Jump to content

usedabused

Honorary Members
  • Posts

    56
  • Joined

  • Last visited

Reputation

0 Neutral
  1. When I downloaded the antivirus it scanned and quarantined two items. I stopped the scan early not knowing it had found anything. Here is the report. Avira Free Antivirus Report file date: Saturday, February 01, 2014 12:02 The program is running as an unrestricted full version. Online services are available. Licensee : Avira Antivirus Free Serial number : 0000149996-AVHOE-0000001 Platform : Microsoft Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : PC1 Version information: BUILD.DAT : 14.0.2.286 55547 Bytes 12/9/2013 11:37:00 AVSCAN.EXE : 14.0.2.254 1032760 Bytes 12/9/2013 16:37:19 AVSCANRC.DLL : 14.0.2.180 52280 Bytes 12/9/2013 16:37:19 LUKE.DLL : 14.0.2.234 65592 Bytes 12/9/2013 16:37:20 AVSCPLR.DLL : 14.0.2.254 124472 Bytes 12/9/2013 16:37:19 AVREG.DLL : 14.0.2.212 250424 Bytes 12/9/2013 16:37:19 avlode.dll : 14.0.2.254 540216 Bytes 12/9/2013 16:37:19 avlode.rdf : 13.0.1.70 56974 Bytes 2/1/2014 10:57:22 VBASE000.VDF : 7.11.70.0 66736640 Bytes 4/4/2013 16:37:22 VBASE001.VDF : 7.11.74.226 2201600 Bytes 4/30/2013 16:37:22 VBASE002.VDF : 7.11.80.60 2751488 Bytes 5/28/2013 16:37:22 VBASE003.VDF : 7.11.85.214 2162688 Bytes 6/21/2013 16:37:22 VBASE004.VDF : 7.11.91.176 3903488 Bytes 7/23/2013 16:37:22 VBASE005.VDF : 7.11.98.186 6822912 Bytes 8/29/2013 16:37:22 VBASE006.VDF : 7.11.103.230 2293248 Bytes 9/24/2013 16:37:22 VBASE007.VDF : 7.11.116.38 5485568 Bytes 11/28/2013 16:37:22 VBASE008.VDF : 7.11.126.50 3615744 Bytes 1/22/2014 10:56:27 VBASE009.VDF : 7.11.126.51 2048 Bytes 1/22/2014 10:56:27 VBASE010.VDF : 7.11.126.52 2048 Bytes 1/22/2014 10:56:28 VBASE011.VDF : 7.11.126.53 2048 Bytes 1/22/2014 10:56:28 VBASE012.VDF : 7.11.126.54 2048 Bytes 1/22/2014 10:56:28 VBASE013.VDF : 7.11.126.55 2048 Bytes 1/22/2014 10:56:28 VBASE014.VDF : 7.11.126.251 188928 Bytes 1/25/2014 10:56:29 VBASE015.VDF : 7.11.127.155 239616 Bytes 1/29/2014 10:56:30 VBASE016.VDF : 7.11.128.89 283136 Bytes 2/1/2014 10:56:31 VBASE017.VDF : 7.11.128.90 2048 Bytes 2/1/2014 10:56:31 VBASE018.VDF : 7.11.128.91 2048 Bytes 2/1/2014 10:56:31 VBASE019.VDF : 7.11.128.92 2048 Bytes 2/1/2014 10:56:31 VBASE020.VDF : 7.11.128.93 2048 Bytes 2/1/2014 10:56:32 VBASE021.VDF : 7.11.128.94 2048 Bytes 2/1/2014 10:56:32 VBASE022.VDF : 7.11.128.95 2048 Bytes 2/1/2014 10:56:32 VBASE023.VDF : 7.11.128.96 2048 Bytes 2/1/2014 10:56:32 VBASE024.VDF : 7.11.128.97 2048 Bytes 2/1/2014 10:56:33 VBASE025.VDF : 7.11.128.98 2048 Bytes 2/1/2014 10:56:33 VBASE026.VDF : 7.11.128.99 2048 Bytes 2/1/2014 10:56:33 VBASE027.VDF : 7.11.128.100 2048 Bytes 2/1/2014 10:56:33 VBASE028.VDF : 7.11.128.101 2048 Bytes 2/1/2014 10:56:34 VBASE029.VDF : 7.11.128.102 2048 Bytes 2/1/2014 10:56:34 VBASE030.VDF : 7.11.128.103 2048 Bytes 2/1/2014 10:56:34 VBASE031.VDF : 7.11.128.140 74752 Bytes 2/1/2014 16:41:49 Engine version : 8.2.12.180 AEVDF.DLL : 8.1.3.4 102774 Bytes 12/9/2013 16:37:18 AESCRIPT.DLL : 8.1.4.182 520574 Bytes 2/1/2014 10:57:10 AESCN.DLL : 8.1.10.6 131447 Bytes 2/1/2014 10:57:08 AESBX.DLL : 8.2.20.6 1331575 Bytes 2/1/2014 10:57:11 AERDL.DLL : 8.2.0.138 704888 Bytes 12/9/2013 16:37:18 AEPACK.DLL : 8.3.3.12 774521 Bytes 2/1/2014 10:57:05 AEOFFICE.DLL : 8.1.2.76 205181 Bytes 12/9/2013 16:37:18 AEHEUR.DLL : 8.1.4.882 6451578 Bytes 2/1/2014 10:56:56 AEHELP.DLL : 8.1.27.10 266618 Bytes 12/9/2013 16:37:18 AEGEN.DLL : 8.1.7.22 446839 Bytes 2/1/2014 10:56:36 AEEXP.DLL : 8.4.1.176 418168 Bytes 2/1/2014 10:57:12 AEEMU.DLL : 8.1.3.2 393587 Bytes 12/9/2013 16:37:18 AECORE.DLL : 8.1.33.0 225657 Bytes 2/1/2014 10:56:36 AEBB.DLL : 8.1.1.4 53619 Bytes 12/9/2013 16:37:18 AVWINLL.DLL : 14.0.2.180 23608 Bytes 12/9/2013 16:37:19 AVPREF.DLL : 14.0.2.180 48696 Bytes 12/9/2013 16:37:19 AVREP.DLL : 14.0.2.180 175672 Bytes 12/9/2013 16:37:19 AVARKT.DLL : 14.0.2.254 256056 Bytes 12/9/2013 16:37:18 AVEVTLOG.DLL : 14.0.2.180 165944 Bytes 12/9/2013 16:37:18 SQLITE3.DLL : 3.7.0.1 394808 Bytes 12/9/2013 16:37:21 AVSMTP.DLL : 14.0.2.180 60472 Bytes 12/9/2013 16:37:19 NETNT.DLL : 14.0.2.180 13368 Bytes 12/9/2013 16:37:20 RCIMAGE.DLL : 14.0.2.180 4788792 Bytes 12/9/2013 16:37:21 RCTEXT.DLL : 14.0.2.236 72760 Bytes 12/9/2013 16:37:21 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Reporting...........................: default Primary action......................: Interactive Secondary action....................: Ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Limit recursion depth...............: 20 Smart extensions....................: on Macrovirus heuristic................: on File heuristic......................: extended Start of the scan: Saturday, February 01, 2014 12:02 Start scanning boot sectors: Boot sector 'HDD0(C:)' [iNFO] No virus was found! Starting search for hidden objects. An ARK library instance is already running. The scan of running processes will be started: Scan process 'msdtc.exe' - '40' Module(s) have been scanned Scan process 'dllhost.exe' - '60' Module(s) have been scanned Scan process 'dllhost.exe' - '42' Module(s) have been scanned Scan process 'vssvc.exe' - '36' Module(s) have been scanned Scan process 'avscan.exe' - '88' Module(s) have been scanned Scan process 'avscan.exe' - '88' Module(s) have been scanned Scan process 'avcenter.exe' - '90' Module(s) have been scanned Scan process 'ctfmon.exe' - '25' Module(s) have been scanned Scan process 'TBNotifier.exe' - '62' Module(s) have been scanned Scan process 'avgnt.exe' - '71' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'jusched.exe' - '21' Module(s) have been scanned Scan process 'igfxtray.exe' - '30' Module(s) have been scanned Scan process 'Explorer.EXE' - '105' Module(s) have been scanned Scan process 'WgaTray.exe' - '52' Module(s) have been scanned Scan process 'AVWEBGRD.EXE' - '50' Module(s) have been scanned Scan process 'avshadow.exe' - '26' Module(s) have been scanned Scan process 'wdfmgr.exe' - '15' Module(s) have been scanned Scan process 'svchost.exe' - '38' Module(s) have been scanned Scan process 'svchost.exe' - '30' Module(s) have been scanned Scan process 'svchost.exe' - '30' Module(s) have been scanned Scan process 'MDM.EXE' - '22' Module(s) have been scanned Scan process 'jqs.exe' - '35' Module(s) have been scanned Scan process 'svchost.exe' - '40' Module(s) have been scanned Scan process 'apnmcp.exe' - '24' Module(s) have been scanned Scan process 'avguard.exe' - '80' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'sched.exe' - '41' Module(s) have been scanned Scan process 'spoolsv.exe' - '57' Module(s) have been scanned Scan process 'svchost.exe' - '42' Module(s) have been scanned Scan process 'svchost.exe' - '33' Module(s) have been scanned Scan process 'svchost.exe' - '163' Module(s) have been scanned Scan process 'svchost.exe' - '39' Module(s) have been scanned Scan process 'svchost.exe' - '51' Module(s) have been scanned Scan process 'lsass.exe' - '59' Module(s) have been scanned Scan process 'services.exe' - '27' Module(s) have been scanned Scan process 'winlogon.exe' - '73' Module(s) have been scanned Scan process 'csrss.exe' - '12' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting to scan executable files (registry): The registry was scanned ( '3033' files ). Starting the file scan: Begin scan in 'C:\' C:\Documents and Settings\user\Application Data\Business Logic\UWC\Backup\J41648.9953520949.WCU [0] Archive type: ZIP --> C:/Documents and Settings/user/Local Settings/Temp/~tmf249311782764804006.tmp [DETECTION] Is the TR/Symmi.36807.33 Trojan [WARNING] Infected files in archives cannot be repaired --> C:/Documents and Settings/user/Local Settings/Temp/~tmf5424086969793073034.tmp [DETECTION] Is the TR/Drop.Bunitu.C.179 Trojan [WARNING] Infected files in archives cannot be repaired C:\FRST\Quarantine\wrwkpj.dat [DETECTION] Is the TR/Crypt.ZPACK.45653 Trojan Beginning disinfection: C:\FRST\Quarantine\wrwkpj.dat [DETECTION] Is the TR/Crypt.ZPACK.45653 Trojan [NOTE] The file was moved to the quarantine directory under the name '55489935.qua'! C:\Documents and Settings\user\Application Data\Business Logic\UWC\Backup\J41648.9953520949.WCU [DETECTION] Is the TR/Drop.Bunitu.C.179 Trojan [NOTE] The file was moved to the quarantine directory under the name '4da5b6d4.qua'! End of the scan: Saturday, February 01, 2014 13:28 Used time: 1:22:42 Hour(s) The scan has been canceled! 4486 Scanned directories 162623 Files were scanned 3 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 Files were deleted 0 Viruses and unwanted programs were repaired 2 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 162620 Files not concerned 1227 Archives were scanned 2 Warnings 2 Notes
  2. It does not show BUS and SLOT. It only says "unknown" Craig Hart's PCI+AGP bus sniffer, Version 1.6, freeware made in 1996-2005. Searching for Devices using CFG Mechanism 1 [OS: Win XP Service Pack 3] Bus 0 (PCI), Device Number 0, Device Function 0 Vendor 8086h Intel Corporation Device 2560h 82845G/GL/GV Brookdale Host-Hub Interface Bridge (A1-step) Command 0106h (Memory Access, BusMaster, System Errors) Status 2090h (Has Capabilities List, Supports Back-To-Back Trans., Received Master Abort, Fast Timing) Revision 01h, Header Type 00h, Bus Latency Timer 00h Self test 00h (Self test not supported) PCI Class Bridge, type PCI to HOST Subsystem ID FFFFFFFFh Unknown Subsystem Vendor FFFFh Unknown Address 0 is a Memory Address (anywhere in 0-4Gb, Prefetchable) : D0000000h New Capabilities List Present: Vendor-Dependant Capability Bus 0 (PCI), Device Number 2, Device Function 0 Vendor 8086h Intel Corporation Device 2562h 82845G/GL/GV Integrated Graphics Device (A1-step) Command 0007h (I/O Access, Memory Access, BusMaster) Status 0090h (Has Capabilities List, Supports Back-To-Back Trans., Fast Timing) Revision 01h, Header Type 00h, Bus Latency Timer 00h Self test 00h (Self test not supported) PCI Class Display, type VGA Subsystem ID 02671014h Unknown Subsystem Vendor 1014h IBM Address 0 is a Memory Address (anywhere in 0-4Gb, Prefetchable) : 88000000h Address 1 is a Memory Address (anywhere in 0-4Gb) : 80000000h System IRQ 16, INT# A New Capabilities List Present: Power Management Capability, Version 1.0 Does not support low power State D1 or D2 Does not support PME# signalling Current Power State : D0 (Device operational, no power saving) Bus 0 (PCI), Device Number 29, Device Function 0 Vendor 8086h Intel Corporation Device 24C2h 82801DB/DBL USB UHCI Controller #1 (ICH4/ICH4-L A1 step) Command 0005h (I/O Access, BusMaster) Status 0280h (Supports Back-To-Back Trans., Medium Timing) Revision 01h, Header Type 80h, Bus Latency Timer 00h Self test 00h (Self test not supported) PCI Class Serial, type USB (UHCI) Subsystem ID 02671014h Unknown Subsystem Vendor 1014h IBM Address 4 is an I/O Port : 00001800h System IRQ 16, INT# A Bus 0 (PCI), Device Number 29, Device Function 1 Vendor 8086h Intel Corporation Device 24C4h 82801DB/DBL USB UHCI Controller #2 (ICH4/ICH4-L A1 step) Command 0005h (I/O Access, BusMaster) Status 0280h (Supports Back-To-Back Trans., Medium Timing) Revision 01h, Header Type 00h, Bus Latency Timer 00h Self test 00h (Self test not supported) PCI Class Serial, type USB (UHCI) Subsystem ID 02671014h Unknown Subsystem Vendor 1014h IBM Address 4 is an I/O Port : 00001820h System IRQ 19, INT# B Bus 0 (PCI), Device Number 29, Device Function 2 Vendor 8086h Intel Corporation Device 24C7h 82801DB/DBL USB UHCI Controller #3 (ICH4/ICH4-L A1 step) Command 0005h (I/O Access, BusMaster) Status 0280h (Supports Back-To-Back Trans., Medium Timing) Revision 01h, Header Type 00h, Bus Latency Timer 00h Self test 00h (Self test not supported) PCI Class Serial, type USB (UHCI) Subsystem ID 02671014h Unknown Subsystem Vendor 1014h IBM Address 4 is an I/O Port : 00001840h System IRQ 18, INT# C Bus 0 (PCI), Device Number 29, Device Function 7 Vendor 8086h Intel Corporation Device 24CDh 82801DB/DBL USB 2.0 EHCI Controller (ICH4/ICH4-L A1 step) Command 0106h (Memory Access, BusMaster, System Errors) Status 0290h (Has Capabilities List, Supports Back-To-Back Trans., Medium Timing) Revision 01h, Header Type 00h, Bus Latency Timer 00h Self test 00h (Self test not supported) PCI Class Serial, type USB 2.0 (EHCI) Subsystem ID 02671014h Unknown Subsystem Vendor 1014h IBM Address 0 is a Memory Address (anywhere in 0-4Gb) : C0080000h System IRQ 23, INT# D New Capabilities List Present: Power Management Capability, Version 1.1 Does not support low power State D1 or D2 Supports PME# signalling from mode(s) D0, D3hot, D3cold PME# signalling is currently disabled Current Power State : D0 (Device operational, no power saving) 3.3v AUX Current required : 375mA Bus 0 (PCI), Device Number 30, Device Function 0 Vendor 8086h Intel Corporation Device 244Eh 82801DB/DBL Hub Interface to PCI Bridge (ICH4/ICH4-L A1 step) Command 0107h (I/O Access, Memory Access, BusMaster, System Errors) Status 8080h (Supports Back-To-Back Trans., Detected Parity Error, Fast Timing) Revision 81h, Header Type 01h, Bus Latency Timer 00h Self test 00h (Self test not supported) PCI Class Bridge, type PCI to PCI PCI Bridge Information: Primary Bus Number 0, Secondary Bus Number 2, Subordinate Bus Number 2 Secondary Bus Command 0004h (ISA mapping) Secondary Bus Status 2280h (Supports Back-To-Back Trans., Received Master Abort, Medium Timing) Secondary Bus Latency 20h I/O Port Range Passed to Secondary Bus : 2000h to 2FFFh (16-bit I/O space) Memory Range Passed to Secondary Bus : C0100000h to C01FFFFFh Prefetchable Memory Range Passed to Secondary Bus : None Bus 0 (PCI), Device Number 31, Device Function 0 Vendor 8086h Intel Corporation Device 24C0h 82801DB/DBL (ICH4/ICH4-L) LPC Interface Bridge Command 010Fh (I/O Access, Memory Access, BusMaster, Special Cycles, System Errors) Status 0280h (Supports Back-To-Back Trans., Medium Timing) Revision 01h, Header Type 80h, Bus Latency Timer 00h Self test 00h (Self test not supported) PCI Class Bridge, type PCI to ISA Bus 0 (PCI), Device Number 31, Device Function 1 Vendor 8086h Intel Corporation Device 24CBh 82801DB/DBL (ICH4/ICH4-L) UltraATA/100 EIDE Controller Command 0007h (I/O Access, Memory Access, BusMaster) Status 0280h (Supports Back-To-Back Trans., Medium Timing) Revision 01h, Header Type 00h, Bus Latency Timer 00h Self test 00h (Self test not supported) PCI Class Storage, type IDE (ATA) PCI EIDE Controller Features : BusMaster EIDE is supported Primary Channel is at I/O Port 01F0h and IRQ 14 Secondary Channel is at I/O Port 0170h and IRQ 15 Subsystem ID 02671014h Unknown Subsystem Vendor 1014h IBM Address 0 is an I/O Port : 00000000h Address 1 is an I/O Port : 00000000h Address 2 is an I/O Port : 00000000h Address 3 is an I/O Port : 00000000h Address 4 is an I/O Port : 00001860h Address 5 is a Memory Address (anywhere in 0-4Gb) : EFFFF800h Bus 0 (PCI), Device Number 31, Device Function 3 Vendor 8086h Intel Corporation Device 24C3h 82801DB/DBL SMBus Controller (ICH4/ICH4-L A1 step) Command 0001h (I/O Access) Status 0280h (Supports Back-To-Back Trans., Medium Timing) Revision 01h, Header Type 00h, Bus Latency Timer 00h Self test 00h (Self test not supported) PCI Class Serial, type SMBus Controller Subsystem ID 02671014h Unknown Subsystem Vendor 1014h IBM Address 4 is an I/O Port : 00001880h System IRQ 9, INT# B Bus 0 (PCI), Device Number 31, Device Function 5 Vendor 8086h Intel Corporation Device 24C5h 82801DB/DBL AC'97 Audio Controller (ICH4/ICH4-L A1 step) Command 0007h (I/O Access, Memory Access, BusMaster) Status 0290h (Has Capabilities List, Supports Back-To-Back Trans., Medium Timing) Revision 01h, Header Type 00h, Bus Latency Timer 00h Self test 00h (Self test not supported) PCI Class Multimedia, type Audio Subsystem ID 02671014h SoundMAX Integrated Digital Audio Subsystem Vendor 1014h IBM Address 0 is an I/O Port : 00001C00h Address 1 is an I/O Port : 000018C0h Address 2 is a Memory Address (anywhere in 0-4Gb) : C0080C00h Address 3 is a Memory Address (anywhere in 0-4Gb) : C0080800h System IRQ 17, INT# B New Capabilities List Present: Power Management Capability, Version 1.1 Does not support low power State D1 or D2 Supports PME# signalling from mode(s) D0, D3hot, D3cold PME# signalling is currently disabled Current Power State : D0 (Device operational, no power saving) 3.3v AUX Current required : 375mA Bus 2 (PCI), Device Number 8, Device Function 0 Vendor 8086h Intel Corporation Device 1039h 82801DB/DBL LAN Controller with 82562ET/EZ PHY (ICH4/ICH4-L A1 step) Command 0117h (I/O Access, Memory Access, BusMaster, MemWrite+Invalidate, System Errors) Status 0290h (Has Capabilities List, Supports Back-To-Back Trans., Medium Timing) Revision 81h, Header Type 00h, Bus Latency Timer 42h Minimum Bus Grant 08h, Maximum Bus Latency 38h Self test 00h (Self test not supported) Cache line size 32 Bytes (8 DWords) PCI Class Network, type Ethernet Subsystem ID 02671014h Unknown Subsystem Vendor 1014h IBM Address 0 is a Memory Address (anywhere in 0-4Gb) : C0110000h Address 1 is an I/O Port : 00002000h System IRQ 20, INT# A New Capabilities List Present: Power Management Capability, Version 1.1 Supports low power State D1 Supports low power State D2 Supports PME# signalling from mode(s) D0, D1, D2, D3hot, D3cold PME# signalling is currently enabled Current Power State : D0 (Device operational, no power saving) Power Data Registers Information: D0 Power Consumed: 580mW D1 Power Consumed: 400mW D2 Power Consumed: 400mW D3 Power Consumed: 400mW D0 Power Dissipated: 580mW D1 Power Dissipated: 400mW D2 Power Dissipated: 400mW D3 Power Dissipated: 400mW Bus 2 (PCI), Device Number 10, Device Function 0 Vendor 127Ah Rockwell Semiconductor Systems (Also Conexant) Device 1023h HCF V.90 Data/Fax Modem Command 0307h (I/O Access, Memory Access, BusMaster, System Errors, Back-To-Back Transactions) Status 0290h (Has Capabilities List, Supports Back-To-Back Trans., Medium Timing) Revision 01h, Header Type 00h, Bus Latency Timer 20h Self test 00h (Self test not supported) PCI Class Simple Communication, type Other Subsystem ID 029713E0h Unknown Subsystem Vendor 13E0h GVC Corporation Address 0 is a Memory Address (anywhere in 0-4Gb) : C0100000h Address 1 is an I/O Port : 00002040h System IRQ 22, INT# A New Capabilities List Present: Power Management Capability, Version 1.1 Does not support low power State D1 or D2 Supports PME# signalling from mode(s) D0, D3hot, D3cold PME# signalling is currently enabled Current Power State : D0 (Device operational, no power saving) 3.3v AUX Current required : 0mA (Self powered) IRQ Summary: IRQs 9,14,15,16,17,18,19,20,22,23 are used by PCI devices Shared IRQs: IRQ 16 is shared by 2 PCI Devices IRQ control is currently managed by the system APIC controller - IRQ info is not actual hardware settings...
  3. How do I copy the folder inside the zip file to the top of my C: drive? I think I can do everything else. Thanks
  4. No, it says "unknown". I can go into the device manager and disable the yellow question mark and the window will not appear.
  5. If I click on the Next button and tell it to go find the update automatically It says that it can not find the software. Install cd. MiniToolBox by Farbar Version: 18-12-2013 Ran by user (administrator) on 29-01-2014 at 23:18:52 Running from "C:\Documents and Settings\user\Desktop" Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Intel® PRO/100 VE Network Connection = Local Area Connection 2 (Connected) # ---------------------------------- # Interface IP Configuration # ---------------------------------- pushd interface ip # Interface IP Configuration for "Local Area Connection 2" set address name="Local Area Connection 2" source=dhcp set dns name="Local Area Connection 2" source=dhcp register=PRIMARY set wins name="Local Area Connection 2" source=dhcp popd # End of interface IP configuration Windows IP Configuration Host Name . . . . . . . . . . . . : pc1 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection Physical Address. . . . . . . . . : 00-09-6B-F3-1A-74 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.3 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 192.168.1.1 Lease Obtained. . . . . . . . . . : Wednesday, January 29, 2014 11:17:34 PM Lease Expires . . . . . . . . . . : Thursday, January 30, 2014 11:17:34 PM Server: UnKnown Address: 192.168.1.1 Name: google.com Addresses: 74.125.228.101, 74.125.228.97, 74.125.228.100, 74.125.228.98 74.125.228.96, 74.125.228.104, 74.125.228.102, 74.125.228.99, 74.125.228.103 74.125.228.110, 74.125.228.105 Pinging google.com [74.125.228.97] with 32 bytes of data: Reply from 74.125.228.97: bytes=32 time=21ms TTL=54 Reply from 74.125.228.97: bytes=32 time=21ms TTL=54 Ping statistics for 74.125.228.97: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 21ms, Maximum = 21ms, Average = 21ms Server: UnKnown Address: 192.168.1.1 Name: yahoo.com Addresses: 98.138.253.109, 206.190.36.45, 98.139.183.24 Pinging yahoo.com [206.190.36.45] with 32 bytes of data: Reply from 206.190.36.45: bytes=32 time=88ms TTL=44 Reply from 206.190.36.45: bytes=32 time=88ms TTL=44 Ping statistics for 206.190.36.45: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 88ms, Maximum = 88ms, Average = 88ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x2 ...00 09 6b f3 1a 74 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 20 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3 20 192.168.1.3 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3 20 224.0.0.0 240.0.0.0 192.168.1.3 192.168.1.3 20 255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3 1 Default Gateway: 192.168.1.1 =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation) Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 16 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation) Catalog9 17 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (01/28/2014 06:48:10 PM) (Source: Application Hang) (User: ) Description: Hanging application UWClean_1_.exe, version 8.5.5.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (01/26/2014 11:33:14 AM) (Source: Application Hang) (User: ) Description: Hanging application WINWORD.EXE, version 11.0.8227.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (01/25/2014 02:03:00 PM) (Source: Application Hang) (User: ) Description: Hanging application googleearth.exe, version 4.2.205.5730, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (01/21/2014 03:23:21 AM) (Source: MPSampleSubmission) (User: ) Description: EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (01/21/2014 03:10:57 AM) (Source: Application Error) (User: ) Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x100014ab. Processing media-specific event for [explorer.exe!ws!] Error: (01/18/2014 02:26:59 PM) (Source: Application Hang) (User: ) Description: Hanging application firefox.exe, version 26.0.0.5087, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (01/17/2014 11:01:40 PM) (Source: ESENT) (User: ) Description: Catalog Database (1108) Database C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb was partially detached. Error -1032 encountered updating database headers. Error: (01/17/2014 11:01:40 PM) (Source: ESENT) (User: ) Description: Catalog Database (1108) Unable to write a shadowed header for file C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb. Error -1032. Error: (01/17/2014 11:01:40 PM) (Source: ESENT) (User: ) Description: svchost (1108) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (01/17/2014 10:59:18 PM) (Source: ESENT) (User: ) Description: svchost (1108) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). System errors: ============= Error: (01/29/2014 00:24:59 PM) (Source: Dhcp) (User: ) Description: The IP address lease 192.168.1.2 for the Network Card with network address 00096BF31A74 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error: (01/28/2014 05:59:44 PM) (Source: 0) (User: ) Description: 192.168.1.2F8:27:93:1C:5E:41 Error: (01/28/2014 05:59:44 PM) (Source: 0) (User: ) Description: 192.168.1.2F8:27:93:1C:5E:41 Error: (01/28/2014 04:09:49 PM) (Source: Dhcp) (User: ) Description: The IP address lease 192.168.1.3 for the Network Card with network address 00096BF31A74 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error: (01/27/2014 05:08:17 PM) (Source: Dhcp) (User: ) Description: The IP address lease 192.168.1.2 for the Network Card with network address 00096BF31A74 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error: (01/27/2014 08:58:46 AM) (Source: Dhcp) (User: ) Description: The IP address lease 192.168.1.2 for the Network Card with network address 00096BF31A74 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error: (01/26/2014 10:50:49 PM) (Source: Dhcp) (User: ) Description: The IP address lease 192.168.1.3 for the Network Card with network address 00096BF31A74 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error: (01/26/2014 11:34:04 AM) (Source: 0) (User: ) Description: \Device\Harddisk1\D Error: (01/26/2014 11:34:03 AM) (Source: 0) (User: ) Description: \Device\Harddisk1\D Error: (01/26/2014 11:34:02 AM) (Source: 0) (User: ) Description: \Device\Harddisk1\D Microsoft Office Sessions: ========================= Error: (01/28/2014 06:48:10 PM) (Source: Application Hang)(User: ) Description: UWClean_1_.exe8.5.5.0hungapp0.0.0.000000000 Error: (01/26/2014 11:33:14 AM) (Source: Application Hang)(User: ) Description: WINWORD.EXE11.0.8227.0hungapp0.0.0.000000000 Error: (01/25/2014 02:03:00 PM) (Source: Application Hang)(User: ) Description: googleearth.exe4.2.205.5730hungapp0.0.0.000000000 Error: (01/21/2014 03:23:21 AM) (Source: MPSampleSubmission)(User: ) Description: mptelemetry0x80070003moaccachereset4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL Error: (01/21/2014 03:10:57 AM) (Source: Application Error)(User: ) Description: explorer.exe6.0.2900.5512unknown0.0.0.0100014ab Error: (01/18/2014 02:26:59 PM) (Source: Application Hang)(User: ) Description: firefox.exe26.0.0.5087hungapp0.0.0.000000000 Error: (01/17/2014 11:01:40 PM) (Source: ESENT)(User: ) Description: Catalog Database1108C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb-1032 Error: (01/17/2014 11:01:40 PM) (Source: ESENT)(User: ) Description: Catalog Database1108C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb-1032 Error: (01/17/2014 11:01:40 PM) (Source: ESENT)(User: ) Description: svchost1108C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process. Error: (01/17/2014 10:59:18 PM) (Source: ESENT)(User: ) Description: svchost1108C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process. =========================== Installed Programs ============================ 32 Bit HP CIO Components Installer (Version: 6.1.1) Adobe Flash Player 11 ActiveX (Version: 11.9.900.117) Adobe Flash Player 11 Plugin (Version: 11.8.800.168) Apple Application Support (Version: 2.3.4) Apple Software Update (Version: 2.1.3.127) ATI Display Driver (Version: 8.231-060221a1-030895C-ATI) BufferChm (Version: 130.0.331.000) CCleaner (Version: 3.15) Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000) Copy (Version: 130.0.366.000) Creative WebCam Control Creative WebCam Driver (1.02.08.0807) Destinations (Version: 130.0.0.0) DeviceDiscovery (Version: 130.0.372.000) DJ_AIO_06_F2400_SW_Min (Version: 130.0.373.000) F2400 (Version: 130.0.373.000) FinePixViewer Ver.3.2 (Version: 3.2) FUJIFILM USB Driver Google Earth (Version: 4.2.205.5730) Google Talk Plugin (Version: 5.1.2.17113) HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6 (Version: 13.0) HP Imaging Device Functions 13.0 (Version: 13.0) HP Smart Web Printing 4.5 (Version: 4.5) hpWLPGInstaller (Version: 130.0.303.000) Image Web Server 8.1 IE Plugin (3,4,0,242) (Version: 3.4.0.242) ImageMixer VCD for FinePix Intel® Extreme Graphics Driver Intel® PRO Network Connections Drivers K-Lite Codec Pack 2.76 Full (Version: 2.76) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 1.1 Security Update (KB2833941) Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729) Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Download Manager (Version: 1.2.1) Microsoft IntelliPoint 4.0 (Version: 4.00.0657) Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0) Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0) Microsoft Security Client (Version: 4.4.0304.0) Microsoft Security Essentials (Version: 4.4.304.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) MicroStaff WINASPI Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0) Mozilla Maintenance Service (Version: 26.0) MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0) MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Nero 7 Premium (Version: 7.00.0087) QuickTime (Version: 7.74.80.86) RealFlight Add-ons Volume 1 RealFlight G3 R/C Simulator Scan (Version: 13.0.0.0) SmartWebPrinting (Version: 130.0.373.000) SoundMAX Status (Version: 130.0.373.000) Toolbox (Version: 130.0.648.000) TrayApp (Version: 130.0.376.000) UltraISO Premium V8.51 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Windows Internet Explorer 8 (KB2598845) (Version: 1) Update for Windows XP (KB2345886) (Version: 1) Update for Windows XP (KB2467659) (Version: 1) Update for Windows XP (KB2661254-v2) (Version: 2) Update for Windows XP (KB2749655) (Version: 1) Update for Windows XP (KB2863058) (Version: 1) Update for Windows XP (KB2904266) (Version: 1) Update for Windows XP (KB951978) (Version: 1) Update for Windows XP (KB955759) (Version: 1) Update for Windows XP (KB955839) (Version: 1) Update for Windows XP (KB967715) (Version: 1) Update for Windows XP (KB968389) (Version: 1) Update for Windows XP (KB971029) (Version: 1) Update for Windows XP (KB971737) (Version: 1) Update for Windows XP (KB973687) (Version: 1) Update for Windows XP (KB973815) (Version: 1) VMware Tools (Version: 3.1.0000) WebCam Monitor WebFldrs XP (Version: 9.50.7523) WebReg (Version: 130.0.132.017) Windows Genuine Advantage Notifications (KB905474) (Version: 1.8.0031.9) Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.5.0530.0) Windows Internet Explorer 7 (Version: 20061107.210142) Windows Internet Explorer 8 (Version: 20090308.140743) Windows Media Connect Windows Media Format Runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 10 Windows PowerShell 1.0 (Version: 2) Windows XP Service Pack 3 (Version: 20080414.031525) WinRAR archiver Yahoo! Messenger ========================= Devices: ================================ ========================= Memory info: =================================== Percentage of memory in use: 40% Total physical RAM: 509.98 MB Available physical RAM: 304.86 MB Total Pagefile: 1979.56 MB Available Pagefile: 1824.69 MB Total Virtual: 2047.88 MB Available Virtual: 1970.94 MB ========================= Partitions: ===================================== 2 Drive c: () (Fixed) (Total:37.27 GB) (Free:23.72 GB) NTFS ========================= Users: ======================================== User accounts for \\PC1 Administrator ASPNET Guest HelpAssistant SUPPORT_388945a0 user ========================= Minidump Files ================================== No minidump file found **** End of log ****
  6. I installed all the updates. The new hardware found window is still opening.
  7. Yes, i downloaded 110 of them two days ago, and now that yellow shield is back wanting me to download 32 more. To answer post #83 there is no other yellow item in Device Manager beside the SAS one. Is that what is making the new hardware found window open?
  8. I do remember adding something. About three weeks ago I added a wireless router because my daughter got a tablet for Christmas. Would that be what it is looking for?
  9. I do remember.... about three weeks ago I added a wireless router because my daughter got a tablet for Christmas. Do you think this is related to the router?
  10. I do not have anything new hooked on the computer that I know of. Under details it has "Device Instance Id" ROOT\LEGACY_SASKUTIL\0000
  11. Everything is working better than ever. I do still have the new hardware window when I start the computer though. It says the new hardware is "unknown" . Also, will you advise me what downloaded tools, files, logs, and anything else I should keep from when we were removing the malware from the computer and how to remove what I do not need. Thanks
  12. I ran it and here it is. I am going to reboot now. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-01-2014 02 Ran by user at 2014-01-25 01:39:41 Run:3 Running from C:\Documents and Settings\user\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** start HKLM\...\Run: [VMware Tools] - C:\Program Files\VMware\VMware Tools\VMwareTray.exe [49152 2006-08-04] (VMware, Inc.) HKLM\...\Run: [VMware User Process] - C:\Program Files\VMware\VMware Tools\VMwareUser.exe [102400 2006-08-04] (VMware, Inc.) HKLM\...\Run: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [REGSHAVE] - C:\Program Files\REGSHAVE\REGSHAVE.EXE [53248 2002-02-04] (FUJI PHOTO FILM CO., LTD.) HKLM\...\Run: [POINTER] - point32.exe HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation) HKCU\...\Run: [cdloader] - C:\Documents and Settings\user\Application Data\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://download.eset...lineScanner.cab DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} http://download.micr...loadManager.cab Winlogon\Notify\avgrsstarter: C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation) S2 VMTools; C:\Program Files\VMware\VMware Tools\VMwareService.exe [135168 2006-08-04] (VMware, Inc.) S3 WMConnectCDS; C:\Program Files\Windows Media Connect 2\wmccds.exe [855552 2005-10-06] (Microsoft Corporation) S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security) S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security) R2 hgfs; C:\Windows\System32\DRIVERS\hgfs.sys [83831 2006-08-04] (VMware, Inc.) R0 vmscsi; C:\Windows\System32\DRIVERS\vmscsi.sys [10880 2006-08-04] (VMware, Inc.) S3 vmxnet; C:\Windows\System32\DRIVERS\vmxnet.sys [22528 2006-08-04] (VMware, Inc.) S3 vmx_svga; C:\Windows\System32\DRIVERS\vmx_svga.sys [15744 2006-08-04] (VMware, Inc.) S4 InCDFs; system32\drivers\InCDFs.sys [x] S1 InCDPass; system32\drivers\InCDPass.sys [x] S1 InCDRm; system32\drivers\InCDRm.sys [x] end ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\VMware Tools => Value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\VMware User Process => Value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck => Value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\REGSHAVE => Value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\POINTER => Value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => Value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSC => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\cdloader => Value deleted successfully. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => Key deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk => Moved successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk => Moved successfully. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} => Key deleted successfully. HKCR\CLSID\{4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{74FFE28D-2378-11D5-990C-006094235084} => Key deleted successfully. HKCR\CLSID\{74FFE28D-2378-11D5-990C-006094235084} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5} => Key deleted successfully. HKCR\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5} => Key not found. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8714912E-380D-11D5-B8AA-00D0B78F3D48} => Key deleted successfully. HKCR\CLSID\{8714912E-380D-11D5-B8AA-00D0B78F3D48} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} => Key deleted successfully. HKCR\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} => Key not found. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B479199A-1242-4E3C-AD81-7F0DF801B4AE} => Key deleted successfully. HKCR\CLSID\{B479199A-1242-4E3C-AD81-7F0DF801B4AE} => Key deleted successfully. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter => Key deleted successfully. MsMpSvc => Service deleted successfully. VMTools => Service deleted successfully. WMConnectCDS => Service deleted successfully. gfiark => Service deleted successfully. gfiutil => Service deleted successfully. hgfs => Service deleted successfully. vmscsi => Service deleted successfully. vmxnet => Service deleted successfully. vmx_svga => Service deleted successfully. InCDFs => Service deleted successfully. InCDPass => Service deleted successfully. InCDRm => Service deleted successfully. The system needs a manual reboot. ==== End of Fixlog ====
  13. 1. I do still have and use an HP Digital printer I do not use the ink monitoring feature. 2. NetZero and Toast.net are old dial up internet providers that I used to use. I do not need or use them anymore. 3. I do not use Google Earth, Google Talk Plugin, or MagicJack 4. I do use CCleaner but have not updated it. I was unsure if I should update it or not so I just did not. Should I have? Should I allow all those updates from microsoft to update when they send them to me? It seems like a lot of them and I am unsure if I should download them or not. What should I do when I receive those? Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 12:49:44 AM, on 1/25/2014 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) FIREFOX: 26.0 (en-US) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\user\My Documents\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN O4 - HKLM\..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe O4 - HKLM\..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\user\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMwareService.exe -- End of file - 5923 bytes
  14. Hi Ron, I am just checking in to see if you have had time to go over the programs or downloads or whatever that I should do to remove the junk from my computer to improve the way it runs. I know you are very busy and there is no big rush to do this. I was just thinking that with all the people that you help that I might have slipped through the cracks so to speak. Please take your time as I would like to do a thorough cleaning and I am sure it will consume a lot of time to decide what to keep and what not to. This computer is not used for any "special" purposes other than my daughter doing her online AP US History class and as of yesterday her AP Anatomy class. Basically all I do with the computer is look at ebay and craigslist. I thought that letting you know what the computer is used for might help you with deciding on what should or should not be removed. As I said before though, please take you time as there is no rush. The computer is already doing 1,000 times better than it was because of all you have done for me. Thank you
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.