Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer running slow & broadband down to 0.15 meg

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer running slow & broadband down to 0.15 meg

Unread postby bigtolly » November 28th, 2007, 5:28 am

Been having these problems for a couple of weeks now.

CPU useage sometimes stays on 100% for ages
Broadband download speed has gone from my usual 3.8meg to 0.15ish
Everything seems sluggish

heres my log:-

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:02:30, on 27/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\ntl\ntl Netguard\RPS.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\WINDOWS\system32\taskmgr.exe
D:\Downloaded Programs\HijackThis\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/re ... NPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Wind ... lisher.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 6842 bytes

Thanks in advance

tolly
bigtolly
Active Member
 
Posts: 8
Joined: November 28th, 2007, 5:14 am
Advertisement
Register to Remove

Re: Computer running slow & broadband down to 0.15 meg

Unread postby askey127 » December 3rd, 2007, 4:17 pm

BigTolly,
There are signs of commercial tracking software on this computer. This software uses techniques very similar to malware to perform its function.
Because it is impossible for us to establish ownership of the computer whose log you have posted, we are also unable to establish whether any of the programs contained were installed with the owners permission.
There may be legal ramifications about changes to this machine which we are not equipped or trained to deal with.
Because of this, we will be unable to give directions to assist you with this computer.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer running slow & broadband down to 0.15 meg

Unread postby bigtolly » December 4th, 2007, 7:39 pm

Thanks for your reply.

I dont realy understand what you mean.

This computer was built by myself a few years ago, runs a genuine retail copy of Windows XP purchased by me and is used in my home for home type stuff - email / web surfing etc.

Please explain what you mean by commercial tracking software - should I be concerned its there - has it affected my computer.

If you tell me the problems I can tell you whether I gave permission for their installation.

Please explain what legal ramifications there are - you are starting to worry me now !!

:pale:

Thanks

bigtolly
bigtolly
Active Member
 
Posts: 8
Joined: November 28th, 2007, 5:14 am

Re: Computer running slow & broadband down to 0.15 meg

Unread postby askey127 » December 4th, 2007, 8:51 pm

It has Authentium software on there which can provide things like a locator capability, among other things, in case it's stolen.
We won't alter PCs that have that security software, even completely legitimate PCs, because we cannot tell whether we are inadvertently aiding in something improper.
The software itself is not malicious, nor should it raise any alarm, if you put it there.
Hardly any individual PC's have that software, but corporate network PC's sometimes do.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer running slow & broadband down to 0.15 meg

Unread postby bigtolly » December 5th, 2007, 8:09 pm

Askey 127,

Apart from the 'Authentium software' that you mention, which I haven't installed and I have no idea how such software could get on this pc, is there anything else that could be causing the problems I am having?

As I said before, I built the pc myself from scratch from new components and installed a genuine retail version of Windows. Could this software be installed along with any other software in a package?

Thanks

bigtolly
bigtolly
Active Member
 
Posts: 8
Joined: November 28th, 2007, 5:14 am

Re: Computer running slow & broadband down to 0.15 meg

Unread postby bigtolly » December 5th, 2007, 8:23 pm

Askey 127,

Following a google search, it appears that the following are part of the Internet Security Suite ‘NTL Netguard’ that is provided by my ISP, NTL World.


O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe

C:\Program Files\Common Files\Command Software\dvpapi.exe

It is used by Windows Security Centre to establish if the anti-virus program in NTL Netguard is running.

Any further thoughts?

Thanks

bigtolly
bigtolly
Active Member
 
Posts: 8
Joined: November 28th, 2007, 5:14 am

Re: Computer running slow & broadband down to 0.15 meg

Unread postby askey127 » December 5th, 2007, 8:51 pm

bigtolly,
On that basis, of which I had no prior knowledge, I'll be glad to see if I can help.
That's a first for me, but I will be looking for it from now on.
----------------------------------------------------------
Download and Install CCleaner
  • Download CCleaner from here Choose the "Slim" version.
  • Double click on ccsetupXXX_slim.exe to start the installation of CCleaner. (XXX is the version number)
  • Click OK
  • Click Next
  • Click I agree
  • Click Next
  • Click Install
  • Once the installation has finished, click Finish
-----------------------------------------------------------
Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
( Do not use the Registry block to clean anything with this program. It is for experts only and it is risky).
  • Select Cleaner Settings.
    Check Internet Explorer, Windows Explorer, and System so that all items are checked. In the Advanced section, have a check only on Old PreFetch Data.
  • Click on the Options block on the left. Select Advanced.
    Uncheck Only delete files in Windows Temp folders older than 48 hours.
  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
    Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.
-----------------------------------------------------------
Retrieve the Installed Programs List from CCleaner
Open CCleaner if it's not already running.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.
-----------------------------------------------------
Using Internet Explorer, Please Do an Online Scan with Kaspersky WebScanner.
Go here to run an online scanner from Kaspersky.
  • Click on "Kaspersky Online Scanner"
  • A new smaller window will pop up. Press on "Accept". After reading the contents.
  • Now Kaspersky will update the anti-virus database. Let it run.
  • Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
  • Then click on "My Computer", and the scan will start.
  • Once finished, save the log to your Desktop as filename KAV.txt
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

Please post the contents of CCleaner's install.txt and kav.txt. Both should be on your desktop.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer running slow & broadband down to 0.15 meg

Unread postby bigtolly » December 8th, 2007, 6:05 pm

Thanks askey 127

I've done all of that and here are the results:-

INSTALL.TXT

Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.1
Adobe Shockwave Player
Anti-Spyware
Apple Software Update
ArcSoft PhotoBase
ArcSoft PhotoImpression 4
ArcSoft PhotoStudio 2000
a-squared Free 3.0
Audacity 1.2.4
Authentium
broadband medic
Canon ScanGear Toolbox 3.0
CCleaner (remove only)
CyberTweak Version 1.3 Final
Dan Elwell's Broadband Speed Test
dBpowerAMP Music Converter
dBpowerAMP WMA V9.1 Codec
Digimax A7
Digital Camera 3.0M S
Disc2Phone
Enable S3 for USB Device
EPSON Attach To Email
EPSON Easy Photo Print
EPSON File Manager
EPSON Printer Software
EPSON Scan Assistant
EPSON Web-To-Page
ESD88 User's Guide
Google Earth
Google Toolbar for Internet Explorer
Greetings Workshop
HijackThis 2.0.0
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 3
Jasc Paint Shop Pro 8
Java(TM) SE Runtime Environment 6 Update 1
Juice 2.2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Office XP Professional with FrontPage
Microsoft Publisher 2002
MIKSOFT Mobile 3GP converter
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero OEM
ntl Netguard
ntl Netguard Security
NVIDIA nForce Drivers
OmniPage Pro 9.0
PCL-W310
Picasa 2
QuickTime
Realtek AC'97 Audio
RTLSetup
Scan Manager 5.2
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
Sony Ericsson PC Suite
Spybot - Search & Destroy 1.4
Turbo Lister 2
Ulead Photo Express 4.0 My Custom Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update Service
VideoEgg Publisher
VideoLive Mail 4.0
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
World of Warcraft
Xara Webstyle 2
Yahoo! Toolbar


KAV.TXT
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, December 08, 2007 10:00:38 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/12/2007
Kaspersky Anti-Virus database records: 477364
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 83779
Number of viruses found: 7
Number of infected objects: 39
Number of suspicious objects: 0
Duration of the scan process: 01:47:18

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ntl\ntl Netguard\logs\Fws.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ntl\ntl Netguard\logs\ServiceModel12-07-2007--13-46-57.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Paul\Application Data\ntl\ntl Netguard\logs\SafetyConsoleLog12-07-2007--13-46-58.log Object is locked skipped
C:\Documents and Settings\Paul\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\History\History.IE5\MSHist012007120820071209\index.dat Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\Perflib_Perfdata_194.dat Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Paul\My Documents\My Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.Quick.a skipped
C:\Documents and Settings\Paul\My Documents\My Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Documents and Settings\Paul\My Documents\My Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.EZula.u skipped
C:\Documents and Settings\Paul\My Documents\My Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.Gator.3103 skipped
C:\Documents and Settings\Paul\My Documents\My Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.WebRebates.t skipped
C:\Documents and Settings\Paul\My Documents\My Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe WiseSFX: infected - 5 skipped
C:\Documents and Settings\Paul\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Paul\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ntl\broadband medic\log\mpbtn.log Object is locked skipped
C:\Program Files\ntl\broadband medic\SmartBridge\AlertFilter.log Object is locked skipped
C:\Program Files\ntl\broadband medic\SmartBridge\log\httpclient.log Object is locked skipped
C:\Program Files\ntl\broadband medic\SmartBridge\SmartBridge.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6FCAB5EE-2842-476B-8CA5-8997C0FD537F}\RP325\A0023315.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.Quick.a skipped
C:\System Volume Information\_restore{6FCAB5EE-2842-476B-8CA5-8997C0FD537F}\RP325\A0023315.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{6FCAB5EE-2842-476B-8CA5-8997C0FD537F}\RP325\A0023315.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.EZula.u skipped
C:\System Volume Information\_restore{6FCAB5EE-2842-476B-8CA5-8997C0FD537F}\RP325\A0023315.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.Gator.3103 skipped
C:\System Volume Information\_restore{6FCAB5EE-2842-476B-8CA5-8997C0FD537F}\RP325\A0023315.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.WebRebates.t skipped
C:\System Volume Information\_restore{6FCAB5EE-2842-476B-8CA5-8997C0FD537F}\RP325\A0023315.exe WiseSFX: infected - 5 skipped
C:\System Volume Information\_restore{6FCAB5EE-2842-476B-8CA5-8997C0FD537F}\RP360\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\BACK UP JAN 07\My Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.Quick.a skipped
D:\BACK UP JAN 07\My Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
D:\BACK UP JAN 07\My Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.EZula.u skipped
D:\BACK UP JAN 07\My Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.Gator.3103 skipped
D:\BACK UP JAN 07\My Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.WebRebates.t skipped
D:\BACK UP JAN 07\My Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe WiseSFX: infected - 5 skipped
D:\Back Up Stuff 220206\MUSIC & PICTURES\Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.Quick.a skipped
D:\Back Up Stuff 220206\MUSIC & PICTURES\Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
D:\Back Up Stuff 220206\MUSIC & PICTURES\Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.EZula.u skipped
D:\Back Up Stuff 220206\MUSIC & PICTURES\Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.Gator.3103 skipped
D:\Back Up Stuff 220206\MUSIC & PICTURES\Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.WebRebates.t skipped
D:\Back Up Stuff 220206\MUSIC & PICTURES\Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe WiseSFX: infected - 5 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{6FCAB5EE-2842-476B-8CA5-8997C0FD537F}\RP352\A0024849.exe/WISE0104.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
D:\System Volume Information\_restore{6FCAB5EE-2842-476B-8CA5-8997C0FD537F}\RP352\A0024849.exe/WISE0104.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
D:\System Volume Information\_restore{6FCAB5EE-2842-476B-8CA5-8997C0FD537F}\RP352\A0024849.exe/WISE0104.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
D:\System Volume Information\_restore{6FCAB5EE-2842-476B-8CA5-8997C0FD537F}\RP352\A0024849.exe WiseSFX: infected - 3 skipped
D:\System Volume Information\_restore{6FCAB5EE-2842-476B-8CA5-8997C0FD537F}\RP352\A0024849.exe WiseSFXDropper: infected - 3 skipped
D:\System Volume Information\_restore{6FCAB5EE-2842-476B-8CA5-8997C0FD537F}\RP352\A0024850.exe/WISE0044.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
D:\System Volume Information\_restore{6FCAB5EE-2842-476B-8CA5-8997C0FD537F}\RP352\A0024850.exe/WISE0044.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
D:\System Volume Information\_restore{6FCAB5EE-2842-476B-8CA5-8997C0FD537F}\RP352\A0024850.exe/WISE0044.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
D:\System Volume Information\_restore{6FCAB5EE-2842-476B-8CA5-8997C0FD537F}\RP352\A0024850.exe WiseSFX: infected - 3 skipped
D:\System Volume Information\_restore{6FCAB5EE-2842-476B-8CA5-8997C0FD537F}\RP352\A0024850.exe WiseSFXDropper: infected - 3 skipped
D:\System Volume Information\_restore{6FCAB5EE-2842-476B-8CA5-8997C0FD537F}\RP352\A0024851.exe/WISE0044.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
D:\System Volume Information\_restore{6FCAB5EE-2842-476B-8CA5-8997C0FD537F}\RP352\A0024851.exe/WISE0044.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
D:\System Volume Information\_restore{6FCAB5EE-2842-476B-8CA5-8997C0FD537F}\RP352\A0024851.exe/WISE0044.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
D:\System Volume Information\_restore{6FCAB5EE-2842-476B-8CA5-8997C0FD537F}\RP352\A0024851.exe WiseSFX: infected - 3 skipped
D:\System Volume Information\_restore{6FCAB5EE-2842-476B-8CA5-8997C0FD537F}\RP352\A0024851.exe WiseSFXDropper: infected - 3 skipped
D:\System Volume Information\_restore{6FCAB5EE-2842-476B-8CA5-8997C0FD537F}\RP360\change.log Object is locked skipped

Scan process completed.


Looks like my pc is infected then. Even though I have NTL Netguard Anti Virus and Firewall.

bigtolly
bigtolly
Active Member
 
Posts: 8
Joined: November 28th, 2007, 5:14 am

Re: Computer running slow & broadband down to 0.15 meg

Unread postby askey127 » December 9th, 2007, 10:55 am

bigtolly,
It's likely that some of the slowdown is caused by your Adobe Acrobat 5 trying to update itself.
That program has a broken updater which hangs at bootup. It can phone home interminably and slow your PC to a crawl.
After it finally boots up and you notice a slowdown, use Ctrl-Alt-Del to bring up task manager.
Click on the Processes tab, and note the names of the process files which are using most of the CPU resources.

Meanwhile, there are other important things to do:
-----------------------------------------------------------
Remove Program(s) Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 3
Java(TM) SE Runtime Environment 6 Update 1


Download the latest version of Java Runtime Environment(JRE), and install it to your computer. It is the 4th one down on the page, called Java Runtime Environment (JRE) 6 Update 3
Download it, choose save, and save it to your desktop.Then doubleclick it, and it will install the newest version of Java for you to use.
-----------------------------------------------------------
All these files should be deleted:
Seems like Christmas Fun with Pooh is No Fun

C:\Documents and Settings\Paul\My Documents\My Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe
D:\BACK UP JAN 07\My Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe/WISE0017.BIN
D:\BACK UP JAN 07\My Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe/WISE0018.BIN
D:\BACK UP JAN 07\My Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe/WISE0019.BIN
D:\BACK UP JAN 07\My Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe/WISE0020.BIN
D:\BACK UP JAN 07\My Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe/WISE0021.BIN
D:\BACK UP JAN 07\My Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe
D:\Back Up Stuff 220206\MUSIC & PICTURES\Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe/WISE0017.BIN
D:\Back Up Stuff 220206\MUSIC & PICTURES\Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe/WISE0018.BIN
D:\Back Up Stuff 220206\MUSIC & PICTURES\Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe/WISE0019.BIN
D:\Back Up Stuff 220206\MUSIC & PICTURES\Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe/WISE0020.BIN
D:\Back Up Stuff 220206\MUSIC & PICTURES\Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe/WISE0021.BIN
D:\Back Up Stuff 220206\MUSIC & PICTURES\Pictures\hayleys stuff\Wall Papers\Christmasfunwithpooh\X-MAS_FUN_with_PoohD.exe
-----------------------------------------------------------
After you get through with the deletes, check to see if there are any more:
Press Start->Run, copy/paste the following command into the box and press OK:
cmd /c dir C:\*.* /L /A /B /S|Find "x-mas_fun_with_poohd.exe" >> "%userprofile%\desktop\look.txt"

A file called look.txt should appear on your Desktop. Please post the contents of this file. If it's empty, you got them all.
-----------------------------------------------------------
Post a New HiJackThis Log
Reboot your computer. Start HijackThis ).
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer running slow & broadband down to 0.15 meg

Unread postby bigtolly » December 9th, 2007, 9:57 pm

Hi askey 127

here is the second Hijackthis log:-

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 01:52:17, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\ntl\ntl Netguard\RPS.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\Downloaded Programs\HijackThis\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/re ... NPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Wind ... lisher.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 7646 bytes


Also the file look.txt contains:-
c:\recycler\s-1-5-21-1123561945-1532298954-725345543-1004\dc1\x-mas_fun_with_poohd.exe

As for the Adobe Acrobat 5, is that the latest version? Can I delete it? Or update it myself to overcome the problem?

Thanks again for your help

bigtolly
bigtolly
Active Member
 
Posts: 8
Joined: November 28th, 2007, 5:14 am

Re: Computer running slow & broadband down to 0.15 meg

Unread postby askey127 » December 10th, 2007, 9:07 am

Bogtolly,
If you don't use Adobe Acrobat 5, then you can Uninstall it if you want.
It's older but not the same as Adobe Reader 8.
Having Adobe Reader 8 in place will take care of the vulnerability risk.

You need to get off imesh as your search assistant.
Let's see if there is anything else.
-----------------------------------------------------------
Remove log items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
Download Blacklight from here:
http://www.f-secure.com/security_center/
Under "Downloads", click on Blacklight and Save it to your Desktop
or
Link to it from the ftp site: ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe
and save it to your desktop from there.

Go to Start-->Run, copy in the following text, and press Enter:
"%userprofile%\desktop\fsbl.exe" /expert

Accept the license agreement.
Click > scan, wait for it to fimish, then click Close

There will be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).
Copy and paste the contents of this log into your next reply.
----------------------------------------------------------
Download Deckard's System Scanner (DSS) from here
http://www.techsupportforum.com/sectools/Deckard/dss.exe and Save to your Desktop.
(Note: You must be logged onto an account with administrator privileges).
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts. OK what it wants to do.
  • When the scan is complete, two text files will open
    main.txt <- this one will be maximized
    extra.txt <- this one will be minimized
    ( Default location for both files is C:\Deckard\SystemScanner\ )
  • Copy/Paste the contents of main.txt and extra.txt into your next post please.

So we are looking for the Blacklight log fsbl.xxxxxxxx.log and contents of the two logs from Deckards System scanner

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer running slow & broadband down to 0.15 meg

Unread postby bigtolly » December 11th, 2007, 1:29 pm

Hi askey127

here are the logs you requested:-


Deckard's System Scanner v20071014.68
Run by Paul on 2007-12-11 17:11:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
83: 2007-12-11 17:12:01 UTC - RP370 - Deckard's System Scanner Restore Point
82: 2007-12-11 02:19:00 UTC - RP369 - System Checkpoint
81: 2007-12-10 01:41:00 UTC - RP368 - Installed Java(TM) 6 Update 3
80: 2007-12-10 01:36:40 UTC - RP367 - Removed Java(TM) 6 Update 3
79: 2007-12-10 01:35:33 UTC - RP366 - Removed Java(TM) SE Runtime Environment 6 Update 1


-- First Restore Point --
1: 2007-09-13 02:36:43 UTC - RP288 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Paul.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:37, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\ntl\ntl Netguard\RPS.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Documents and Settings\Paul\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Paul.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/re ... NPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Wind ... lisher.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 6960 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 FreeTdi (Radialpoint Filter) - c:\windows\system32\drivers\freetdi.sys <Not Verified; Radialpoint Inc.; Radialpoint>

S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
S3 SE26bus (Sony Ericsson Device 038 Driver driver (WDM)) - c:\windows\system32\drivers\se26bus.sys <Not Verified; MCCI; Sony Ericsson Device 038 Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 FWS (Radialpoint Service) - c:\program files\ntl\ntl netguard\fws.exe <Not Verified; Radialpoint Inc.; Radialpoint Security Services 5.2.0>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-06 15:45:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-11-11 and 2007-12-11 -----------------------------

2007-12-11 17:16:24 0 d-------- C:\Program Files\Trend Micro
2007-12-10 01:41:07 0 d-------- C:\Program Files\Common Files\Java
2007-12-08 22:19:47 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-08 18:37:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-08 18:37:12 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-08 18:32:37 0 dr-h----- C:\Documents and Settings\Paul\Recent
2007-12-08 18:18:03 0 d-------- C:\Program Files\CCleaner
2007-11-28 04:21:56 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-28 00:00:10 0 d-------- C:\Documents and Settings\Paul\Application Data\WholeSecurity
2007-11-27 21:50:00 0 d-------- C:\Program Files\a-squared Free
2007-11-20 16:17:22 0 d-------- C:\Documents and Settings\Paul\Application Data\U3
2007-11-14 21:22:29 0 d-------- C:\Program Files\CyberTweak
2007-11-13 16:27:33 0 d-------- C:\Documents and Settings\Josh\Application Data\Macromedia
2007-11-13 16:27:02 0 d-------- C:\Documents and Settings\Josh\Application Data\Google
2007-11-13 16:22:04 0 d-------- C:\Documents and Settings\Josh\Application Data\Teleca
2007-11-13 16:22:01 0 d-------- C:\Documents and Settings\Josh\Application Data\ntl
2007-11-13 16:21:42 0 d-------- C:\Documents and Settings\Josh\Application Data\Identities
2007-11-13 16:21:17 0 dr-h----- C:\Documents and Settings\Josh\SendTo
2007-11-13 16:21:17 0 dr-h----- C:\Documents and Settings\Josh\Recent
2007-11-13 16:21:17 0 d--h----- C:\Documents and Settings\Josh\PrintHood
2007-11-13 16:21:17 0 d--h----- C:\Documents and Settings\Josh\NetHood
2007-11-13 16:21:17 0 dr------- C:\Documents and Settings\Josh\My Documents
2007-11-13 16:21:17 0 d--h----- C:\Documents and Settings\Josh\Local Settings
2007-11-13 16:21:17 0 dr------- C:\Documents and Settings\Josh\Favorites
2007-11-13 16:21:17 0 d-------- C:\Documents and Settings\Josh\Desktop
2007-11-13 16:21:17 0 d---s---- C:\Documents and Settings\Josh\Cookies
2007-11-13 16:21:17 0 dr-h----- C:\Documents and Settings\Josh\Application Data
2007-11-13 16:21:17 0 d---s---- C:\Documents and Settings\Josh\Application Data\Microsoft
2007-11-13 16:21:16 0 d--h----- C:\Documents and Settings\Josh\Templates
2007-11-13 16:21:16 0 dr------- C:\Documents and Settings\Josh\Start Menu
2007-11-13 16:21:16 786432 --ah----- C:\Documents and Settings\Josh\NTUSER.DAT


-- Find3M Report ---------------------------------------------------------------

2007-12-11 16:49:00 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-11 15:17:31 0 d-------- C:\Program Files\Common Files\Command Software
2007-12-11 00:00:02 0 d-------- C:\Program Files\Greetings Workshop
2007-12-10 01:42:10 0 d-------- C:\Program Files\Java
2007-12-10 01:41:07 0 d-------- C:\Program Files\Common Files
2007-12-09 00:07:30 0 d-------- C:\Program Files\MSN Messenger
2007-12-09 00:03:51 0 d-------- C:\Program Files\Messenger
2007-12-08 23:58:30 0 d-------- C:\Program Files\Google
2007-12-08 23:55:37 0 d-------- C:\Program Files\Common Files\PestPatrol
2007-12-08 12:38:17 0 d-------- C:\Documents and Settings\Paul\Application Data\BearShare
2007-12-07 14:03:24 0 d-------- C:\Program Files\Dan Elwell's Broadband Speed Test
2007-12-03 21:09:04 121224 --a------ C:\Documents and Settings\Paul\Application Data\GDIPFONTCACHEV1.DAT
2007-11-27 23:54:59 0 d-------- C:\Program Files\iMesh Applications
2007-11-21 09:56:17 0 d-------- C:\Documents and Settings\Paul\Application Data\Google
2007-11-21 09:55:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-09 10:32:18 0 d-------- C:\Documents and Settings\Paul\Application Data\Canon
2007-11-06 11:08:10 0 d-------- C:\Program Files\Password Safe
2007-11-04 17:40:14 0 d-------- C:\Program Files\Picasa2
2007-11-01 20:59:24 0 d-------- C:\Documents and Settings\Paul\Application Data\Apple Computer
2007-10-14 17:41:06 0 d-------- C:\Program Files\QuickTime
2007-10-14 17:40:01 0 d-------- C:\Program Files\Apple Software Update


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Motive SmartBridge"="C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe" [30/12/2003 10:40]
"ntl Netguard"="C:\Program Files\ntl\ntl Netguard\RPS.exe" [05/07/2005 15:31]
"SoundMan"="SOUNDMAN.EXE" [15/08/2003 07:34 C:\WINDOWS\SOUNDMAN.EXE]
"EPSON Stylus D88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.exe" [27/01/2005 04:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"@"="" []
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26/10/2005 17:17]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [14/10/2007 17:37]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:56]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [09/01/2007 14:18]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 16:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [14/07/2007 13:10]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\Paul\Start Menu\Programs\Startup\
Greetings Workshop Reminders.lnk - C:\Program Files\Greetings Workshop\GWREMIND.EXE [25/06/1996]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
broadband medic.lnk - C:\Program Files\ntl\broadband medic\bin\matcli.exe [09/01/2007 00:43:42]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 01:01:04]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2007-12-11 17:17:51 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Duron(tm) p
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 511.48 MiB / 305.97 MiB
Pagefile Memory (total/avail): 1250.34 MiB / 1060.01 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1912 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 78.13 GiB total, 52.45 GiB free.
D: is Fixed (NTFS) - 36.36 GiB total, 25.18 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6Y120L0 - 114.49 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 78.13 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 36.36 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is disabled.

FW: ntl Netguard Firewall v5.2.0 (Ntl)
AV: ntl Netguard Anti-virus v5.2.0 (Ntl)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Paul\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LOUNGE
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Paul
LOGONSERVER=\\LOUNGE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Paul\LOCALS~1\Temp
TMP=C:\DOCUME~1\Paul\LOCALS~1\Temp
USERDOMAIN=LOUNGE
USERNAME=Paul
USERPROFILE=C:\Documents and Settings\Paul
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Paul (admin)
Josh (admin)
Network Admin (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\ntl\BROADB~1\Uninstall.exe ntl
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
a-squared Free 3.0 --> "C:\Program Files\a-squared Free\unins000.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
ArcSoft PhotoBase --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\PhotoBase\Uninst.isu"
ArcSoft PhotoImpression 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{546C7D0B-1E12-4573-BCD0-F5B0D3C66A74}\Setup.exe" -l0x9
ArcSoft PhotoStudio 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\PhotoStudio 2000\Uninst.isu"
Audacity 1.2.4 --> "C:\Program Files\Audacity\unins000.exe"
broadband medic --> C:\WINDOWS\Motive\ntl\MCCUninst.exe
Canon ScanGear Toolbox 3.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ScanGear Toolbox Ver3\Uninst.isu" -c"C:\Program Files\Canon\ScanGear Toolbox Ver3\uninst.dll"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CyberTweak Version 1.3 Final --> "C:\Program Files\CyberTweak\unins000.exe"
Dan Elwell's Broadband Speed Test --> "C:\Program Files\Dan Elwell's Broadband Speed Test\unins000.exe"
dBpowerAMP Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
dBpowerAMP WMA V9.1 Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat
Digimax A7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A1E184F-E4EC-4596-B9A7-52437DC73A14}\Setup.exe" anything
Digital Camera 3.0M S --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C516E56-0B4B-4BDE-88A2-035B4D170A26}\Setup.exe"
Disc2Phone --> MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170}
Enable S3 for USB Device --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Enable S3 for USB Device\Uninst.isu"
EPSON Attach To Email --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ESD88 User's Guide --> C:\Program Files\EPSON\TPMANUAL\ESD88\USE_G\DOCUNINS.EXE
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Greetings Workshop --> C:\Program Files\Greetings Workshop\SETUP\setup.exe
HijackThis 2.0.2 --> "C:\PROGRA~1\TRENDM~1\HIJACK~1\HijackThis.exe" /uninstall
Jasc Paint Shop Pro 8 --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Juice 2.2 --> C:\Program Files\Juice\uninst.exe
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Publisher 2002 --> MsiExec.exe /I{90190409-6000-11D3-8CFE-0050048383C9}
MIKSOFT Mobile 3GP converter --> "C:\Program Files\MIKSOFT\Mobile 3GP converter\unins000.exe"
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
ntl Netguard Security --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{AA78B670-C664-432A-817D-B1C7879777A2}
NVIDIA nForce Drivers --> C:\WINDOWS\system32\nvuninst.exe Uninstall C:\WINDOWS\system32\NVU001.nvu,NVIDIA nForce Drivers
OmniPage Pro 9.0 --> C:\Program Files\Caere\OmniPagePro90\Deinstall.exe "C:\Program Files\Caere\OmniPagePro90\uninstall.exe -f'C:\Program Files\Caere\OmniPagePro90\DeIsL1.isu'"
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PCL-W310 --> C:\Program Files\PCL-W310\uninst.exe
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RTLSetup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\setup.exe" -l0x9 REMOVE
Scan Manager 5.2 --> MsiExec.exe /I{E0A1559B-9886-11D4-8D06-0050DA284A39}
Sony Ericsson PC Suite --> MsiExec.exe /I{26B5D684-75D6-44B9-BBFF-D4100F43092A}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Turbo Lister 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
Ulead Photo Express 4.0 My Custom Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21BCE515-D5A3-11D4-8E33-0010B53EC668}\setup.exe"
Update Service --> C:\Program Files\Sony Ericsson\Update Service\uninst.exe
VideoEgg Publisher --> C:\Documents and Settings\Paul\Application Data\VideoEgg\Uninstall.exe
VideoLive Mail 4.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\CyberLink\VideoLiveMail\Uninst.isu"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xara Webstyle 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB5DEC70-2C9E-11D4-9D08-0020AFE14B72}\setup.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type5803 / Error
Event Submitted/Written: 12/11/2007 04:56:41 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Event Record #/Type5802 / Error
Event Submitted/Written: 12/11/2007 04:56:41 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

Event Record #/Type5761 / Error
Event Submitted/Written: 12/08/2007 00:38:30 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application bearshare.exe, version 6.0.2.26789, faulting module mswmdm.dll, version 10.0.3790.3802, fault address 0x00012e4d.
Processing media-specific event for [bearshare.exe!ws!]

Event Record #/Type5721 / Success
Event Submitted/Written: 12/07/2007 06:26:31 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type5720 / Error
Event Submitted/Written: 12/07/2007 04:23:05 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type8912 / Warning
Event Submitted/Written: 12/10/2007 03:29:05 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type8863 / Error
Event Submitted/Written: 12/10/2007 01:37:26 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type8860 / Error
Event Submitted/Written: 12/10/2007 01:37:26 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type8857 / Error
Event Submitted/Written: 12/10/2007 01:37:25 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type8854 / Error
Event Submitted/Written: 12/10/2007 01:37:25 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126



-- End of Deckard's System Scanner: finished at 2007-12-11 17:17:51 ------------


12/11/07 16:56:50 [Info]: BlackLight Engine 1.0.67 initialized
12/11/07 16:56:50 [Info]: OS: 5.1 build 2600 (Service Pack 2)
12/11/07 16:56:51 [Note]: 7019 4
12/11/07 16:56:51 [Note]: 7005 0
12/11/07 16:56:58 [Note]: 7006 0
12/11/07 16:56:58 [Note]: 7022 0
12/11/07 16:56:58 [Note]: 7011 464
12/11/07 16:56:59 [Note]: 7026 0
12/11/07 16:56:59 [Note]: 7026 0
12/11/07 16:57:04 [Note]: FSRAW library version 1.7.1024
12/11/07 17:04:51 [Note]: 7007 0


I have also uninstalled Adobe Acrobat 5

Thanks

bigtolly
bigtolly
Active Member
 
Posts: 8
Joined: November 28th, 2007, 5:14 am

Re: Computer running slow & broadband down to 0.15 meg

Unread postby askey127 » December 12th, 2007, 7:22 am

bigtolly,
I don't see anything else.
You should be good to go.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer running slow & broadband down to 0.15 meg

Unread postby bigtolly » December 22nd, 2007, 5:22 pm

Hi askey 127

Just wanted to say thanks for your help.

Its comforting to know that there are some good guys out there who can use their expertise to help rather than hinder us.

The pc is working much faster now, but sadly the Broadband is still very erratic.
Its time to have a sort out with my ISP I think.

Your assistance is much appreciated

bigtolly
bigtolly
Active Member
 
Posts: 8
Joined: November 28th, 2007, 5:14 am

Re: Computer running slow & broadband down to 0.15 meg

Unread postby askey127 » December 23rd, 2007, 7:22 am

Glad we could be of assistance. This topic is now closed. If you wish it to be reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.
Please do not contact us to reopen this topic if you are not the topic starter.
A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

You can help support this site from this link : Donations For Malware Removal
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 305 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware