Sign in to follow this  
arminsch

Issues C:\windows\system32\wsnpoem\audio.dll

Recommended Posts

Hi,

 

Well, we made progress here, because that entry in HijackThis is gone. If the infection was still active and running, the entry in HijackThis would appear immediately again.

 

I did a manual system scan with Antivir. It found Avenger\backup (I chose: ignore) and TR/Spy.Agent.42496 (I chose: quarantaine). I noticed that name and location of this Trojan is different from the previous one.

Was it a mistake not to disable AV for Avenger? Should I run it again after disabling AV?

I also did an Adaware scan. It found again BackdoorAgent and TrojanDownloader.

This is normal, because the Avenger moved the bad files into the C:\Avenger\backup folder. So that's why scanners are flagging these files now there, but they should be able to delete/quarantine them without any problem. You may actually also remove the C:\Avenger folder.

A next scan with your Avira may also show the files present in your system restore points - but avira should be able to delete them without any problem either.

 

Also.. * Clean your Cache and Cookies in IE:

  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click "Delete".
  • Click "Delete Files", "Delete cookies" and "Delete history"
  • Click Close below.

* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window

* Clean other Temporary files + Recycle bin

  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.

Then reboot your computer once again and post a new HijackThislog so I can see if that entry stays away.

Share this post


Link to post
Share on other sites

Hi

 

I have done the things you asked me to do, but I didn’t clear the passwords in Firefox, if that is ok (I find it convenient for less important passwords, though I don’t save banking passwords).

 

It is a bit like last time: The first session after the fix was fine, the second session was slow. But nothing found with Antivir (except avenger).

 

Here is the HJT log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:49:13, on 15.10.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\PFShared\UmxCfg.exe

C:\Program Files\Common Files\PFShared\UmxPol.exe

C:\Program Files\Tiny Firewall Pro\UmxAgent.exe

C:\Program Files\Tiny Firewall Pro\UmxTray.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

D:\progr\a-squared Free\a2service.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\FRITZ!DSL\IGDCTRL.EXE

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\slserv.exe

C:\Program Files\Common Files\PFShared\umxlu.exe

C:\Program Files\Raxco\PerfectDisk\PDSched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\VM_STI.EXE

C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Program Files\Ditto\Ditto.exe

C:\Program Files\PC-TV\WinManager\WinManager.exe

C:\Program Files\FRITZ!DSL\FwebProt.exe

C:\Program Files\FRITZ!DSL\StCenter.EXE

D:\progr\TV\Aopen Digital TV.exe

D:\progr\TV\CaptureData.exe

D:\progr\TV\PlayProgram.exe

D:\progr\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\progr\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Ditto] C:\Program Files\Ditto\Ditto.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: FRITZ!DSL Protect.lnk = C:\Program Files\FRITZ!DSL\FwebProt.exe

O4 - Global Startup: WinManager.lnk = C:\Program Files\PC-TV\WinManager\WinManager.exe

O8 - Extra context menu item: eBay Powersuche - http://www.webtip.ch/cgi-bin/buyertools/button.pl?adv

O8 - Extra context menu item: eBay Produktsuche - D:\progr\Buyertools Reminder15\SearchEbay.htm

O8 - Extra context menu item: eBay Startseite - http://www.webtip.ch/cgi-bin/buyertools/button.pl?heim

O8 - Extra context menu item: Mein eBay - http://www.webtip.ch/cgi-bin/buyertools/button.pl?mein

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - D:\progr\Buyertools Reminder15\ReminderIE.exe (file missing)

O9 - Extra button: Preispiraten 2.1.1 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - C:\Program Files\Preispiraten\Preispiraten2\preispiraten2ie.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} (ChartFX Internet Financial Client 4.0) - http://www.schaeffersresearch.com/Download/Cfx4Financial.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\progr\a-squared Free\a2service.exe

O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files\Common Files\AVM\de_serv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: FW Event Manager (UmxAgent) - Tiny Software, Inc. - C:\Program Files\Tiny Firewall Pro\UmxAgent.exe

O23 - Service: FW Configuration Interpreter (UmxCfg) - Tiny Software, Inc. - C:\Program Files\Common Files\PFShared\UmxCfg.exe

O23 - Service: FW Live Update (UmxLU) - Tiny Software, Inc. - C:\Program Files\Common Files\PFShared\umxlu.exe

O23 - Service: FW Policy Manager (UmxPol) - Tiny Software Inc. - C:\Program Files\Common Files\PFShared\UmxPol.exe

O23 - Service: FW User to IP Address Translation (UmxUTA) - Tiny Software, Inc. - C:\Program Files\Tiny Firewall Pro\umxuta.exe

 

--

End of file - 9404 bytes

Share this post


Link to post
Share on other sites

Your log looks clean again. Infection should be gone.

You don't have to "clear" your passwords, you have to change all your passwords, because they are currently known.

 

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

 

Happy Surfing again!

Share this post


Link to post
Share on other sites

Hi miekiemoes

 

After some days of surfing I can say that trojan problem is probably fixed, but it is still not like before. The performance is really bad since this incident, switching between tabs and windows can take very long. But don’t worry, as long as there is no security issue, it is not such a big problem.

I really appreciate your help to fix the trojan. Also thank you for giving me the links for safety and other tips. Perhaps that can help me to improve the performance.

 

Just one question: the trojan is still in Antivir’s quarantine. Shall I leave it there?

Share this post


Link to post
Share on other sites

Hi,

 

Did you perform the steps posted here? Help! My computer is slow!

Because third party software may cause this - in most cases Security software. I know Avira doesn't cause this - but you never know

I see you have Winpatrol and A-squared running in the background. I wouldn't exaggerate here. Only one is needed. Winpatrol is known to cause a system delay.

Best way to find out what exact program is causing this is closing them from your system tray (next to the clock) - and see if that makes a difference. This is how to figure out what exact program may cause this.

From your logs previously, I couldn't see anything malware related anymore, so this shouldn't be a malware related issue.

 

I would also check and fix this entry in HijackThis:

 

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

 

This because this googleupdater service is not really required. Also since it causes a slowdown.

Actually, I don't even see you still have the google toolbar installed, so I wonder why this service should still be running. Actually, if there's an option in add/remove program to uninstall this Google updater, it will be better to uninstall it instead of only fixing in HijackThis.

 

If your slowdown is mainly in Internet Explorer, then it could be one of your add-ons installed causing this.

In that case, run IE in no add ons mode to find ou.

To run Internet Explorer 7 without Add-ons, rightclick the IE7 icon present on your desktop and select: "Start without Add-ons"

 

ie7noaddons1.gif

 

In case that option is not present there, go to start > All Programs > Accessories > System Tools > Internet Explorer (No Add-ons)

 

ie7noaddons2.gif

 

This will start Internet Explorer 7 in the No-Add ons mode. This means that toolbars and Browser Helper Objects will be disabled.

So if your problem is solved when you use the No-Add on mode, this means that one of your Add ons is causing this.

 

If so... and IE7 works Ok with the add ons disabled,

 

* Open Internet Explorer, click the Tools button in the menu > Manage Add-ons > Enable or Disable Add-ons

This will open a new Window with the Add-ons currently loaded into Internet Explorer (that option should be selected by default under "Show")

Now, it's a matter of trial and error what exact Add-on is causing this, so select the first Add-on there and under settings below, select the "disable" radio button. Click Ok below and close your Internet Explorer in order to accept the changes.

Then open your Internet Explorer again and look if you're still having the same problem, if so - then disable the next Add-on there... and so on, until you figured out which Add-on exactly is causing your problem.

 

You may delete whatever Avira quarantined. To do this, open Avira > quarantine tab, select the entries there and click the recycle bin on top (or rightclick the entries and select to delete)

Share this post


Link to post
Share on other sites

thanks for addressing my performance problem again. Perhaps it is even a little more than just a bad performance.

 

Let me give you a bit more info first: before the trojan occurred a few weeks ago, everything was fine, so I assume th problem may be related to the trojan or with anything I have done since.

After booting, the PC starts fine, but after a while, be it 1 or 3 hours, it tends to get slow. Switching tabs or windows can take up to 30 seconds. Not every time I switch windows, but more and more often it takes so long. At some point I just have to reboot. It really looks like something is going on in the background, just like with the trojan problem before.

By the way, I use Firefox, hardly ever IE.

 

Basically, I have done the things you advised on your web site.

 

I have removed winpatrol, but HJT cannot fix google updater.

 

A few days ago, I have done a system scan with Avira. Nothing was found. Yesterday I did it again, and it found 2 issues:

 

C:\Documents and Settings\Armin\Local Settings\Temporary Internet Files\Content.IE5\U2K4R6LX\SecIEZone[1].hta

[FUND] Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Zones.Gen

 

C:\WINDOWS\system32\ActiveScan\pskavs.dll

[FUND] Enthält Erkennungsmuster des Windows-Virus W95/Blumblebee.1738

Share this post


Link to post
Share on other sites

What Avira flags is nothng to worry about - The first one is is related with the PCPitstop tests. The second one is related with Kaspersky online. So both are false positives.

So your problem actually starts when your computer is on for a couple of hours? And this happens while surfing?

Can you do me a favour and uninstall Tiny Firewall? Then reboot and install the Comodo firewall instead:

http://www.personalfirewall.comodo.com/

This is the only way to test if it's your Tiny firewall causing this. Because I have seen this issue before with certain firewalls.

Share this post


Link to post
Share on other sites

It appears that my performance problems are related with being online, but I don’t usually boot the PC, and then work on it for hours without at least sometimes going online. But to check it, I have done it once, and there were no problems.

But the problems are not restricted to online work or to the browser. For example, I am online for a while, go offline, then work with a word document, and notice that sometimes it takes 30 seconds to respond. Or when I want to open or close another program, it responds slowly or not at all.

I have also checked the CPU usage during the “waiting timeâ€: it is not high.

And it is not browser-specific, I tried FF and IE.

 

I have installed Comodo, but same problem. By the way, Comodo asks me all the time if I want to allow this or that program. I always click “yesâ€, is that right?

 

Do you have any other idea? If yes, it’s great, if not, I buy another computer next year.

Share this post


Link to post
Share on other sites

Ok,

 

So basically, you have this after your computer is on for a couple of hours, not only while you surf/use your browser, but in general... even when you're disconnected from the internet - as I understand here.

In that case, it rather looks like a hardware issue (problem with "releasing" ram) or processor overheating or any other program running in the background causing this sudden slowdown after a couple of hours.

If it was malware, than you would have the slowdown almost immediately after reboot, but in your case, it's after a couple of hours, so this doesn't sound like a malware related problem anyway.

 

This may indeed happen on some older computers if too many processes are running. And you do have indeed a lot of processes running in the background as I see in your log. I would start to close Yahoo, Messenger, Your ditto software, a-squared, FRITZ!DSL (FwebProt.exe), PC-TV WinManager.

See if that makes any difference.

By the way, I just googled some processes related with your FRITZ!DSL and it appears that many are having slowdown issues with it.

Some also notice a high cpu from the IGDCTRL.EXE process, related with your FRITZ!DSL. Sometimes the CPU stays "normal" but slowdown stays the same. So I am wondering here if this has something to do with it.

 

For me, it's difficult to troubleshoot in your place what is exactly causing this sudden slowdown after a couple of hours. All I know is that your logs don't show any traces from malware anymore and your scans come up clean - so it's actually a matter of trial and error to figure out what program is causing this (if any) or if there are hardware related issues involved.

 

There's still something I can check to see what *may be the cause, but as I said, it's difficult for me to properly troubleshoot if I am not in front of the pc.

 

Anyway, do next please..;

 

* Download Deckard System Scanner to your Desktop.

  • Close all applications and windows.
  • Double-click on dds.exe to run it, and follow the prompts.
  • The scan may take a minute. When the scan is complete, a text file will open - main.txt
  • A folder (C:\Deckard\System Scanner) will also open which contains the main.txt and an extra.txt.
  • Copy and paste the contents of main.txt + extra.txt in your next reply. (You may need more than one reply to post the logs)

Share this post


Link to post
Share on other sites

Good to know that the problems are probably not caused by malware.

 

I have removed Yahoo, MSM, ditto and PC-tv from the startup programs. But I don’t understand about a-sqared. I don’t see it in the startup section with Ccleaner, and I was never aware it is a startup program. And don’t I need Fritz!DSL for giong online?

 

By the way, my PC is 2 years old with 256 Mb RAM.

 

Since the scan hidden files are shown. I have set it back.

 

Comodo always displays frightening messages that I don’t understand, like

Winamp.exe is loading browseui.dll which can be used by keyloggers or that FF is trying to use winword.exe to OLE automation, that can be used for hijaking.

Shall I always allow everything?

 

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

 

-- System Information ----------------------------------------------------------

 

Microsoft Windows XP Professional (build 2600) SP 2.0

Architecture: X86; Language: English

 

CPU 0: AMD Sempron 2400+

Percentage of Memory in Use: 69%

Physical Memory (total/avail): 255.48 MiB / 78.83 MiB

Pagefile Memory (total/avail): 618.71 MiB / 319.36 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1936.64 MiB

 

C: is Fixed (NTFS) - 14.65 GiB total, 1.41 GiB free.

D: is Fixed (NTFS) - 61.67 GiB total, 36.93 GiB free.

E: is CDROM (No Media)

 

\\.\PHYSICALDRIVE0 - Maxtor 6Y080L0 - 76.33 GiB - 2 partitions

\PARTITION0 (bootable) - Installable File System - 14.65 GiB - C:

\PARTITION1 - Extended w/Extended Int 13 - 61.67 GiB - D:

 

 

 

-- Security Center -------------------------------------------------------------

 

AUOptions is set to notify before download.

Windows Internal Firewall is disabled.

 

FirstRunDisabled is set.

 

FW: COMODO Firewall Pro v2.3.035 (COMODO)

AV: Avira AntiVir PersonalEdition v 7.0.0.114

(Avira GmbH)

 

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\Ditto\\Ditto.exe"="C:\\Program Files\\Ditto\\Ditto.exe:*:Disabled:Ditto"

 

 

-- Environment Variables -------------------------------------------------------

 

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Armin\Application Data

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=ARMIN-PC

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Armin

LOGONSERVER=\\ARMIN-PC

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0801

ProgramFiles=C:\Program Files

PROMPT=$P$G

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\Armin\LOCALS~1\Temp

TMP=C:\DOCUME~1\Armin\LOCALS~1\Temp

USERDOMAIN=ARMIN-PC

USERNAME=Armin

USERPROFILE=C:\Documents and Settings\Armin

windir=C:\WINDOWS

 

 

-- User Profiles ---------------------------------------------------------------

 

Armin (admin)

Guy (admin)

Administrator (admin)

 

 

-- Add/Remove Programs ---------------------------------------------------------

 

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83021AC3-086F-4B77-ACCD-1BD7C9AB211E}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

2 Find MP3 --> "C:\Program Files\2 Find MP3\unins000.exe"

5star GameTuner --> MsiExec.exe /X{4D5D8C8A-9D4F-40AB-0001-D315B54D68CA}

a-squared Free 3.0 --> "D:\progr\a-squared Free\unins000.exe"

Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG

Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 8.1.0 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81000000003}

Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log

AOpen Digital TV --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C19DBE5E-712E-4F02-8380-ECEDD951B374}\setup.exe" -l0x9

ArtRage 2.2 Free --> "D:\progr\ArtRage 2 Free\unins000.exe"

Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"

AusLogics Disk Defrag --> "C:\Program Files\AusLogics Disk Defrag\unins000.exe"

Avalanche --> MsiExec.exe /X{680FF5A3-524F-11D8-9E00-0004769EEFEB}

Avira AntiVir PersonalEdition Classic --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

AVM FRITZ!DSL --> C:\WINDOWS\IsUn0407.exe -f"C:\Program Files\FRITZ!DSL\WebUnins.isu" -c"C:\Program Files\FRITZ!DSL\Webunins.dll"

C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe

CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"

COMODO Firewall Pro --> C:\Program Files\Comodo\Firewall\fwconfig.exe -uninstalln

D-SAT5 5.0 --> C:\Program Files\D\D-Sat5\SETUP.EXE PWSIREMOVE

DasTelefonbuch. Alles in einem. Berlin 2005/2006 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBD18519-8A81-4019-A7DD-CC8F5DD0A4F6}\setup.exe"

Digimax Master --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe" -l0x9 -removeonly

Ditto 2.6.5.0 --> "C:\Program Files\Ditto\unins000.exe"

EPSON-Drucker-Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R

EPSON CardMonitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\SETUP.EXE" -l0x7 uninst

EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\Setup.exe" -l0x9 -UnInstall

EPSON PhotoQuicker3.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\SETUP.EXE" -l0x7 uninst

EPSON PhotoStarter3.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C48817E7-AA05-4151-A99D-1E1E550CE801}\SETUP.EXE" -l0x7 uninst

EPSON PRINT Image Framer Tool2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59ED4-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x7 anything

EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r

EPSON Smart Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x7 Uninstall

EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x7 -anything

ESCX3600 Referenzhandbuch --> C:\Program Files\EPSON\TPMANUAL\ESCX3600\REF_G\DOCUNINS.EXE

ESCX3600 Softwarehandbuch --> C:\Program Files\EPSON\TPMANUAL\ESCX3600\PQU_G\DOCUNINS.EXE

FaxTalk Communicator 4.5 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\FaxTalk Communicator\Uninst.isu" -c"C:\Program Files\FaxTalk Communicator\FTUnInUt.dll"

Foto-Mosaik 4.1.0 --> d:\Progr\Foto-Mosaik\unins000.exe

FRITZ!Box --> C:\Program Files\FRITZ!Box\install.exe -d

GelbeSeiten Für Berlin 2005/2006 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4245A9F8-1907-4223-9343-64E5CA02E0C0}\setup.exe"

GMX Upload-Manager --> C:\Program Files\GMX\GMX Upload-Manager\uninst.exe

Goldgräber --> C:\Program Files\Goldgräber\dhuninstall.exe

Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly

HijackThis 2.0.2 --> "d:\Progr\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Incomedia WebSite X5 Evolution --> C:\WINDOWS\system32\iwpsetup.exe Uninst /Evolution /DE /D:\progr\WebsiteEvolution

IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe

Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

JuicedDemo --> MsiExec.exe /X{D6E74815-64BA-4C3B-BCE0-B9CAC80BFBDF}

Jä[email protected] Version 1.02.8 --> "C:\Program Files\phonostar\unins000.exe"

Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe

Labtec Mouse Software 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77E6239B-BF3B-496B-9634-2AC9589B61BB}\Setup.exe" -l0x0009

Last.fm 1.1.3.0 --> "C:\Program Files\Last.fm\unins000.exe"

Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe

MAGIX Filme für unterwegs e-version (D) --> D:\progr\Magix\instslct.exe

MAGIX Online Druck Service (D) --> D:\progr\Online_Druck_Service\instslct.exe

Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}

Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Mozilla Firefox (2.0.0.8) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Thunderbird (1.0.6) --> C:\WINDOWS\UninstallThunderbird.exe /ua "1.0.6 (de)"

mp3Tag 5.7 --> "d:\Progr\mp3Tag 5\unins000.exe"

Mp3tag v2.39 --> d:\Progr\Mp3tag\Mp3tagUninstall.EXE

MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

NeroVision Express 2 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL

NetoDragon 56K Voice Modem --> C:\WINDOWS\Modio\SLAMR2KV\Setup.exe /Remove

OpenOffice.org 2.0 --> MsiExec.exe /I{33D6723B-DE6B-4E86-A6BC-CD1F3E42DD26}

Optical Mousemate V1.0 --> C:\PROGRA~1\OPTICA~1\UNINSTAL.EXE

Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan

PC Inspector File Recovery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x9

PerfectDisk --> MsiExec.exe /I{C190CB55-817E-4713-84F4-0BBB8961CED9}

Picasa 2 --> "D:\progr\Picasa2\Uninstall.exe"

PIF DESIGNER2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}\SETUP.EXE" -l0x7 anything

QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log

RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

S500/S600 USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{514DF7BB-D192-417C-BB60-58BF1FD34253}\Setup.exe" anything

Samsung PC Studio PIM & File Manager 2.0 --> MsiExec.exe /I{489C0D77-F99B-4975-92C1-0ED07F5EB979}

ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\SETUP.EXE" ADDREMOVEDLG

Sphairon USB Wireless LAN Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1692C91-2400-4223-BD5E-69AB99C84C64}\setup.exe" -l0x7 -removeonly

Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"

SpywareBlaster v3.5.1 --> "d:\Progr\SpywareBlaster\unins000.exe"

Tux Paint (remove only) --> "C:\Program Files\TuxPaint\uninstall.exe"

TV-Browser 2.5 --> C:\Program Files\TV-Browser\Uninstall.exe

TweakNow RegCleaner --> "C:\Program Files\TweakNow RegCleaner\unins000.exe"

Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u

Virtual Earth 3D (Beta) --> MsiExec.exe /X{619B8475-0F48-41B7-A370-5147F7092989}

Visualizer Photo Resize --> MsiExec.exe /I{838F0053-8744-4B63-8819-CC44C06308AC}

VP-Hotline --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Citron\VP-Hotline\Uninst.isu"

WebEye --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03B20126-F3C2-11D5-A6D2-00C026001DCA}\Setup.exe" -l0x9

WIDCOMM Bluetooth Software --> MsiExec.exe /X{FE90E9E7-A158-4687-8853-DF677A939A61}

Winamp (remove only) --> "D:\progr\Winamp\UninstWA.exe"

Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Live Messenger --> MsiExec.exe /I{279DB581-239C-4E13-97F8-0F48E40BE75C}

Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}

Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\Yinsthelper.dll

Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

 

 

-- Application Event Log -------------------------------------------------------

 

Event Record #/Type167424 / Success

Event Submitted/Written: 10/25/2007 04:22:46 PM

Event ID/Source: 12001 / usnjsvc

Event Description:

The Messenger Sharing USN Journal Reader service started successfully.

 

Event Record #/Type167406 / Success

Event Submitted/Written: 10/24/2007 05:12:56 PM

Event ID/Source: 12001 / usnjsvc

Event Description:

The Messenger Sharing USN Journal Reader service started successfully.

 

Event Record #/Type167391 / Success

Event Submitted/Written: 10/24/2007 00:38:02 PM

Event ID/Source: 12001 / usnjsvc

Event Description:

The Messenger Sharing USN Journal Reader service started successfully.

 

Event Record #/Type167373 / Warning

Event Submitted/Written: 10/23/2007 05:06:33 PM

Event ID/Source: 1524 / Userenv

Event Description:

Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

 

Event Record #/Type167370 / Success

Event Submitted/Written: 10/23/2007 03:07:18 PM

Event ID/Source: 12001 / usnjsvc

Event Description:

The Messenger Sharing USN Journal Reader service started successfully.

 

 

 

-- Security Event Log ----------------------------------------------------------

 

No Errors/Warnings found.

 

 

-- System Event Log ------------------------------------------------------------

 

Event Record #/Type77478 / Warning

Event Submitted/Written: 10/25/2007 10:11:41 PM

Event ID/Source: 18 / avgntflt

Event Description:

TIMEOUT<System> C:\...ion Data\Ditto\DittoDB.mdb

 

Event Record #/Type77477 / Warning

Event Submitted/Written: 10/25/2007 10:10:54 PM

Event ID/Source: 18 / avgntflt

Event Description:

TIMEOUT<Ditto.exe> C:\... Data\Ditto\DittoDB.mdb

 

Event Record #/Type77474 / Warning

Event Submitted/Written: 10/25/2007 08:47:57 PM

Event ID/Source: 1003 / Dhcp

Event Description:

Your computer was not able to renew its address from the network (from the

DHCP Server) for the Network Card with network address 000B6A7C7073. The following

error occurred:

%%1223.

Your computer will continue to try and obtain an address on its own from

the network address (DHCP) server.

 

Event Record #/Type77472 / Warning

Event Submitted/Written: 10/25/2007 08:47:41 PM

Event ID/Source: 1003 / Dhcp

Event Description:

Your computer was not able to renew its address from the network (from the

DHCP Server) for the Network Card with network address 000B6A7C7073. The following

error occurred:

%%1223.

Your computer will continue to try and obtain an address on its own from

the network address (DHCP) server.

 

Event Record #/Type77469 / Warning

Event Submitted/Written: 10/25/2007 08:27:18 PM / 10/25/2007 08:27:19 PM

Event ID/Source: 240 / Win32k

Event Description:

A request to suspend power was denied by Aopen Digital T.

 

 

 

-- End of Deckard's System Scanner: finished at 2007-10-25 22:17:29 ------------

Share this post


Link to post
Share on other sites

Deckard's System Scanner v20071014.68

Run by Armin on 2007-10-25 22:15:39

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- System Restore --------------------------------------------------------------

 

Successfully created a Deckard's System Scanner Restore Point.

 

 

-- Last 3 Restore Point(s) --

3: 2007-10-25 20:15:52 UTC - RP309 - Deckard's System Scanner Restore Point

2: 2007-10-23 12:31:13 UTC - RP308 - Removed Tiny Firewall Pro 6.0

1: 2007-10-12 04:42:42 UTC - RP307 - ComboFix created restore point

 

 

Backed up registry hives.

Performed disk cleanup.

 

Total Physical Memory: 256 MiB (512 MiB recommended).

System Drive C: has 1.41 GiB (less than 15%) free.

 

 

-- HijackThis (run as Armin.exe) -----------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:16:50, on 25.10.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

D:\progr\a-squared Free\a2service.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\FRITZ!DSL\IGDCTRL.EXE

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Comodo\Firewall\cmdagent.exe

C:\WINDOWS\system32\slserv.exe

C:\Program Files\Raxco\PerfectDisk\PDSched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\VM_STI.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Comodo\Firewall\CPF.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Ditto\Ditto.exe

C:\Program Files\PC-TV\WinManager\WinManager.exe

C:\Program Files\FRITZ!DSL\FwebProt.exe

C:\Program Files\FRITZ!DSL\StCenter.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Armin\My Documents\dss.exe

D:\progr\Trend Micro\HijackThis\Armin.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: FRITZ!DSL Protect.lnk = C:\Program Files\FRITZ!DSL\FwebProt.exe

O8 - Extra context menu item: eBay Powersuche - http://www.webtip.ch/cgi-bin/buyertools/button.pl?adv

O8 - Extra context menu item: eBay Produktsuche - D:\progr\Buyertools Reminder15\SearchEbay.htm

O8 - Extra context menu item: eBay Startseite - http://www.webtip.ch/cgi-bin/buyertools/button.pl?heim

O8 - Extra context menu item: Mein eBay - http://www.webtip.ch/cgi-bin/buyertools/button.pl?mein

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - D:\progr\Buyertools Reminder15\ReminderIE.exe (file missing)

O9 - Extra button: Preispiraten 2.1.1 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - C:\Program Files\Preispiraten\Preispiraten2\preispiraten2ie.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} (ChartFX Internet Financial Client 4.0) - http://www.schaeffersresearch.com/Download/Cfx4Financial.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\progr\a-squared Free\a2service.exe

O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files\Common Files\AVM\de_serv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

 

--

End of file - 8571 bytes

 

-- HijackThis Fixed Entries (D:\progr\Trend Micro\HijackThis\backups\) ---------

 

backup-20071008-104214-654 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,

backup-20071009-093940-368 F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,

backup-20071009-172040-751 F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,

backup-20071009-172129-903 F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,

backup-20071013-185924-949 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,

backup-20071020-185918-567 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

backup-20071020-185935-992 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

backup-20071020-190009-967 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

backup-20071020-220011-925 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

backup-20071020-220025-143 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

 

-- File Associations -----------------------------------------------------------

 

All associations okay.

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

R0 RecAgent - c:\windows\system32\drivers\recagent.sys <Not Verified; ; Modem>

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>

R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>

R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>

R0 sr (System Restore Filter Driver) - c:\windows\\systemroot\system32\drivers\sr.sys (file missing)

R1 moufiltr (Mouse Filter Driver) - c:\windows\system32\drivers\moufiltr.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

R1 uigxrdr - c:\windows\system32\drivers\uigxrdr.sys <Not Verified; GMX GmbH; GMX Upload-Manager>

R1 UsbFltr (WayTechUSBFilterDriver) - c:\windows\system32\drivers\usbfltr.sys <Not Verified; Waytech Development, Inc.; Keyboard>

R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys

R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 1.4.2 Build 10>

R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>

R3 Mtlmnt5 - c:\windows\system32\drivers\mtlmnt5.sys <Not Verified; ; Modem>

R3 Slntamr (NetoDragon AMR_PCI Driver) - c:\windows\system32\drivers\slntamr.sys <Not Verified; ; Modem>

R3 SlWdmSup - c:\windows\system32\drivers\slwdmsup.sys <Not Verified; ; Modem>

R3 UDTTUSB (USBDTT - USB DVB-T adapter Driver) - c:\windows\system32\drivers\udttcap.sys <Not Verified; TwinHan Technology; TwinHan VP7041>

R3 ZSMC301b (VIMICRO USB PC Camera) - c:\windows\system32\drivers\usbvm31b.sys <Not Verified; VM; >

 

S3 catchme - c:\docume~1\armin\locals~1\temp\catchme.sys (file missing)

S3 Mtlstrm - c:\windows\system32\drivers\mtlstrm.sys <Not Verified; ; Modem>

S3 NtMtlFax - c:\windows\system32\drivers\ntmtlfax.sys <Not Verified; ; Modem>

S3 SlNtHal - c:\windows\system32\drivers\slnthal.sys <Not Verified; ; Modem>

S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys (file missing)

S3 UDTTLOAD - c:\windows\system32\drivers\udttload.sys <Not Verified; TwinHan Technology; TwinHan VP7041>

S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler>

R2 AVM IGD CTRL Service - c:\program files\fritz!dsl\igdctrl.exe <Not Verified; AVM Berlin; AVM IGD Service>

R2 PDSched (PDScheduler) - "c:\program files\raxco\perfectdisk\pdsched.exe" <Not Verified; Raxco Software, Inc.; PDSched Module>

R2 SLService (SmartLinkService) - slserv.exe <Not Verified; ; Modem>

 

S3 de_serv (AVM FRITZ!web Routing Service) - c:\program files\common files\avm\de_serv.exe <Not Verified; AVM Berlin; AVM Rocky>

 

 

-- Device Manager: Disabled ----------------------------------------------------

 

No disabled devices found.

 

 

-- Files created between 2007-09-25 and 2007-10-25 -----------------------------

 

2007-10-23 14:49:15 0 d-------- C:\Documents and Settings\Armin\Application Data\Comodo

2007-10-23 14:48:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo

2007-10-23 14:44:10 0 d-------- C:\Program Files\Comodo

2007-10-18 14:34:26 0 d-------- C:\WINDOWS\system32\ActiveScan

2007-10-09 10:58:29 0 d-------- C:\Program Files\Java

2007-10-09 10:58:26 0 d-------- C:\Program Files\Common Files\Java

2007-10-08 13:33:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2007-10-08 13:32:25 0 d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-10-07 22:13:36 0 d-------- C:\Program Files\Avira

2007-10-07 22:13:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira

2007-10-05 07:56:49 0 d-------- C:\Documents and Settings\Armin\Application Data\SiteAdvisor

2007-10-05 07:56:49 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor

2007-10-05 07:56:49 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee

2007-09-29 10:26:25 0 d-------- C:\Documents and Settings\Armin\.imgseek

 

 

-- Find3M Report ---------------------------------------------------------------

 

2007-10-25 22:11:16 0 d-------- C:\Documents and Settings\Armin\Application Data\Ditto

2007-10-25 18:14:25 0 d-------- C:\Documents and Settings\Armin\Application Data\FRITZ!

2007-10-23 14:31:37 0 d-------- C:\Program Files\Tiny Firewall Pro

2007-10-21 15:18:56 0 d-------- C:\Documents and Settings\Armin\Application Data\OpenOffice.org2

2007-10-09 10:58:26 0 d-------- C:\Program Files\Common Files

2007-10-08 12:44:03 0 d-a------ C:\Program Files\OfficeScan NT

2007-09-29 15:29:30 0 d-------- C:\Program Files\Common Files\Buhl Data Service

2007-09-22 12:12:24 0 d-------- C:\Documents and Settings\Armin\Application Data\Mp3tag

2007-09-21 18:30:35 0 d-------- C:\Program Files\Mozilla Thunderbird

2007-09-20 23:30:04 0 d-------- C:\Documents and Settings\Armin\Application Data\Desktop Sidebar

2007-09-19 12:38:20 0 d-------- C:\Program Files\PC Inspector File Recovery

2007-09-19 12:38:17 0 d--h----- C:\Program Files\InstallShield Installation Information

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Cmaudio"="cmicnfg.cpl" []

"BluetoothAuthenticationAgent"="bthprops.cpl" [04.08.2004 00:56 C:\WINDOWS\system32\bthprops.cpl]

"BigDogPath"="C:\WINDOWS\VM_STI.exe" [01.07.2005 19:52]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [10.10.2007 19:33]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 01:11]

"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [23.10.2007 14:44]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 00:56]

 

C:\Documents and Settings\Armin\Start Menu\Programs\Startup\

FRITZ!DSL Protect.lnk - C:\Program Files\FRITZ!DSL\FwebProt.exe [03.03.2006 13:14:48]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"SynchronousMachineGroupPolicy"=0 (0x0)

"SynchronousUserGroupPolicy"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoStrCmpLogical"=1 (0x1)

"LinkResolveIgnoreLinkInfo"=0 (0x0)

"NoResolveSearch"=1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"=0 (0x0)

"NoRecentDocsHistory"=1 (0x1)

"NoLowDiskSpaceChecks"=1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs BthServ

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0adf85e6-b261-11da-b62f-000b6a7c7073}]

AutoRun\command- F:\preinst.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afab3585-bb1c-11da-b64c-000b6a7c7073}]

AutoRun\command- F:\preinst.exe

 

 

 

 

-- End of Deckard's System Scanner: finished at 2007-10-25 22:17:29 ------------

Share this post


Link to post
Share on other sites

Hi,

 

Well, I guess I found your problem/cause.

 

Let me answer your questions first..

 

A-squared runs as a service, that's why you couldn't see it in your startup programs. It's under the services tab in msconfig.

In your case, since you only have 256MB of ram present, I would suggest that you disable a-squared from startup anyway.

 

You can do this by fixing next entry in HijackThis:

 

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\progr\a-squared Free\a2service.exe

 

This will stop and disable the service. It won't delete the program, so you can still use it. And to be honest, a-squared isn't such a good scanner anyway (IMHO). It still detects a lot of false positives (for example, it detects almost every p2p program as malicious).

So why not just uninstalling it? You already have Spybot and Ad-Aware installed.. and in your case, you really need to make some free space on your drive, because your drive is almost full.

 

And don’t I need Fritz!DSL for giong online?
Yes, but some components are not really required to startup with Windows. For example, FRITZ!DSL\FwebProt.exe, not sure what its exact purpose of this one is, but I guess, if you disable that one, that it won't affect your connection. Anyway, leave it now as it is, the cause why you are having these problems are known now..

 

Winamp.exe is loading browseui.dll which can be used by keyloggers or that FF is trying to use winword.exe to OLE automation, that can be used for hijaking.

Shall I always allow everything?

In this case, you may allow both and mark a checkmark next to "remember" in the display.

The winword.exe/FF alert mostly happens when you switch from FF to another application, for example Excel, Word...

This is normal. For Winamp.exe, yes, it's also normal. So if you know these programs and use it, allow it. Comodo displays these alerts to make you aware of some handles, this in case when you don't know a certain application. Also read here for a better explanation.

 

And now your main problem:

This is your problem causing the slow down after a couple of hours:

 

Total Physical Memory: 256 MiB (512 MiB recommended).

System Drive C: has 1.41 GiB (less than 15%) free.

 

You only have 256MB of ram. That explains why everything is slowly after a couple of hours. Especially with all these programs running in the background. And, it also appears that your drive is almost full (you don't have much reserve there) - and that's another reason why everything goes slowly after a couple of hours.

 

So there are a few things you can do here - and that's to free up more space by uninstalling programs you don't need anymore (because your drive is almost full), you only have 1.41 GiB left anymore.

 

For the 256MB of ram, this is also way too low - no wonder everyting goes slowly after a couple of hours. Your ram cannot deal with all open applications properly since you don't have any reserve.

So, you really need to add more ram here. Or just disable a lot of programs from startup - and if you use a program, make sure only one program is open at a time. Don't have several different programs open - because that's where the slowdown starts.

 

This was already covered in the "Help my computer is slow" link, where I explained that the amount of ram and the free space on your disk is one of the most important causes of a slow system. In your case, you have both (only 256MB of ram and not many space left on your drive)

 

Anyway, since you said you'll have a new Computer in the near future anyway, then there's actually no real need to make much changes on this system (adding more ram etc), except if you're mainly going to use this computer to work on. I suggest you uninstall the programs you don't use anymore anyway, defragment often, use Ccleaner at least twice a week, and make sure not too many programs are open at the same time.

The fact that you already switched from Tiny firewall to comodo and switched from Trendmicro to Avira is already an improvement for your system speed, but as I explained, there's nothing much you can do to completely solve your problem since you only have 256MB of ram.

Share this post


Link to post
Share on other sites

Hi miekiemoes

 

It tends to be slightly better now. I can cope with it for a while and buy a new PC next year.

Again, thanks a lot for your patient help!

:D

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

 

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

 

Everyone else please begin a New Topic.

 

Thank you !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this