Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Slow startup could it be vviruses

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Slow startup could it be vviruses

Unread postby Jowin » June 20th, 2008, 6:44 am

My computer takes some 2-3 MINUTES to start fully after my computer shows the desktop could it be viruses can you tell with this hijack this logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:10:10 PM, on 6/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
D:\WinPatrol\winpatrol.exe
D:\Comodo\Firewall\cfp.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
D:\TakeABreak.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IDA\ida.exe
D:\System Mechanic 6\SMSystemAnalyzer.exe
D:\Launchy\Launchy.exe
C:\WINDOWS\system32\cisvc.exe
D:\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
D:\HijackThis.exe

O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [WinPatrol] D:\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKCU\..\Run: [TakeABreak] D:\\TakeABreak.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [SMSystemAnalyzer] "D:\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Launchy.lnk = D:\Launchy\Launchy.exe
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\MESSEN~1\YPager.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{12E191F2-779A-4E0E-9F33-C7937B741129}: NameServer = 203.192.192.22 203.192.195.18
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - D:\Comodo\Firewall\cmdagent.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5941 bytes

Can you tell how can I start my computer faster and are there viruses :lol:
Jowin
Active Member
 
Posts: 9
Joined: June 20th, 2008, 6:31 am
Advertisement
Register to Remove

Re: Slow startup could it be vviruses

Unread postby Shaba » June 23rd, 2008, 2:03 am

Hi Jowin

Are both avast! and Authentium AntiVirus up-to-date?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Slow startup could it be vviruses

Unread postby Jowin » June 23rd, 2008, 4:51 am

Yes my avast antivirus is up to date and I don't know whether authentium antivirus is in my computer or not :)
Last edited by Jowin on June 24th, 2008, 7:45 am, edited 2 times in total.
Jowin
Active Member
 
Posts: 9
Joined: June 20th, 2008, 6:31 am

Re: Slow startup could it be vviruses

Unread postby Shaba » June 23rd, 2008, 10:03 am

Hi

Thanks for the info.

  1. Please download and install CCleaner Slim.
  2. Once installed, double click on the desktop shortcut created.
  3. On the leftmost column, click on Tools.
  4. On the middle column, click on Uninstall.
  5. At the bottom right hand corner, click on the Save to text file... button.
  6. By default, it saves this file to C:\Program Files\CCleaner named install.txt. You may want to save it to your desktop to find it easily. Click Save.
  7. Close CCleaner.

Note: Doing this will not uninstall any programs. It will only produce a log of installed programs on your computer.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Slow startup could it be vviruses

Unread postby Jowin » June 23rd, 2008, 12:31 pm

The log file of the installed programs is

Ashampoo WinOptimizer 4.51
a-squared Anti-Malware 3.5
avast! Antivirus
CCleaner (remove only)
Foxit Reader
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
InstallShield for Microsoft Visual C++ 6
Internet Download Accelerator version 5.6
iolo technologies' System Mechanic 6
IZArc 3.81
KP Typing Tutor v3.2 Beta International Edition
Launchy 2.0
Log2space Dialer 1.0
McAfee SiteAdvisor
Microsoft .NET Framework 1.1
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0)
MSCIT Demo Exam
MusicMatch Jukebox
Nero 8 Essentials
NSIS Tuxtype2 (remove only)
NVIDIA Drivers
Opera 9.50
PPP over Ethernet Protocol 0.98
Realtek High Definition Audio Driver
Recuva (remove only)
Samsung ML-1610 Series
Unlocker 1.8.7
VideoLAN VLC media player 0.8.6d
Winamp
Windows Installer 3.1 (KB893803)
WinPatrol 2008
Yahoo! Messenger
Jowin
Active Member
 
Posts: 9
Joined: June 20th, 2008, 6:31 am

Re: Slow startup could it be vviruses

Unread postby Shaba » June 23rd, 2008, 12:42 pm

Hi

Looks like that it's not listed there.

Let's see if it's here:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Slow startup could it be vviruses

Unread postby Jowin » June 23rd, 2008, 11:39 pm

Hi,
[color=#FF0000]Log file of Deckard system scanner with name Main.txt


Deckard's System Scanner v20071014.68
Run by Jowin on 2008-06-24 08:53:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-06-24 03:23:29 UTC - RP47 - Deckard's System Scanner Restore Point
2: 2008-06-23 08:37:09 UTC - RP46 - avast uninstalled
1: 2008-06-20 10:16:32 UTC - RP45 - Removed Google Toolbar for Internet Explorer


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jowin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:29 AM, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
D:\WinPatrol\winpatrol.exe
D:\Comodo\Firewall\cfp.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
D:\TakeABreak.exe
C:\Program Files\IDA\ida.exe
D:\System Mechanic 6\SMSystemAnalyzer.exe
C:\WINDOWS\system32\cisvc.exe
D:\Comodo\Firewall\cmdagent.exe
D:\Launchy\Launchy.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Jowin\Desktop\dss.exe
C:\Jowin.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [WinPatrol] D:\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKCU\..\Run: [TakeABreak] D:\\TakeABreak.exe
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [SMSystemAnalyzer] "D:\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Launchy.lnk = D:\Launchy\Launchy.exe
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\MESSEN~1\YPager.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{12E191F2-779A-4E0E-9F33-C7937B741129}: NameServer = 203.192.192.22 203.192.195.18
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - D:\Comodo\Firewall\cmdagent.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5679 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 DgiVecp (Team MFP Comm Driver) - c:\windows\system32\drivers\dgivecp.sys <Not Verified; DeviceGuys, Inc.; DeviceGuys, Inc. Team MFP for Windows NT, 9x, and 3.1>
R3 RMSPPPOE (WAN Miniport (PPP over Ethernet Protocol)) - c:\windows\system32\drivers\rmspppoe.sys <Not Verified; Robert Schlabbach; PPP over Ethernet Protocol>

S3 AshAVMon - c:\program files\ashampoo\ashampoo antivirus\ashavmon.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-07 15:44:51 250 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job
2008-06-06 22:24:41 226 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-05-27 22:06:04 304 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2008-05-24 and 2008-06-24 -----------------------------

2008-06-24 08:55:21 396288 --a------ C:\Jowin.exe <Not Verified; Trend Micro Inc.; HijackThis>
2008-06-23 21:46:46 143360 --a------ C:\WINDOWS\system32\isdbgi51.dll <Not Verified; InstallShield Software Corporation; InstallShield®>
2008-06-23 21:46:35 0 d-------- C:\Program Files\InstallShield
2008-06-23 12:47:47 0 d--h----- C:\Documents and Settings\Administrator.JOWIN-BC1F5E70C\Templates
2008-06-23 12:47:47 0 dr------- C:\Documents and Settings\Administrator.JOWIN-BC1F5E70C\Start Menu
2008-06-23 12:47:47 0 dr-h----- C:\Documents and Settings\Administrator.JOWIN-BC1F5E70C\SendTo
2008-06-23 12:47:47 0 d--h----- C:\Documents and Settings\Administrator.JOWIN-BC1F5E70C\Recent
2008-06-23 12:47:47 0 d--h----- C:\Documents and Settings\Administrator.JOWIN-BC1F5E70C\PrintHood
2008-06-23 12:47:47 524288 --ah----- C:\Documents and Settings\Administrator.JOWIN-BC1F5E70C\NTUSER.DAT
2008-06-23 12:47:47 0 d--h----- C:\Documents and Settings\Administrator.JOWIN-BC1F5E70C\NetHood
2008-06-23 12:47:47 0 d-------- C:\Documents and Settings\Administrator.JOWIN-BC1F5E70C\My Documents
2008-06-23 12:47:47 0 d--h----- C:\Documents and Settings\Administrator.JOWIN-BC1F5E70C\Local Settings
2008-06-23 12:47:47 0 d-------- C:\Documents and Settings\Administrator.JOWIN-BC1F5E70C\Favorites
2008-06-23 12:47:47 0 d-------- C:\Documents and Settings\Administrator.JOWIN-BC1F5E70C\Desktop
2008-06-23 12:47:47 0 d---s---- C:\Documents and Settings\Administrator.JOWIN-BC1F5E70C\Cookies
2008-06-23 12:47:47 0 dr-h----- C:\Documents and Settings\Administrator.JOWIN-BC1F5E70C\Application Data
2008-06-23 12:47:47 0 d---s---- C:\Documents and Settings\Administrator.JOWIN-BC1F5E70C\Application Data\Microsoft
2008-06-23 10:47:04 0 d-------- C:\Program Files\PC Wizard 2008
2008-06-22 19:37:25 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-06-22 19:36:24 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
2008-06-22 19:31:18 0 d-------- C:\Program Files\Ashampoo
2008-06-22 13:27:31 0 d-------- C:\Borland
2008-06-21 19:37:22 0 d-------- C:\Program Files\IZArc
2008-06-21 16:04:22 0 d-------- C:\Program Files\a-squared Anti-Malware
2008-06-21 12:59:09 0 d-------- C:\Documents and Settings\Sathianesan.JOWIN-BC1F5E70C\Application Data\Macromedia
2008-06-21 12:26:15 0 d-------- C:\Documents and Settings\Sathianesan.JOWIN-BC1F5E70C\Application Data\Opera
2008-06-20 21:33:22 0 dr-h----- C:\Documents and Settings\Sathianesan.JOWIN-BC1F5E70C\Recent
2008-06-20 21:28:52 0 d-------- C:\Documents and Settings\Sathianesan.JOWIN-BC1F5E70C\Application Data\Winamp
2008-06-20 14:48:46 0 --a------ C:\Documents and Settings\Jowin\F-Prot
2008-06-20 14:40:09 0 d--h----- C:\WINDOWS\PIF
2008-06-20 12:26:47 0 dr-h----- C:\Documents and Settings\Jowin\Recent
2008-06-19 16:10:47 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-06-19 16:10:47 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-06-19 16:10:47 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-19 16:10:47 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-06-19 16:10:47 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-06-19 12:41:54 25264 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-06-19 12:41:54 41472 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-06-19 12:41:53 1212416 --a------ C:\WINDOWS\system32\Incinerator.dll
2008-06-19 12:41:48 0 d-------- C:\Program Files\iolo
2008-06-19 12:04:28 0 d-------- C:\Downloads
2008-06-19 12:04:09 0 d-------- C:\Program Files\IDA
2008-06-16 22:19:07 0 d-------- C:\Documents and Settings\Selda\Application Data\iolo
2008-06-16 15:59:54 0 d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-06-16 15:59:52 126976 --a------ C:\WINDOWS\system32\iavlsp.dll
2008-06-16 15:59:36 0 d-------- C:\Program Files\Common Files\Authentium
2008-06-16 15:46:32 74703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-06-16 15:46:26 0 d-------- C:\Documents and Settings\Jowin\Application Data\iolo
2008-06-16 15:46:26 0 d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-06-16 08:38:09 0 d-------- C:\Documents and Settings\Jowin\Application Data\Internet Download Accelerator
2008-06-15 20:34:18 0 d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-06-14 13:33:47 0 d-------- C:\Documents and Settings\Selda\Application Data\Opera
2008-06-13 15:59:15 0 d-------- C:\Documents and Settings\Jowin\Application Data\Sawtooth Software, Inc
2008-06-13 15:22:36 0 d-------- C:\Documents and Settings\Jowin\Application Data\Yahoo!
2008-06-13 15:14:42 0 d-------- C:\Documents and Settings\Jowin\Application Data\Opera
2008-06-13 15:14:36 0 d-------- C:\Program Files\Opera
2008-06-13 14:36:19 0 d-------- C:\Program Files\Trend Micro
2008-06-13 14:35:03 396288 --a------ C:\HijackThis.exe <Not Verified; Trend Micro Inc.; HijackThis>
2008-06-12 22:58:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-12 22:43:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-06-11 17:27:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo(2)
2008-06-11 10:34:58 0 d-------- C:\Documents and Settings\Jowin\Application Data\Notepad++
2008-06-11 09:56:57 0 d-------- C:\Documents and Settings\Administrator\Templates
2008-06-11 09:56:57 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-11 09:56:57 0 d-------- C:\Documents and Settings\Administrator\Local Settings
2008-06-11 09:56:57 0 d-------- C:\Documents and Settings\Administrator\Cookies
2008-06-11 09:56:57 0 d-------- C:\Documents and Settings\Administrator\Application Data
2008-06-11 09:56:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-09 15:25:40 0 d-------- C:\Documents and Settings\Wency.JOWIN-BC1F5E70C\Application Data\SiteAdvisor
2008-06-09 15:25:40 0 d-------- C:\Documents and Settings\Wency.JOWIN-BC1F5E70C\Application Data\Launchy
2008-06-09 14:13:29 5767168 --a------ C:\Documents and Settings\Jowin\ntuser.dat
2008-06-09 14:13:27 229376 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-06-08 20:46:08 0 d-------- C:\Documents and Settings\Jowin\H
2008-06-08 19:01:51 0 d-------- C:\Documents and Settings\Selda\Application Data\WinPatrol
2008-06-08 18:59:20 0 d-------- C:\Documents and Settings\Selda\Application Data\Yahoo!
2008-06-08 18:10:50 0 d-------- C:\Documents and Settings\Jowin\Application Data\IObit
2008-06-08 13:35:31 0 d-------- C:\Documents and Settings\Jowin\Application Data\WinPatrol
2008-06-07 19:53:26 0 d-------- C:\Documents and Settings\Selda\Application Data\Thunderbird
2008-06-07 19:43:57 0 d-------- C:\Documents and Settings\Selda\Application Data\Macromedia
2008-06-07 19:37:05 0 d-------- C:\Documents and Settings\Selda\Application Data\Mozilla
2008-06-07 15:43:41 0 d-------- C:\Documents and Settings\Selda\Application Data\Uniblue
2008-06-07 12:21:01 0 d-------- C:\Documents and Settings\Sathianesan.JOWIN-BC1F5E70C\Application Data\Launchy
2008-06-07 12:20:52 0 d-------- C:\Documents and Settings\Sathianesan.JOWIN-BC1F5E70C\Application Data\Comodo
2008-06-07 12:20:49 0 d-------- C:\Documents and Settings\Sathianesan.JOWIN-BC1F5E70C\Application Data\SiteAdvisor
2008-06-07 12:20:35 0 d-------- C:\Documents and Settings\Sathianesan.JOWIN-BC1F5E70C\Application Data\Identities
2008-06-07 12:20:15 0 d--h----- C:\Documents and Settings\Sathianesan.JOWIN-BC1F5E70C\PrintHood
2008-06-07 12:20:15 0 d--h----- C:\Documents and Settings\Sathianesan.JOWIN-BC1F5E70C\NetHood
2008-06-07 12:20:15 0 dr------- C:\Documents and Settings\Sathianesan.JOWIN-BC1F5E70C\My Documents
2008-06-07 12:20:15 0 d--h----- C:\Documents and Settings\Sathianesan.JOWIN-BC1F5E70C\Local Settings
2008-06-07 12:20:15 0 dr------- C:\Documents and Settings\Sathianesan.JOWIN-BC1F5E70C\Favorites
2008-06-07 12:20:15 0 d-------- C:\Documents and Settings\Sathianesan.JOWIN-BC1F5E70C\Desktop
2008-06-07 12:20:15 0 d---s---- C:\Documents and Settings\Sathianesan.JOWIN-BC1F5E70C\Cookies
2008-06-07 12:20:15 0 dr-h----- C:\Documents and Settings\Sathianesan.JOWIN-BC1F5E70C\Application Data
2008-06-07 12:20:15 0 d---s---- C:\Documents and Settings\Sathianesan.JOWIN-BC1F5E70C\Application Data\Microsoft
2008-06-07 12:20:14 0 d--h----- C:\Documents and Settings\Sathianesan.JOWIN-BC1F5E70C\Templates
2008-06-07 12:20:14 0 dr------- C:\Documents and Settings\Sathianesan.JOWIN-BC1F5E70C\Start Menu
2008-06-07 12:20:14 0 dr-h----- C:\Documents and Settings\Sathianesan.JOWIN-BC1F5E70C\SendTo
2008-06-07 12:20:14 2359296 --ah----- C:\Documents and Settings\Sathianesan.JOWIN-BC1F5E70C\ntuser.dat
2008-06-07 11:01:39 0 d-------- C:\Documents and Settings\Selda\Application Data\vlc
2008-06-07 10:57:32 0 d-------- C:\Documents and Settings\Selda\Application Data\Winamp
2008-06-07 10:53:59 0 d-------- C:\Documents and Settings\Selda\Application Data\Launchy
2008-06-07 10:53:50 0 d-------- C:\Documents and Settings\Selda\Application Data\Comodo
2008-06-07 10:53:48 0 d-------- C:\Documents and Settings\Selda\Application Data\SiteAdvisor
2008-06-07 10:53:30 0 d-------- C:\Documents and Settings\Selda\Application Data\Identities
2008-06-07 10:53:24 0 dr------- C:\Documents and Settings\Selda\Favorites
2008-06-07 10:53:24 0 d-------- C:\Documents and Settings\Selda\Desktop
2008-06-07 10:53:24 0 d---s---- C:\Documents and Settings\Selda\Cookies
2008-06-07 10:53:24 0 dr-h----- C:\Documents and Settings\Selda\Application Data
2008-06-07 10:53:24 0 d---s---- C:\Documents and Settings\Selda\Application Data\Microsoft
2008-06-07 10:53:23 0 d--h----- C:\Documents and Settings\Selda\Templates
2008-06-07 10:53:23 0 dr------- C:\Documents and Settings\Selda\Start Menu
2008-06-07 10:53:23 0 dr-h----- C:\Documents and Settings\Selda\SendTo
2008-06-07 10:53:23 0 dr-h----- C:\Documents and Settings\Selda\Recent
2008-06-07 10:53:23 0 d--h----- C:\Documents and Settings\Selda\PrintHood
2008-06-07 10:53:23 2883584 --ah----- C:\Documents and Settings\Selda\ntuser.dat
2008-06-07 10:53:23 0 d--h----- C:\Documents and Settings\Selda\NetHood
2008-06-07 10:53:23 0 dr------- C:\Documents and Settings\Selda\My Documents
2008-06-07 10:53:23 0 d--h----- C:\Documents and Settings\Selda\Local Settings
2008-06-07 06:44:17 0 d-------- C:\Program Files\Common Files\DirectX
2008-06-07 06:36:32 0 d-------- C:\Program Files\ReflexiveArcade
2008-06-06 11:38:29 0 d-------- C:\Documents and Settings\Jowin\Application Data\Netscape
2008-06-05 17:35:22 0 d-------- C:\Documents and Settings\Jowin\Application Data\Launchy
2008-06-05 17:26:23 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-06-05 14:09:26 0 d-------- C:\Documents and Settings\Jowin\Application Data\Broadband
2008-06-05 13:12:15 0 d-------- C:\Documents and Settings\Jowin\Application Data\Thunderbird
2008-06-05 11:21:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-05 10:21:11 0 d-------- C:\Program Files\Common Files\Webroot Shared
2008-06-03 10:40:14 0 d-------- C:\Documents and Settings\Jowin\Application Data\Ashampoo
2008-06-03 10:40:09 0 d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
2008-06-02 22:17:17 0 d-------- C:\Documents and Settings\Jowin\Application Data\CyberLink
2008-06-01 22:17:58 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-01 22:17:50 0 d-------- C:\Documents and Settings\Jowin\Application Data\Mozilla
2008-06-01 17:14:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-06-01 17:11:24 0 d-------- C:\Program Files\Google
2008-06-01 17:11:24 0 d-------- C:\Documents and Settings\Jowin\Application Data\Google
2008-06-01 13:40:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-05-29 17:19:23 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-05-29 17:19:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-05-29 16:54:11 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2008-05-29 16:54:11 0 d-------- C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
2008-05-29 16:54:02 0 d-------- C:\Program Files\SiteAdvisor
2008-05-29 16:53:20 0 d-------- C:\Documents and Settings\Jowin\Application Data\SiteAdvisor
2008-05-29 16:53:20 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-05-29 16:53:20 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-29 14:50:50 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-29 14:12:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-28 21:31:55 0 d-------- C:\WINDOWS\Internet Logs
2008-05-28 21:21:28 0 d-------- C:\Program Files\CyberLink
2008-05-28 13:41:46 0 d-------- C:\Documents and Settings\Jowin\Application Data\Simply Super Software
2008-05-28 13:29:55 23 --a------ C:\WINDOWS\system32\phology
2008-05-28 10:15:47 0 d-------- C:\Documents and Settings\Jowin\Application Data\IDM
2008-05-28 10:15:46 0 d-------- C:\Documents and Settings\Jowin\Application Data\DMCache
2008-05-28 07:34:38 0 d-------- C:\Documents and Settings\Wency.JOWIN-BC1F5E70C\Application Data\Comodo
2008-05-28 07:34:23 0 d-------- C:\Documents and Settings\Wency.JOWIN-BC1F5E70C\Application Data\Identities
2008-05-28 07:34:16 0 d--h----- C:\Documents and Settings\Wency.JOWIN-BC1F5E70C\Templates
2008-05-28 07:34:16 0 dr------- C:\Documents and Settings\Wency.JOWIN-BC1F5E70C\Start Menu
2008-05-28 07:34:16 0 dr-h----- C:\Documents and Settings\Wency.JOWIN-BC1F5E70C\SendTo
2008-05-28 07:34:16 0 dr-h----- C:\Documents and Settings\Wency.JOWIN-BC1F5E70C\Recent
2008-05-28 07:34:16 0 d--h----- C:\Documents and Settings\Wency.JOWIN-BC1F5E70C\PrintHood
2008-05-28 07:34:16 0 d--h----- C:\Documents and Settings\Wency.JOWIN-BC1F5E70C\NetHood
2008-05-28 07:34:16 0 dr------- C:\Documents and Settings\Wency.JOWIN-BC1F5E70C\My Documents
2008-05-28 07:34:16 0 d--h----- C:\Documents and Settings\Wency.JOWIN-BC1F5E70C\Local Settings
2008-05-28 07:34:16 0 dr------- C:\Documents and Settings\Wency.JOWIN-BC1F5E70C\Favorites
2008-05-28 07:34:16 0 d-------- C:\Documents and Settings\Wency.JOWIN-BC1F5E70C\Desktop
2008-05-28 07:34:16 0 d---s---- C:\Documents and Settings\Wency.JOWIN-BC1F5E70C\Cookies
2008-05-28 07:34:16 0 dr-h----- C:\Documents and Settings\Wency.JOWIN-BC1F5E70C\Application Data
2008-05-28 07:34:16 0 d---s---- C:\Documents and Settings\Wency.JOWIN-BC1F5E70C\Application Data\Microsoft
2008-05-28 07:34:15 2097152 --ah----- C:\Documents and Settings\Wency.JOWIN-BC1F5E70C\ntuser.dat
2008-05-27 21:53:22 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-05-27 20:43:38 34304 --a------ C:\WINDOWS\system32\RASPPPOE.EXE <Not Verified; Robert Schlabbach; PPP over Ethernet Protocol>
2008-05-27 20:43:38 38912 --a------ C:\WINDOWS\system32\RASPPPOE.DLL <Not Verified; Robert Schlabbach; PPP over Ethernet Protocol>
2008-05-27 20:43:38 31232 --a------ C:\WINDOWS\system32\drivers\RMSPPPOE.SYS <Not Verified; Robert Schlabbach; PPP over Ethernet Protocol>
2008-05-27 20:43:37 0 d-------- C:\Program Files\Log2space Dialer
2008-05-27 18:06:40 0 d-------- C:\Program Files\Alwil Software
2008-05-27 17:51:27 0 d---s---- C:\Documents and Settings\Jowin\UserData
2008-05-27 17:26:44 0 d-------- C:\Documents and Settings\Jowin\Application Data\vlc
2008-05-27 12:40:32 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-05-27 12:39:57 0 d-------- C:\Documents and Settings\Jowin\WINDOWS
2008-05-27 09:14:46 0 d-------- C:\Documents and Settings\Jowin\Application Data\dvdcss
2008-05-26 16:05:14 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-26 11:45:17 0 d-------- C:\Documents and Settings\Jowin\Application Data\Help
2008-05-25 19:58:44 0 d-------- C:\Documents and Settings\Jowin\Application Data\Macromedia
2008-05-25 13:41:21 0 d-------- C:\Documents and Settings\Jowin\Application Data\Winamp
2008-05-25 13:30:39 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-05-24 15:34:35 0 d-------- C:\Documents and Settings\Sathianesan\Application Data\Nero
2008-05-24 15:34:03 0 d-------- C:\Documents and Settings\Sathianesan\Application Data\Comodo
2008-05-24 15:33:49 0 d-------- C:\Documents and Settings\Sathianesan\Templates
2008-05-24 15:33:49 786432 --ah----- C:\Documents and Settings\Sathianesan\NTUSER.DAT
2008-05-24 15:33:49 0 d-------- C:\Documents and Settings\Sathianesan\Local Settings
2008-05-24 15:33:49 0 d-------- C:\Documents and Settings\Sathianesan\Favorites
2008-05-24 15:33:49 0 d-------- C:\Documents and Settings\Sathianesan\Cookies
2008-05-24 15:33:49 0 d-------- C:\Documents and Settings\Sathianesan\Application Data
2008-05-24 15:33:49 0 d-------- C:\Documents and Settings\Sathianesan\Application Data\Microsoft
2008-05-24 13:32:41 0 d-------- C:\Program Files\Common Files\L&H


-- Find3M Report ---------------------------------------------------------------

2008-06-20 11:36:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-17 15:49:45 0 d-------- C:\Program Files\Common Files
2008-06-14 18:15:30 10 --a------ C:\WINDOWS\popcinfo.dat
2008-06-13 14:05:04 0 d-------- C:\Documents and Settings\Jowin\Application Data\Comodo
2008-06-01 13:40:13 0 d-------- C:\Documents and Settings\Jowin\Application Data\Uniblue
2008-05-29 16:40:42 0 d-------- C:\Program Files\Online Services
2008-05-29 16:40:18 0 d-------- C:\Program Files\Windows NT
2008-05-25 15:25:11 0 d-------- C:\Program Files\AskTBar
2008-05-25 13:26:41 0 d-------- C:\Documents and Settings\Jowin\Application Data\Winamp(2)
2008-05-25 13:26:38 0 d-------- C:\Program Files\DFX
2008-05-22 03:11:14 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-22 03:11:12 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-22 03:10:49 62 --ahs---- C:\Documents and Settings\Jowin\Application Data\desktop.ini
2008-05-21 22:25:37 0 d-------- C:\Documents and Settings\Jowin\Application Data\Nero
2008-05-21 22:25:09 0 d-------- C:\Program Files\Common Files\Nero
2008-05-21 22:23:09 0 d-------- C:\Program Files\Nero
2008-05-21 22:10:51 0 d-------- C:\Program Files\Microsoft.NET
2008-05-21 22:10:47 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-21 22:06:08 0 d-------- C:\Program Files\Samsung ML-1610 Series
2008-05-21 22:06:06 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-21 21:58:42 0 d-------- C:\Program Files\Realtek
2008-05-21 21:58:38 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-05-21 21:55:06 0 d-------- C:\Documents and Settings\Jowin\Application Data\InstallShield
2008-05-21 21:54:15 0 d-------- C:\Documents and Settings\Jowin\Application Data\Identities
2008-05-21 21:50:22 0 d-------- C:\Program Files\microsoft frontpage
2008-05-21 21:50:08 0 -rahs---- C:\MSDOS.SYS
2008-05-21 21:50:08 0 -rahs---- C:\IO.SYS
2008-05-21 21:50:08 0 --a------ C:\CONFIG.SYS
2008-05-21 21:50:08 0 --a------ C:\AUTOEXEC.BAT
2008-05-21 21:49:03 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-21 21:48:16 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-21 21:48:08 0 d-------- C:\Program Files\Movie Maker
2008-05-21 21:47:27 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-21 21:47:03 0 d-------- C:\Program Files\Messenger
2008-05-21 21:46:59 0 d-------- C:\Program Files\MSN Gaming Zone


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/04/2007 02:44 PM]
"nwiz"="nwiz.exe" [10/04/2007 02:44 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/04/2007 02:44 PM]
"RTHDCPL"="RTHDCPL.EXE" [05/10/2007 03:38 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 04:13 PM C:\WINDOWS\Alcmtr.exe]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [07/03/2005 12:50 PM]
"WinPatrol"="D:\WinPatrol\winpatrol.exe" [04/25/2008 11:01 PM]
"COMODO Firewall Pro"="D:\Comodo\Firewall\cfp.exe" [05/31/2008 01:36 PM]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [06/03/2008 12:37 PM]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [05/16/2008 04:49 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TakeABreak"="D:\\TakeABreak.exe" [02/11/2005 12:14 AM]
"Internet Download Accelerator"="C:\Program Files\IDA\ida.exe" [02/14/2008 06:08 PM]
"SMSystemAnalyzer"="D:\System Mechanic 6\SMSystemAnalyzer.exe" [12/20/2006 12:38 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - D:\Launchy\Launchy.exe [6/5/2008 5:35:08 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll




-- Hosts -----------------------------------------------------------------------

127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com
127.0.0.1 032439.com

8697 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-24 08:56:38 ------------

Log file made by Deckard system scanner wuth name extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
CPU 1: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
Percentage of Memory in Use: 32%
Physical Memory (total/avail): 1791.17 MiB / 1202.14 MiB
Pagefile Memory (total/avail): 3685.82 MiB / 3240.14 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.41 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 39.06 GiB total, 31.78 GiB free.
D: is Fixed (NTFS) - 39.06 GiB total, 37.51 GiB free.
E: is Fixed (NTFS) - 39.06 GiB total, 38.08 GiB free.
F: is Fixed (NTFS) - 31.86 GiB total, 28.99 GiB free.
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600AABS-00PRA0 - 149.05 GiB - 4 partitions
\PARTITION0 (bootable) - Installable File System - 39.06 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 109.98 GiB - D: - E: - F:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
UpdatesDisableNotify is set.
AntivirusOverride is set.

FW: COMODO Firewall Pro v3.0 (COMODO)
AV: avast! antivirus 4.8.1201 [VPS 080623-1] v4.8.1201 (ALWIL Software)
AV: Ashampoo AntiVirus v1.0.0.0 (Ashampoo GmbH) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="D:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\iolo\\AntiVirus\\ioloAV.exe"="C:\\Program Files\\iolo\\AntiVirus\\ioloAV.exe:*:Enabled:iolo AntiVirus®"
"C:\\Program Files\\iolo\\AntiVirus\\iAVEmailScanner.exe"="C:\\Program Files\\iolo\\AntiVirus\\iAVEmailScanner.exe:*:Enabled:iolo AntiVirus® Email Protection"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jowin\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JOWIN-BC1F5E70C
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jowin
LOGONSERVER=\\JOWIN-BC1F5E70C
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jowin\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jowin\LOCALS~1\Temp
USERDOMAIN=JOWIN-BC1F5E70C
USERNAME=Jowin
USERPROFILE=C:\Documents and Settings\Jowin
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Sathianesan.JOWIN-BC1F5E70C (admin)
Jowin (admin)
Wency.JOWIN-BC1F5E70C (new local, admin)
Selda (admin)
Administrator.JOWIN-BC1F5E70C (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B21B14F-403B-442E-86E1-3A912D70033D}\Setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
a-squared Anti-Malware 3.5 --> "C:\Program Files\a-squared Anti-Malware\unins000.exe"
Ashampoo WinOptimizer 4.51 --> "D:\Ashampoo WinOptimizer 4\unins000.exe"
Authentium AntiVirus SDK - 2 --> MsiExec.exe /I{C67DF120-4DD3-11D4-A3CA-005004AD2A5B}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CCleaner (remove only) --> "D:\CCleaner\uninst.exe"
Foxit Reader --> D:\Foxit Reader\Uninstall.exe
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\HijackThis.exe" /uninstall
InstallShield for Microsoft Visual C++ 6 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\InstallShield\InstallShield for Microsoft Visual C++ 6\Uninst.isu"
Internet Download Accelerator version 5.6 --> "C:\Program Files\IDA\unins000.exe"
iolo technologies' System Mechanic 6 --> "D:\System Mechanic 6\unins000.exe"
IZArc 3.81 --> "C:\Program Files\IZArc\unins000.exe"
KP Typing Tutor v3.2 Beta International Edition --> "D:\KP Typing Tutor\unins000.exe"
Launchy 2.0 --> "D:\Launchy\unins000.exe"
Log2space Dialer 1.0 --> "C:\Program Files\Log2space Dialer\unins000.exe"
McAfee SiteAdvisor --> C:\Program Files\SiteAdvisor\6261\uninstall.exe
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348) --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSCIT Demo Exam --> D:\MS-CIT\Uninstal.exe
MusicMatch Jukebox --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MusicMatch\MusicMatch Jukebox\Uninst.isu" -cC:\PROGRA~1\MusicMatch\MusicMatch Jukebox\unmatch.dll
Nero 8 Essentials --> MsiExec.exe /X{CB3AA457-6FAD-4C68-8DB5-186D1F121033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NSIS Tuxtype2 (remove only) --> "D:\Tuxtype2\uninstall.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Opera 9.50 --> MsiExec.exe /X{70B96CD0-FDF2-489E-8FA0-0F92ED599368}
PPP over Ethernet Protocol 0.98 --> C:\WINDOWS\system32\RASPPPOE.EXE /remove
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Recuva (remove only) --> "D:\Recuva\uninst.exe"
Samsung ML-1610 Series --> C:\WINDOWS\Samsung\ML-1610\SETUP.EXE
Unlocker 1.8.7 --> D:\Unlocker\uninst.exe
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6d --> D:\VLC\uninstall.exe
Winamp --> "D:\Winamp\UninstWA.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinPatrol 2008 --> D:\WinPatrol\Setup.exe /remove /q0
Yahoo! Messenger --> D:\Program Files\Yahoo!\MESSEN~1\UNWISE.EXE D:\Program Files\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type279 / Error
Event Submitted/Written: 06/24/2008 08:50:50 AM
Event ID/Source: 11921 / MsiInstaller
Event Description:
Product: Authentium AntiVirus SDK - 2 -- Error 1921. Service 'dvpapi' (DvpApi) could not be stopped. Verify that you have sufficient privileges to stop system services.

Event Record #/Type273 / Warning
Event Submitted/Written: 06/24/2008 08:45:10 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{C67DF120-4DD3-11D4-A3CA-005004AD2A5B}', feature 'AV_DVP' failed during request for component '{E39DB87F-D2CB-42FF-AAA4-72E708258DC6}'

Event Record #/Type272 / Warning
Event Submitted/Written: 06/24/2008 08:45:10 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{C67DF120-4DD3-11D4-A3CA-005004AD2A5B}', feature 'AV_DVP', component '{207AD740-F307-4F4C-B354-E035CF9FCB6C}' failed. The resource 'HKEY_LOCAL_MACHINE\Software\Antivirus\' does not exist.

Event Record #/Type267 / Warning
Event Submitted/Written: 06/24/2008 07:48:15 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{C67DF120-4DD3-11D4-A3CA-005004AD2A5B}', feature 'AV_DVP' failed during request for component '{E39DB87F-D2CB-42FF-AAA4-72E708258DC6}'

Event Record #/Type266 / Warning
Event Submitted/Written: 06/24/2008 07:48:15 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{C67DF120-4DD3-11D4-A3CA-005004AD2A5B}', feature 'AV_DVP', component '{207AD740-F307-4F4C-B354-E035CF9FCB6C}' failed. The resource 'HKEY_LOCAL_MACHINE\Software\Antivirus\' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type11135 / Warning
Event Submitted/Written: 06/24/2008 08:55:01 AM
Event ID/Source: 39 / RMSPPPOE
Event Description:
Received a PPPoE Active Discovery Terminate packet with an invalid session ID.
Ignoring this packet.

Event Record #/Type11117 / Error
Event Submitted/Written: 06/24/2008 08:46:42 AM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The dvpapi service hung on starting.

Event Record #/Type11101 / Error
Event Submitted/Written: 06/24/2008 07:49:45 AM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The dvpapi service hung on starting.

Event Record #/Type11100 / Warning
Event Submitted/Written: 06/24/2008 07:48:48 AM
Event ID/Source: 39 / RMSPPPOE
Event Description:
Received a PPPoE Active Discovery Terminate packet with an invalid session ID.
Ignoring this packet.

Event Record #/Type11093 / Warning
Event Submitted/Written: 06/23/2008 10:16:26 PM
Event ID/Source: 63 / RMSPPPOE
Event Description:
Received a PPPoE Session packet for an unknown session.
Ignoring this packet.



-- End of Deckard's System Scanner: finished at 2008-06-24 08:56:38 ------------[/color][/color]
Jowin
Active Member
 
Posts: 9
Joined: June 20th, 2008, 6:31 am

Re: Slow startup could it be vviruses

Unread postby Shaba » June 24th, 2008, 6:58 am

Hi

OK, now we found it:

Authentium AntiVirus SDK - 2 --> MsiExec.exe /I{C67DF120-4DD3-11D4-A3CA-005004AD2A5B}

Please go to C:\Program Files\Common Files\Authentium\AntiVirus\ and tell me if there is an uninstaller.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Slow startup could it be vviruses

Unread postby Jowin » June 24th, 2008, 7:37 am

Hai,
There is no uninstaller in Authentium but there is a installer in Authentium

Thank you for Analysing my Log
Jowin
Active Member
 
Posts: 9
Joined: June 20th, 2008, 6:31 am

Re: Slow startup could it be vviruses

Unread postby Shaba » June 24th, 2008, 8:33 am

Hi

Then we do this:

Please click Start > Run and type in: services.msc
Click OK
In the Services window find: DvpApi (dvpapi)
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK

Now, go to Start > Run, and copy/paste the following into the Open box:
sc delete dvpapi
Click: OK

Reboot.

Delete this folder:

C:\Program Files\Common Files\Authentium\AntiVirus

Empty Recycle Bin.

Post back a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Slow startup could it be vviruses

Unread postby Jowin » June 24th, 2008, 11:47 pm

Thank you very much my computer's startup is faster than before can you give an explanation of what slowed my computer's startup
The fresh logfile of hijack this is given


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:42 AM, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
D:\WinPatrol\winpatrol.exe
D:\Comodo\Firewall\cfp.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
D:\TakeABreak.exe
D:\System Mechanic 6\SMSystemAnalyzer.exe
D:\Launchy\Launchy.exe
C:\WINDOWS\system32\cisvc.exe
D:\Comodo\Firewall\cmdagent.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
D:\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [WinPatrol] D:\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKCU\..\Run: [TakeABreak] D:\\TakeABreak.exe
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [SMSystemAnalyzer] "D:\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Launchy.lnk = D:\Launchy\Launchy.exe
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\MESSEN~1\YPager.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{12E191F2-779A-4E0E-9F33-C7937B741129}: NameServer = 203.192.192.22 203.192.195.18
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - D:\Comodo\Firewall\cmdagent.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5302 bytes
Jowin
Active Member
 
Posts: 9
Joined: June 20th, 2008, 6:31 am

Re: Slow startup could it be vviruses

Unread postby Shaba » June 25th, 2008, 2:41 am

Hi

Using two antiviruses surely slows computer down :)

You can fix these as they are leftovers:

O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

Still problems?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Slow startup could it be vviruses

Unread postby Jowin » June 26th, 2008, 12:57 pm

Thank you very much for solving my problem My computer starts faster than before
I have some final Questions:
1 Will my computer be faster if I remove some programs?
2 I download a lot of programs from the internet is Avast professional and Comodo firewalls protection be enough for me ?
3 I download programs only from sites which my mcaffe site advisor show as safe does this make me enough secure?
Jowin
Active Member
 
Posts: 9
Joined: June 20th, 2008, 6:31 am

Re: Slow startup could it be vviruses

Unread postby Jowin » June 26th, 2008, 1:00 pm

Thank you very much for solving my problem My computer starts faster than before
I have some final Questions:
1 Will my computer be faster if I remove some programs?
2 I download a lot of programs from the internet is Avast professional and Comodo firewalls protection be enough for me ?
3 I download programs only from sites which my mcaffe site advisor show as safe does this make me enough secure?
Jowin
Active Member
 
Posts: 9
Joined: June 20th, 2008, 6:31 am

Re: Slow startup could it be vviruses

Unread postby Shaba » June 26th, 2008, 1:04 pm

Hi

1) Do you mean remove from Add/remove programs?

2) It depends on where you download and what. If legit programs from original sites, then yes.

3) Well it helps but it's not 100% as you might guess.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 287 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware