 Hijack This, freezing up |
Suggest A Fix PC Support Forums > Security > Malicious Code: Viruses, Trojans, Spyware and Browser HiJacking  |
| Hijack This, freezing up |
| hardtimes |
 Dec 11 2009, 11:08 AM
Post
#1
|
|
Group: Star Member Posts: 134 Joined: 19-July 05 Member No.: 10,975  |
my pc is running win98. it takes forever to load up a page and then it freeze i have to ping yahoo.com to unfreeze it . and then i will try to hit on something on that page ang it freezes up again.so i ping again. can you help me
. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:15:47 PM, on 12/11/09 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE C:\PROGRAM FILES\ERROR NUKER\BIN\ERRORNUKER.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE C:\WINDOWS\SYSTEM\ATI2CWXX.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACRORD32.EXE C:\PROGRAM FILES\DEEPNET EXPLORER\DEEPNET.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\LEXBCES.EXE C:\WINDOWS\SYSTEM\LEXPPS.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.peoplepc.com/homepage R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://support.cavtel.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer by Cavalier Telephone, LLC R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 67.62.241.163 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLL O3 - Toolbar: (no name) - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evae.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [VidSvr] O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE O4 - .DEFAULT Startup: PowerReg SchedulerV2.exe (User 'Default user') O4 - Startup: PowerReg SchedulerV2.exe O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_AddToList.html O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL O15 - Trusted Zone: Adult link removed O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v43/yacscom.cab O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = cavtel.net O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 64.83.1.10,209.137.160.7 O20 - Winlogon Notify: !SASWinLogon - C:\PROGRAM FILES\SUPERANTISPYWARE\SASWINLO.DLL (file missing) -- End of file - 4766 bytes Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:15:47 PM, on 12/11/09 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal |
   |
 
|
| HKEd |
Dec 11 2009, 07:30 PM
Post
#2
|
 Carbon-Based Life Form Group: Administrator Posts: 12,339 Joined: 9-August 01 From: Hong Kong Member No.: 192 |
Run HijackThis and click on 'Do a system scan only'. Put checkmarks in the boxes next to these lines:
O3 - Toolbar: (no name) - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - (no file) O4 - HKLM\..\RunServices: [VidSvr] O15 - Trusted Zone: Adult link removed Click on 'Fix checked' and close HijackThis. Download SilentRunners.VBS to the desktop and run it there. Post the log it generates. NB - wait for the prompt that the scan has completed, otherwise the log will be incomplete. -------------------- If I've helped you, please pass it on and help someone else.
SPAM is not tolerated here. New members posting SPAM will be banned with no warning. |
|
|
|
| hardtimes |
Dec 17 2009, 06:41 PM
Post
#3
|
|
Group: Star Member Posts: 134 Joined: 19-July 05 Member No.: 10,975 |
HARD TIME GETTING THIS TO RUN HERE IS THE LOG. "Silent Runners.vbs", revision 60, http://www.silentrunners.org/ Operating System: Windows 98 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"] "Error Nuker" = "C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart" ["Trek Blue, Inc"] "avast! Web Scanner" = "C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE" ["ALWIL Software"] "ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS] "Ati2cwxx" = "Ati2cwxx.exe" ["ATI Technologies Inc."] "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "QuickTime Task" = ""C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime" ["Apple Computer, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ {++} "LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS] "TrueVector" = "C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service" ["Zone Labs, LLC"] "ATIPOLAB" = "ati2evae.exe" [file not found] "SSDPSRV" = "C:\WINDOWS\SYSTEM\ssdpsrv.exe" [MS] "avast!" = "C:\Program Files\Alwil Software\Avast4\ashServ.exe" ["ALWIL Software"] "SchedulingAgent" = "mstask.exe" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL" ["Adobe Systems Incorporated"] "Silent Runners.vbs", revision 60, http://www.silentrunners.org/ Operating System: Windows 98 Output limited to non-default values, except where indicated by "{++}" |
|
|
|
| HKEd |
Dec 18 2009, 12:28 AM
Post
#4
|
|
Carbon-Based Life Form Group: Administrator Posts: 12,339 Joined: 9-August 01 From: Hong Kong Member No.: 192 |
QUOTE NB - wait for the prompt that the scan has completed, otherwise the log will be incomplete. You didn't wait. -------------------- If I've helped you, please pass it on and help someone else.
SPAM is not tolerated here. New members posting SPAM will be banned with no warning. |
|
|
|
| hardtimes |
Dec 18 2009, 12:23 PM
Post
#5
|
|
Group: Star Member Posts: 134 Joined: 19-July 05 Member No.: 10,975 |
sorry about that. let's try again ( can you tell me why it load the same think 4 times. it all ways does and i erase it most of the time.is there something i'am doing wrong.) "Silent Runners.vbs", revision 60, http://www.silentrunners.org/ Operating System: Windows 98 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"] "Error Nuker" = "C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart" ["Trek Blue, Inc"] "avast! Web Scanner" = "C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE" ["ALWIL Software"] "ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS] "Ati2cwxx" = "Ati2cwxx.exe" ["ATI Technologies Inc."] "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "QuickTime Task" = ""C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime" ["Apple Computer, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ {++} "LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS] "TrueVector" = "C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service" ["Zone Labs, LLC"] "ATIPOLAB" = "ati2evae.exe" [file not found] "SSDPSRV" = "C:\WINDOWS\SYSTEM\ssdpsrv.exe" [MS] "avast!" = "C:\Program Files\Alwil Software\Avast4\ashServ.exe" ["ALWIL Software"] "SchedulingAgent" = "mstask.exe" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL" ["Adobe Systems Incorporated"] "Silent Runners.vbs", revision 60, http://www.silentrunners.org/ Operating System: Windows 98 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"] "Error Nuker" = "C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart" ["Trek Blue, Inc"] "avast! Web Scanner" = "C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE" ["ALWIL Software"] "ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS] "Ati2cwxx" = "Ati2cwxx.exe" ["ATI Technologies Inc."] "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "QuickTime Task" = ""C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime" ["Apple Computer, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ {++} "LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS] "TrueVector" = "C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service" ["Zone Labs, LLC"] "ATIPOLAB" = "ati2evae.exe" [file not found] "SSDPSRV" = "C:\WINDOWS\SYSTEM\ssdpsrv.exe" [MS] "avast!" = "C:\Program Files\Alwil Software\Avast4\ashServ.exe" ["ALWIL Software"] "SchedulingAgent" = "mstask.exe" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL" ["Adobe Systems Incorporated"] "Silent Runners.vbs", revision 60, http://www.silentrunners.org/ Operating System: Windows 98 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"] "Error Nuker" = "C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart" ["Trek Blue, Inc"] "avast! Web Scanner" = "C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE" ["ALWIL Software"] "ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS] "Ati2cwxx" = "Ati2cwxx.exe" ["ATI Technologies Inc."] "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "QuickTime Task" = ""C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime" ["Apple Computer, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ {++} "LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS] "TrueVector" = "C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service" ["Zone Labs, LLC"] "ATIPOLAB" = "ati2evae.exe" [file not found] "SSDPSRV" = "C:\WINDOWS\SYSTEM\ssdpsrv.exe" [MS] "avast!" = "C:\Program Files\Alwil Software\Avast4\ashServ.exe" ["ALWIL Software"] "SchedulingAgent" = "mstask.exe" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL" ["Adobe Systems Incorporated"] "Silent Runners.vbs", revision 60, http://www.silentrunners.org/ Operating System: Windows 98 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"] "Error Nuker" = "C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart" ["Trek Blue, Inc"] "avast! Web Scanner" = "C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE" ["ALWIL Software"] "ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS] "Ati2cwxx" = "Ati2cwxx.exe" ["ATI Technologies Inc."] "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "QuickTime Task" = ""C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime" ["Apple Computer, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ {++} "LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS] "TrueVector" = "C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service" ["Zone Labs, LLC"] "ATIPOLAB" = "ati2evae.exe" [file not found] "SSDPSRV" = "C:\WINDOWS\SYSTEM\ssdpsrv.exe" [MS] "avast!" = "C:\Program Files\Alwil Software\Avast4\ashServ.exe" ["ALWIL Software"] "SchedulingAgent" = "mstask.exe" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL" ["Adobe Systems Incorporated"] |
|
|
|
| HKEd |
Dec 18 2009, 07:10 PM
Post
#6
|
|
Carbon-Based Life Form Group: Administrator Posts: 12,339 Joined: 9-August 01 From: Hong Kong Member No.: 192 |
Please wait for the PROMPT that the scan has finished. If you open the log file before the prompt, the log will be incomplete.
QUOTE can you tell me why it load the same think 4 times. it all ways does and i erase it most of the time.is there something i'am doing wrong I have no idea what you are trying to say. -------------------- If I've helped you, please pass it on and help someone else.
SPAM is not tolerated here. New members posting SPAM will be banned with no warning. |
|
|
|
| hardtimes |
Dec 19 2009, 02:39 AM
Post
#7
|
|
Group: Star Member Posts: 134 Joined: 19-July 05 Member No.: 10,975 |
HKEd ! Now after i run the program a small box comes up and says that the program is completed, And i will try again . can you tell me what this program tells you. "Silent Runners.vbs", revision 60, http://www.silentrunners.org/ Operating System: Windows 98 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"] "Error Nuker" = "C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart" ["Trek Blue, Inc"] "avast! Web Scanner" = "C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE" ["ALWIL Software"] "ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS] "Ati2cwxx" = "Ati2cwxx.exe" ["ATI Technologies Inc."] "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "QuickTime Task" = ""C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime" ["Apple Computer, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ {++} "LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS] "TrueVector" = "C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service" ["Zone Labs, LLC"] "ATIPOLAB" = "ati2evae.exe" [file not found] "SSDPSRV" = "C:\WINDOWS\SYSTEM\ssdpsrv.exe" [MS] "avast!" = "C:\Program Files\Alwil Software\Avast4\ashServ.exe" ["ALWIL Software"] "SchedulingAgent" = "mstask.exe" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL" ["Adobe Systems Incorporated"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{1895EC86-CE74-4252-A3AF-5D432E9D8EEC}" = "Handy Backup" -> {HKLM...CLSID} = "Handy Backup Shell Extension" \InProcServer32\(Default) = "C:\PROGRAM FILES\NOVOSOFT\HANDY BACKUP 2.1\NHBSHELL.DLL" ["Novosoft"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\PROGRAM FILES\REAL\REALPLAYER\RPSHELL.DLL" ["RealNetworks, Inc."] "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension" -> {HKLM...CLSID} = "AVG7 Find Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] "{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard" -> {HKLM...CLSID} = "SpywareGuard.Handler" \InProcServer32\(Default) = "C:\PROGRAM FILES\SPYWAREGUARD\SPYWAREGUARD.DLL" [null data] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard" -> {HKLM...CLSID} = "SpywareGuard.Handler" \InProcServer32\(Default) = "C:\PROGRAM FILES\SPYWAREGUARD\SPYWAREGUARD.DLL" [null data] HKLM\Software\Classes\PROTOCOLS\Handler\ <<!>> BPC\CLSID = "{3A1096B3-9BFA-11D1-AE77-00C04FBBDEBC}" -> {HKLM...CLSID} = "BPCProt Class" \InProcServer32\(Default) = "C:\PROGRAM FILES\TV VIEWER\ENHPROT.DLL" [MS] <<!>> lid\CLSID = "{3A1096B3-9BFA-11D1-AE77-00C04FBBDEBC}" -> {HKLM...CLSID} = "BPCProt Class" \InProcServer32\(Default) = "C:\PROGRAM FILES\TV VIEWER\ENHPROT.DLL" [MS] <<!>> TV\CLSID = "{CBD30858-AF45-11d2-B6D6-00C04FBBDE6E}" -> {HKLM...CLSID} = "TVProt Class" \InProcServer32\(Default) = "C:\PROGRAM FILES\TV VIEWER\VID.OCX" [MS] <<!>> tve-trigger\CLSID = "{CBD30859-AF45-11d2-B6D6-00C04FBBDE6E}" -> {HKLM...CLSID} = "TriggerProt Class" \InProcServer32\(Default) = "C:\PROGRAM FILES\TV VIEWER\VID.OCX" [MS] <<!>> cetihpz\CLSID = "{CF184AD3-CDCB-4168-A3F7-8E447D129300}" -> {HKLM...CLSID} = "CZipHandler Object" \InProcServer32\(Default) = "C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPUIPROT.DLL" ["Hewlett-Packard Company"] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ EasyZip\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}" -> {HKLM...CLSID} = "EasyZip Shell Extensions" \InProcServer32\(Default) = "C:\PROGRAM FILES\EASYZIP\EZSHLEXT.DLL" [null data] blcorpdestroyit\(Default) = "{04DD72A0-2C04-11D4-98F1-805F57C10000}" -> {HKLM...CLSID} = "Destroy-it! Context Menu Shell Extension" \InProcServer32\(Default) = "C:\BLCORP\UWCSUITE\DESTIT\DITSHELL.DLL" [null data] AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ Handy Backup\(Default) = "{1895EC86-CE74-4252-A3AF-5D432E9D8EEC}" -> {HKLM...CLSID} = "Handy Backup Shell Extension" \InProcServer32\(Default) = "C:\PROGRAM FILES\NOVOSOFT\HANDY BACKUP 2.1\NHBSHELL.DLL" ["Novosoft"] blcorpdestroyit\(Default) = "{04DD72A0-2C04-11D4-98F1-805F57C10000}" -> {HKLM...CLSID} = "Destroy-it! Context Menu Shell Extension" \InProcServer32\(Default) = "C:\BLCORP\UWCSUITE\DESTIT\DITSHELL.DLL" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ EasyZip\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}" -> {HKLM...CLSID} = "EasyZip Shell Extensions" \InProcServer32\(Default) = "C:\PROGRAM FILES\EASYZIP\EZSHLEXT.DLL" [null data] AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] System Policies {policy setting}: --------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "CDRAutoRun" = (REG_BINARY) hex:00 00 00 00 {unrecognized setting} "EditLevel" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoRun" = (REG_DWORD) dword:0x00000000 {Remove Run menu from Start Menu} "NoClose" = (REG_DWORD) dword:0x00000000 {Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands} "NoSaveSettings" = (REG_DWORD) dword:0x00000000 {Don't save settings at exit} "NoFileMenu" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by System Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Silky Falls.bmp" Displayed if Active Desktop disabled and wallpaper not set by System Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Silky Falls.bmp" WIN.INI & SYSTEM.INI launch points: ----------------------------------- SYSTEM.INI [boot] "SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\BLANKS~1.SCR" (Blank Screen.scr) [MS] Enabled Scheduled Tasks: ------------------------ "Backup" -> launches: "C:\PROGRA~1\ACCESS~1\BACKUP\MSBACKUP.EXE" ["Seagate Software, Inc."] "Maintenance-ScanDisk" -> launches: "C:\WINDOWS\SCANDSKW.EXE /SAGERUN:0 /ALL /N" [MS] "Ad-Aware SE Personal" -> launches: "C:\PROGRA~1\LAVASOFT\AD-AWA~1\AD-AWARE.EXE" [file not found] "System Diagnostic" -> launches: "C:\DRIVERS\WINDOWS\ADDDRV.EXE" [null data] "avast! Antivirus" -> launches: "C:\PROGRA~1\ALWILS~1\AVAST4\ASHAVAST.EXE" ["ALWIL Software"] "Deepnet Explorer" -> launches: "C:\PROGRA~1\DEEPNE~1\DEEPNET.EXE" ["Deepnet Technologies"] "Tune-up Application Start" -> launches: "walign" [MS] "Disk Defragmenter" -> launches: "C:\WINDOWS\DEFRAG.EXE /SAGERUN:4" [MS] "AVG Control Center" -> launches: "C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE" [file not found] "SUPERAntiSpyware Free Edition" -> launches: "C:\PROGRA~1\SUPERA~1\SUPERA~1.EXE" [file not found] "Maintenance-Disk cleanup" -> launches: "C:\WINDOWS\CLEANMGR.EXE /SAGERUN:0" [MS] "WINALIGN" -> launches: "walign" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "C:\WINDOWS\SYSTEM\rnr20.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range: C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1 C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4 C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL" ["Yahoo! Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL" ["Yahoo! Inc."] "{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint" -> {HKLM...CLSID} = "Easy-WebPrint" \InProcServer32\(Default) = "C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLL" [null data] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLL" [null data] HKLM\Software\Classes\CLSID\{014DA6CE-189F-421A-88CD-07CFE51CFF10}\(Default) = "My Search Bar Quick View" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\shdocvw.dll" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\ Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Missing lines (compared with English-language version): [Strings]: 1 line Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ usbmon.dll\Driver = "usbmon.dll" [MS] PostScript Language Monitor\Driver = "PSMON.DLL" [MS] hpzs9x10\Driver = "hpzs9x10.dll" ["HP"] usbmon\Driver = "usbmon.dll" [MS] Lexmark Network Printer Monitor\Driver = "lexlmpm.dll" ["Lexmark International, Inc."] MpUsbMon\Driver = "MpUsbMon.dll" ["Conceptual Systems."] Canon BJ Language Monitor PIXMA iP4000 64\Driver = "CNMLM64.DLL" ["CANON INC."] ---------- (launch time: 2009-12-19 04:28:02) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 53 seconds, including 7 seconds for message boxes) "Silent Runners.vbs", revision 60, http://www.silentrunners.org/ Operating System: Windows 98 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"] "Error Nuker" = "C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart" ["Trek Blue, Inc"] "avast! Web Scanner" = "C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE" ["ALWIL Software"] "ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS] "Ati2cwxx" = "Ati2cwxx.exe" ["ATI Technologies Inc."] "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "QuickTime Task" = ""C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime" ["Apple Computer, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ {++} "LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS] "TrueVector" = "C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service" ["Zone Labs, LLC"] "ATIPOLAB" = "ati2evae.exe" [file not found] "SSDPSRV" = "C:\WINDOWS\SYSTEM\ssdpsrv.exe" [MS] "avast!" = "C:\Program Files\Alwil Software\Avast4\ashServ.exe" ["ALWIL Software"] "SchedulingAgent" = "mstask.exe" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL" ["Adobe Systems Incorporated"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{1895EC86-CE74-4252-A3AF-5D432E9D8EEC}" = "Handy Backup" -> {HKLM...CLSID} = "Handy Backup Shell Extension" \InProcServer32\(Default) = "C:\PROGRAM FILES\NOVOSOFT\HANDY BACKUP 2.1\NHBSHELL.DLL" ["Novosoft"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\PROGRAM FILES\REAL\REALPLAYER\RPSHELL.DLL" ["RealNetworks, Inc."] "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension" -> {HKLM...CLSID} = "AVG7 Find Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] "{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard" -> {HKLM...CLSID} = "SpywareGuard.Handler" \InProcServer32\(Default) = "C:\PROGRAM FILES\SPYWAREGUARD\SPYWAREGUARD.DLL" [null data] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard" -> {HKLM...CLSID} = "SpywareGuard.Handler" \InProcServer32\(Default) = "C:\PROGRAM FILES\SPYWAREGUARD\SPYWAREGUARD.DLL" [null data] HKLM\Software\Classes\PROTOCOLS\Handler\ <<!>> BPC\CLSID = "{3A1096B3-9BFA-11D1-AE77-00C04FBBDEBC}" -> {HKLM...CLSID} = "BPCProt Class" \InProcServer32\(Default) = "C:\PROGRAM FILES\TV VIEWER\ENHPROT.DLL" [MS] <<!>> lid\CLSID = "{3A1096B3-9BFA-11D1-AE77-00C04FBBDEBC}" -> {HKLM...CLSID} = "BPCProt Class" \InProcServer32\(Default) = "C:\PROGRAM FILES\TV VIEWER\ENHPROT.DLL" [MS] <<!>> TV\CLSID = "{CBD30858-AF45-11d2-B6D6-00C04FBBDE6E}" -> {HKLM...CLSID} = "TVProt Class" \InProcServer32\(Default) = "C:\PROGRAM FILES\TV VIEWER\VID.OCX" [MS] <<!>> tve-trigger\CLSID = "{CBD30859-AF45-11d2-B6D6-00C04FBBDE6E}" -> {HKLM...CLSID} = "TriggerProt Class" \InProcServer32\(Default) = "C:\PROGRAM FILES\TV VIEWER\VID.OCX" [MS] <<!>> cetihpz\CLSID = "{CF184AD3-CDCB-4168-A3F7-8E447D129300}" -> {HKLM...CLSID} = "CZipHandler Object" \InProcServer32\(Default) = "C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPUIPROT.DLL" ["Hewlett-Packard Company"] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ EasyZip\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}" -> {HKLM...CLSID} = "EasyZip Shell Extensions" \InProcServer32\(Default) = "C:\PROGRAM FILES\EASYZIP\EZSHLEXT.DLL" [null data] blcorpdestroyit\(Default) = "{04DD72A0-2C04-11D4-98F1-805F57C10000}" -> {HKLM...CLSID} = "Destroy-it! Context Menu Shell Extension" \InProcServer32\(Default) = "C:\BLCORP\UWCSUITE\DESTIT\DITSHELL.DLL" [null data] AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ Handy Backup\(Default) = "{1895EC86-CE74-4252-A3AF-5D432E9D8EEC}" -> {HKLM...CLSID} = "Handy Backup Shell Extension" \InProcServer32\(Default) = "C:\PROGRAM FILES\NOVOSOFT\HANDY BACKUP 2.1\NHBSHELL.DLL" ["Novosoft"] blcorpdestroyit\(Default) = "{04DD72A0-2C04-11D4-98F1-805F57C10000}" -> {HKLM...CLSID} = "Destroy-it! Context Menu Shell Extension" \InProcServer32\(Default) = "C:\BLCORP\UWCSUITE\DESTIT\DITSHELL.DLL" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ EasyZip\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}" -> {HKLM...CLSID} = "EasyZip Shell Extensions" \InProcServer32\(Default) = "C:\PROGRAM FILES\EASYZIP\EZSHLEXT.DLL" [null data] AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] System Policies {policy setting}: --------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "CDRAutoRun" = (REG_BINARY) hex:00 00 00 00 {unrecognized setting} "EditLevel" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoRun" = (REG_DWORD) dword:0x00000000 {Remove Run menu from Start Menu} "NoClose" = (REG_DWORD) dword:0x00000000 {Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands} "NoSaveSettings" = (REG_DWORD) dword:0x00000000 {Don't save settings at exit} "NoFileMenu" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by System Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Silky Falls.bmp" Displayed if Active Desktop disabled and wallpaper not set by System Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Silky Falls.bmp" WIN.INI & SYSTEM.INI launch points: ----------------------------------- SYSTEM.INI [boot] "SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\BLANKS~1.SCR" (Blank Screen.scr) [MS] Enabled Scheduled Tasks: ------------------------ "Backup" -> launches: "C:\PROGRA~1\ACCESS~1\BACKUP\MSBACKUP.EXE" ["Seagate Software, Inc."] "Maintenance-ScanDisk" -> launches: "C:\WINDOWS\SCANDSKW.EXE /SAGERUN:0 /ALL /N" [MS] "Ad-Aware SE Personal" -> launches: "C:\PROGRA~1\LAVASOFT\AD-AWA~1\AD-AWARE.EXE" [file not found] "System Diagnostic" -> launches: "C:\DRIVERS\WINDOWS\ADDDRV.EXE" [null data] "avast! Antivirus" -> launches: "C:\PROGRA~1\ALWILS~1\AVAST4\ASHAVAST.EXE" ["ALWIL Software"] "Deepnet Explorer" -> launches: "C:\PROGRA~1\DEEPNE~1\DEEPNET.EXE" ["Deepnet Technologies"] "Tune-up Application Start" -> launches: "walign" [MS] "Disk Defragmenter" -> launches: "C:\WINDOWS\DEFRAG.EXE /SAGERUN:4" [MS] "AVG Control Center" -> launches: "C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE" [file not found] "SUPERAntiSpyware Free Edition" -> launches: "C:\PROGRA~1\SUPERA~1\SUPERA~1.EXE" [file not found] "Maintenance-Disk cleanup" -> launches: "C:\WINDOWS\CLEANMGR.EXE /SAGERUN:0" [MS] "WINALIGN" -> launches: "walign" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "C:\WINDOWS\SYSTEM\rnr20.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range: C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1 C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4 C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL" ["Yahoo! Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL" ["Yahoo! Inc."] "{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint" -> {HKLM...CLSID} = "Easy-WebPrint" \InProcServer32\(Default) = "C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLL" [null data] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLL" [null data] HKLM\Software\Classes\CLSID\{014DA6CE-189F-421A-88CD-07CFE51CFF10}\(Default) = "My Search Bar Quick View" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\shdocvw.dll" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\ Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Missing lines (compared with English-language version): [Strings]: 1 line Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ usbmon.dll\Driver = "usbmon.dll" [MS] PostScript Language Monitor\Driver = "PSMON.DLL" [MS] hpzs9x10\Driver = "hpzs9x10.dll" ["HP"] usbmon\Driver = "usbmon.dll" [MS] Lexmark Network Printer Monitor\Driver = "lexlmpm.dll" ["Lexmark International, Inc."] MpUsbMon\Driver = "MpUsbMon.dll" ["Conceptual Systems."] Canon BJ Language Monitor PIXMA iP4000 64\Driver = "CNMLM64.DLL" ["CANON INC."] ---------- (launch time: 2009-12-19 04:28:02) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 53 seconds, including 7 seconds for message boxes) "Silent Runners.vbs", revision 60, http://www.silentrunners.org/ Operating System: Windows 98 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"] "Error Nuker" = "C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart" ["Trek Blue, Inc"] "avast! Web Scanner" = "C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE" ["ALWIL Software"] "ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS] "Ati2cwxx" = "Ati2cwxx.exe" ["ATI Technologies Inc."] "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "QuickTime Task" = ""C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime" ["Apple Computer, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ {++} "LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS] "TrueVector" = "C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service" ["Zone Labs, LLC"] "ATIPOLAB" = "ati2evae.exe" [file not found] "SSDPSRV" = "C:\WINDOWS\SYSTEM\ssdpsrv.exe" [MS] "avast!" = "C:\Program Files\Alwil Software\Avast4\ashServ.exe" ["ALWIL Software"] "SchedulingAgent" = "mstask.exe" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL" ["Adobe Systems Incorporated"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{1895EC86-CE74-4252-A3AF-5D432E9D8EEC}" = "Handy Backup" -> {HKLM...CLSID} = "Handy Backup Shell Extension" \InProcServer32\(Default) = "C:\PROGRAM FILES\NOVOSOFT\HANDY BACKUP 2.1\NHBSHELL.DLL" ["Novosoft"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\PROGRAM FILES\REAL\REALPLAYER\RPSHELL.DLL" ["RealNetworks, Inc."] "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension" -> {HKLM...CLSID} = "AVG7 Find Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] "{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard" -> {HKLM...CLSID} = "SpywareGuard.Handler" \InProcServer32\(Default) = "C:\PROGRAM FILES\SPYWAREGUARD\SPYWAREGUARD.DLL" [null data] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard" -> {HKLM...CLSID} = "SpywareGuard.Handler" \InProcServer32\(Default) = "C:\PROGRAM FILES\SPYWAREGUARD\SPYWAREGUARD.DLL" [null data] HKLM\Software\Classes\PROTOCOLS\Handler\ <<!>> BPC\CLSID = "{3A1096B3-9BFA-11D1-AE77-00C04FBBDEBC}" -> {HKLM...CLSID} = "BPCProt Class" \InProcServer32\(Default) = "C:\PROGRAM FILES\TV VIEWER\ENHPROT.DLL" [MS] <<!>> lid\CLSID = "{3A1096B3-9BFA-11D1-AE77-00C04FBBDEBC}" -> {HKLM...CLSID} = "BPCProt Class" \InProcServer32\(Default) = "C:\PROGRAM FILES\TV VIEWER\ENHPROT.DLL" [MS] <<!>> TV\CLSID = "{CBD30858-AF45-11d2-B6D6-00C04FBBDE6E}" -> {HKLM...CLSID} = "TVProt Class" \InProcServer32\(Default) = "C:\PROGRAM FILES\TV VIEWER\VID.OCX" [MS] <<!>> tve-trigger\CLSID = "{CBD30859-AF45-11d2-B6D6-00C04FBBDE6E}" -> {HKLM...CLSID} = "TriggerProt Class" \InProcServer32\(Default) = "C:\PROGRAM FILES\TV VIEWER\VID.OCX" [MS] <<!>> cetihpz\CLSID = "{CF184AD3-CDCB-4168-A3F7-8E447D129300}" -> {HKLM...CLSID} = "CZipHandler Object" \InProcServer32\(Default) = "C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPUIPROT.DLL" ["Hewlett-Packard Company"] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ EasyZip\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}" -> {HKLM...CLSID} = "EasyZip Shell Extensions" \InProcServer32\(Default) = "C:\PROGRAM FILES\EASYZIP\EZSHLEXT.DLL" [null data] blcorpdestroyit\(Default) = "{04DD72A0-2C04-11D4-98F1-805F57C10000}" -> {HKLM...CLSID} = "Destroy-it! Context Menu Shell Extension" \InProcServer32\(Default) = "C:\BLCORP\UWCSUITE\DESTIT\DITSHELL.DLL" [null data] AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ Handy Backup\(Default) = "{1895EC86-CE74-4252-A3AF-5D432E9D8EEC}" -> {HKLM...CLSID} = "Handy Backup Shell Extension" \InProcServer32\(Default) = "C:\PROGRAM FILES\NOVOSOFT\HANDY BACKUP 2.1\NHBSHELL.DLL" ["Novosoft"] blcorpdestroyit\(Default) = "{04DD72A0-2C04-11D4-98F1-805F57C10000}" -> {HKLM...CLSID} = "Destroy-it! Context Menu Shell Extension" \InProcServer32\(Default) = "C:\BLCORP\UWCSUITE\DESTIT\DITSHELL.DLL" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ EasyZip\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}" -> {HKLM...CLSID} = "EasyZip Shell Extensions" \InProcServer32\(Default) = "C:\PROGRAM FILES\EASYZIP\EZSHLEXT.DLL" [null data] AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] System Policies {policy setting}: --------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "CDRAutoRun" = (REG_BINARY) hex:00 00 00 00 {unrecognized setting} "EditLevel" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoRun" = (REG_DWORD) dword:0x00000000 {Remove Run menu from Start Menu} "NoClose" = (REG_DWORD) dword:0x00000000 {Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands} "NoSaveSettings" = (REG_DWORD) dword:0x00000000 {Don't save settings at exit} "NoFileMenu" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by System Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Silky Falls.bmp" Displayed if Active Desktop disabled and wallpaper not set by System Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Silky Falls.bmp" WIN.INI & SYSTEM.INI launch points: ----------------------------------- SYSTEM.INI [boot] "SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\BLANKS~1.SCR" (Blank Screen.scr) [MS] Enabled Scheduled Tasks: ------------------------ "Backup" -> launches: "C:\PROGRA~1\ACCESS~1\BACKUP\MSBACKUP.EXE" ["Seagate Software, Inc."] "Maintenance-ScanDisk" -> launches: "C:\WINDOWS\SCANDSKW.EXE /SAGERUN:0 /ALL /N" [MS] "Ad-Aware SE Personal" -> launches: "C:\PROGRA~1\LAVASOFT\AD-AWA~1\AD-AWARE.EXE" [file not found] "System Diagnostic" -> launches: "C:\DRIVERS\WINDOWS\ADDDRV.EXE" [null data] "avast! Antivirus" -> launches: "C:\PROGRA~1\ALWILS~1\AVAST4\ASHAVAST.EXE" ["ALWIL Software"] "Deepnet Explorer" -> launches: "C:\PROGRA~1\DEEPNE~1\DEEPNET.EXE" ["Deepnet Technologies"] "Tune-up Application Start" -> launches: "walign" [MS] "Disk Defragmenter" -> launches: "C:\WINDOWS\DEFRAG.EXE /SAGERUN:4" [MS] "AVG Control Center" -> launches: "C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE" [file not found] "SUPERAntiSpyware Free Edition" -> launches: "C:\PROGRA~1\SUPERA~1\SUPERA~1.EXE" [file not found] "Maintenance-Disk cleanup" -> launches: "C:\WINDOWS\CLEANMGR.EXE /SAGERUN:0" [MS] "WINALIGN" -> launches: "walign" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "C:\WINDOWS\SYSTEM\rnr20.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range: C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1 C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4 C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL" ["Yahoo! Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL" ["Yahoo! Inc."] "{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint" -> {HKLM...CLSID} = "Easy-WebPrint" \InProcServer32\(Default) = "C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLL" [null data] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLL" [null data] HKLM\Software\Classes\CLSID\{014DA6CE-189F-421A-88CD-07CFE51CFF10}\(Default) = "My Search Bar Quick View" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\shdocvw.dll" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\ Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Missing lines (compared with English-language version): [Strings]: 1 line Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ usbmon.dll\Driver = "usbmon.dll" [MS] PostScript Language Monitor\Driver = "PSMON.DLL" [MS] hpzs9x10\Driver = "hpzs9x10.dll" ["HP"] usbmon\Driver = "usbmon.dll" [MS] Lexmark Network Printer Monitor\Driver = "lexlmpm.dll" ["Lexmark International, Inc."] MpUsbMon\Driver = "MpUsbMon.dll" ["Conceptual Systems."] Canon BJ Language Monitor PIXMA iP4000 64\Driver = "CNMLM64.DLL" ["CANON INC."] ---------- (launch time: 2009-12-19 04:28:02) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 53 seconds, including 7 seconds for message boxes) |
|
|
|
| HKEd |
Dec 19 2009, 07:30 PM
Post
#8
|
|
Carbon-Based Life Form Group: Administrator Posts: 12,339 Joined: 9-August 01 From: Hong Kong Member No.: 192 |
QUOTE Now after i run the program a small box comes up and says that the program is completed That little box is what I meant by prompt. The log shows that there is no malware involved. However, there are some scheduled tasks that need to go. Go to Control Panel and click on the Scheduled Tasks applet. Delete these: "Ad-Aware SE Personal" -> launches: "C:\PROGRA~1\LAVASOFT\AD-AWA~1\AD-AWARE.EXE" [file not found] "AVG Control Center" -> launches: "C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE" [file not found] "SUPERAntiSpyware Free Edition" -> launches: "C:\PROGRA~1\SUPERA~1\SUPERA~1.EXE" [file not found] Can you tell me what this one is?: "System Diagnostic" -> launches: "C:\DRIVERS\WINDOWS\ADDDRV.EXE" [null data] I can't find any information on that ADDDRV.EXE file. Do you clean out your temporary internet files regularly? -------------------- If I've helped you, please pass it on and help someone else.
SPAM is not tolerated here. New members posting SPAM will be banned with no warning. |
|
|
|
| hardtimes |
Dec 19 2009, 09:11 PM
Post
#9
|
|
Group: Star Member Posts: 134 Joined: 19-July 05 Member No.: 10,975 |
THANKS HKEd |
|
|
|
|
|
Lo-Fi Version | Time is now: 3rd September 2010 - 07:49 AM |
