documents and Settings\Chango\My Documents\Downloads\zaSuiteSetup_91_008_000_en(2) . exe [0] Archive type: ZIP SFX (self extracting) --> SWITCHUNINST_44ZONE LABS . EXE [1] Archive type: RSRC --> WINDOWS6 . 0-KB929547-V2-X64 . MSU [1] Archive type: CAB (Microsoft) --> Windows6 . 0-KB929547-v2-x64 . cab [WARNING] No further files can be extracted from this archive . The archive will be closed C:\Documents and Settings\Chango\My Documents\Downloads\zaSuiteSetup_91_008_000_en . exe [0] Archive type: ZIP SFX (self extracting) --> SWITCHUNINST_44ZONE LABS . EXE [1] Archive type: RSRC --> WINDOWS6 . 0-KB929547-V2-X64 . MSU [1] Archive type: CAB (Microsoft) --> Windows6 . 0-KB929547-v2-x64 . cab [WARNING] No further files can be extracted from this archive . The archive will be closed Begin scan in 'D:\' End of the scan: Monday, February 01, 2010 15:43 Used time: 2:08:02 Hour(s) The scan has been done completely . 14019 Scanned directories 583690 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 1 Files cannot be scanned 583689 Files not concerned 17535 Archives were scanned 4 Warnings 1 Notes 61143 Objects were scanned with rootkit scan 0 Hidden objects were found My concern is Pagefile . sys . What does this file do? |
I_69_98 (15606) | ||
| 854279 | 2010-02-02 07:37:00 | The pagefile.sys not being scanned is normal. It is your virtual memory. | Sweep (90) | ||
| 854280 | 2010-02-02 07:41:00 | Tick these then tick fix checked Close browsers You havent ticked anything. Dont forget to tick fix checked R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch. exe" -start O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl. exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe Uninstall this O4 - HKCU\..\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy. exe" /hide O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O20 - AppInit_DLLs: C:\WINNT\System32\ Uninstall this O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe pagefile.sys is part of windows. It deals with memory Dont delete it |
Speedy Gonzales (78) | ||
| 1 | |||||