Tech Problem Aggregator

i want to make sure i have no more spyware and that i dont have a virus. i downloaded a program from my nephew and it caused my puter to run up and down up to 100% cpu. when trying to fix this problem i downloaded some applications: hijack this, malwarbytes, and a couple other... i also want to make sure that i dont have too much spyware/antivirus software that will compete with each other. i am new to the internet and i ask in advance to please forgive me if i did not explain my prob correctly. i read all the facts and followed the instr. for this post. hope i did so correctly.Logfile of random's system information tool 1.04 (written by random/random)Run by Valentin Bernacho at 2008-12-15 04:39:43Microsoft Windows XP Home Edition Service Pack 3System drive C: has 32 GB (46%) free of 68 GBTotal RAM: 502 MB (19% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 04:39:48 a.m., on 15/12/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18241)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exeC:\Program Files\CONEXANT\SmartAudio\SmartAudio.exeC:\Program Files\Sakar\Mouse Driver\MouseDriver.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Hp\HP Software Update\HPWuSchd2.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Documents and Settings\Valentin Bernacho\Local Settings\Application Data\Google\Update\GoogleUpdate.exeC:\hardcopy\hardcopy.exeC:\Program Files\HP\Digital Imaging\bin\hpqimzone.exeC:\PROGRA~1\hpq\Shared\HPQTOA~1.EXEC:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Valentin Bernacho\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Valentin Bernacho\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Valentin Bernacho\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Valentin Bernacho\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Documents and Settings\Valentin Bernacho\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Valentin Bernacho\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Valentin Bernacho\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Valentin Bernacho\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Valentin Bernacho\Desktop\RSIT.exeC:\Program Files\Trend Micro\HijackThis\Valentin Bernacho.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLLO2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dllO2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLLO4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exeO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /StartO4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exeO4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exeO4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SmartAudio\SmartAudio.exe -cO4 - HKLM\..\Run: [DyanPointMouseDriverHelper] C:\Program Files\Sakar\Mouse Driver\MouseDriver.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentO4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-M4PKV.exe" /REGO4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscriptO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Valentin Bernacho\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')O4 - Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exeO4 - Global Startup: Hardcopy.LNK = C:\hardcopy\hardcopy.exeO4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptopO16" target="_blank" class="invilink">http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptopO16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.att.net/sdccommon/download/tgctlcm.cabO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u1...ows-i586-jc.cabO23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeO23 - Service: Vongo Service - Unknown owner - C:\Program Files\Vongo\VongoService.exe (file missing)O24 - Desktop Component 1: (no name) - http://www.att.net/--End of file - 11116 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\GoogleUpdateTaskUser.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29}]AT&&T Toolbar - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL [2008-05-15 1865544][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-07 320920][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-12-07 2403392][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-12-07 737776][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-07 34816][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-07 73728][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{0BF43445-2F28-4351-9252-17FE6E806AA0}{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-12-07 2403392]{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - AT&&T Toolbar - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL [2008-05-15 1865544][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-05-03 458752]"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-07 136600]"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-06-02 61952]"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-06-16 794713]"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2006-06-23 102400]""= []"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-06-02 135168]"Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2006-06-19 40960]"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]"SmartAudio"=C:\Program Files\CONEXANT\SmartAudio\SmartAudio.exe [2006-02-28 5705728]"DyanPointMouseDriverHelper"=C:\Program Files\Sakar\Mouse Driver\MouseDriver.exe [2006-02-10 53248]"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-14 98304]"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-12-03 399504]"InnoSetupRegFile.0000000001"=C:\WINDOWS\is-M4PKV.exe [2008-12-15 685056]"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-12-03 1265296][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-07 68856]"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2008-12-07 270128]"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]"Google Update"=C:\Documents and Settings\Valentin Bernacho\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-15 133104]C:\Documents and Settings\All Users\Start Menu\Programs\StartupHardcopy.LNK - C:\hardcopy\hardcopy.exeHP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exeC:\Documents and Settings\Valentin Bernacho\Start Menu\Programs\StartUpVongo Tray.lnk - C:\Program Files\Vongo\Tray.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveTypeAutoRun"=145[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger""C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:?Torrent"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"""="""C:\Program Files\Vongo\VongoService.exe"="C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{900d35cd-5727-11db-be21-806d6172696f}]shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480======List of files/folders created in the last 1 months======2008-12-15 04:39:43 ----D---- C:\rsit2008-12-15 04:08:48 ----D---- C:\MALWAREBYTES2008-12-15 04:07:33 ----D---- C:\HIJACKTHIS2008-12-15 03:59:23 ----D---- C:\Program Files\Trend Micro2008-12-15 03:58:48 ----A---- C:\WINDOWS\is-M4PKV.exe2008-12-15 03:44:37 ----D---- C:\Documents and Settings\Valentin Bernacho\Application Data\Malwarebytes2008-12-15 03:44:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware2008-12-15 03:44:31 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes2008-12-15 03:25:38 ----HDC---- C:\WINDOWS\ie82008-12-15 02:46:03 ----D---- C:\Program Files\Microsoft Silverlight2008-12-15 01:20:49 ----D---- C:\DOWNLOADS2008-12-15 00:57:21 ----D---- C:\Documents and Settings\All Users\Application Data\ATTToolbar2008-12-15 00:57:19 ----D---- C:\Program Files\ATTToolbar2008-12-15 00:57:19 ----D---- C:\Documents and Settings\Valentin Bernacho\Application Data\ATTToolbar2008-12-15 00:07:13 ----D---- C:\Documents and Settings\Valentin Bernacho\Application Data\Yahoo!2008-12-13 02:25:57 ----D---- C:\Program Files\ABC Amber LIT Converter2008-12-13 02:23:12 ----D---- C:\Program Files\Microsoft Reader2008-12-13 02:23:12 ----A---- C:\WINDOWS\DASShp.dll2008-12-11 03:02:10 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$2008-12-11 03:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$2008-12-11 03:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$2008-12-11 03:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$2008-12-09 04:43:43 ----D---- C:\Documents and Settings\Valentin Bernacho\Application Data\My Star World2008-12-09 04:43:24 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP2008-12-09 04:42:50 ----D---- C:\Program Files\My Star World2008-12-09 04:41:22 ----D---- C:\hardcopy2008-12-09 04:40:17 ----A---- C:\WINDOWS\SwSetupu.exe2008-12-08 20:39:51 ----D---- C:\WINDOWS\system32\Adobe2008-12-08 00:53:54 ----D---- C:\Documents and Settings\Valentin Bernacho\Application Data\vlc2008-12-07 22:32:36 ----D---- C:\Program Files\Realore2008-12-07 21:40:38 ----D---- C:\Program Files\VideoLAN2008-12-07 06:20:46 ----A---- C:\WINDOWS\system32\javaws.exe2008-12-07 06:20:46 ----A---- C:\WINDOWS\system32\javaw.exe2008-12-07 06:20:46 ----A---- C:\WINDOWS\system32\java.exe2008-12-07 06:20:46 ----A---- C:\WINDOWS\system32\deploytk.dll2008-12-07 06:16:05 ----D---- C:\Program Files\uTorrent2008-12-07 06:15:58 ----D---- C:\Documents and Settings\Valentin Bernacho\Application Data\uTorrent2008-12-07 05:41:31 ----D---- C:\Documents and Settings\Valentin Bernacho\Application Data\Google2008-12-07 05:41:14 ----D---- C:\Documents and Settings\All Users\Application Data\Google2008-12-07 05:28:18 ----D---- C:\My Games2008-12-07 05:28:01 ----D---- C:\users2008-12-07 05:26:55 ----D---- C:\Program Files\RealArcade2008-12-07 04:43:00 ----D---- C:\Documents and Settings\All Users\Application Data\Ulead Systems2008-12-07 03:02:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$2008-12-07 03:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$2008-12-07 03:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$2008-12-07 00:19:07 ----D---- C:\Documents and Settings\Valentin Bernacho\Application Data\Move Networks2008-12-06 23:21:32 ----D---- C:\Documents and Settings\Valentin Bernacho\Application Data\Zango2008-12-06 15:15:43 ----D---- C:\WINDOWS\Prefetch2008-12-06 04:18:43 ----D---- C:\Documents and Settings\Valentin Bernacho\Application Data\PlayFirst2008-12-06 04:16:10 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia2008-12-06 04:11:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$2008-12-06 04:11:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$2008-12-06 04:11:21 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$2008-12-06 04:11:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$2008-12-06 04:11:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$2008-12-06 04:11:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$2008-12-06 04:10:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$2008-12-06 04:10:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$2008-12-06 04:10:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$2008-12-06 04:10:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$2008-12-06 04:10:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$2008-12-06 04:10:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$2008-12-06 04:10:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$2008-12-06 04:10:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$2008-12-06 04:10:03 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$2008-12-06 04:09:55 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$2008-12-06 04:09:41 ----D---- C:\Program Files\Yahoo! Games2008-12-06 04:04:49 ----D---- C:\WINDOWS\system32\scripting2008-12-06 04:04:49 ----D---- C:\WINDOWS\l2schemas2008-12-06 04:04:48 ----D---- C:\WINDOWS\system32\en2008-12-06 04:04:48 ----D---- C:\WINDOWS\system32\bits2008-12-06 04:02:25 ----D---- C:\WINDOWS\ServicePackFiles2008-12-06 03:56:42 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$2008-12-06 03:56:38 ----D---- C:\WINDOWS\EHome2008-12-05 04:49:39 ----D---- C:\Program Files\Common Files\Adobe AIR2008-12-05 04:47:42 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe2008-12-05 04:47:20 ----D---- C:\Program Files\Common Files\Adobe2008-12-05 03:57:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$2008-12-05 03:57:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$2008-12-05 03:56:55 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$2008-12-05 03:56:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$2008-12-05 03:55:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$2008-12-05 03:54:49 ----N---- C:\WINDOWS\system32\wmphoto.dll2008-12-05 03:54:40 ----N---- C:\WINDOWS\system32\wlanapi.dll2008-12-05 03:54:38 ----N---- C:\WINDOWS\system32\windowscodecsext.dll2008-12-05 03:54:38 ----N---- C:\WINDOWS\system32\windowscodecs.dll2008-12-05 03:54:23 ----N---- C:\WINDOWS\system32\tspkg.dll2008-12-05 03:54:23 ----N---- C:\WINDOWS\system32\tsgqec.dll2008-12-05 03:54:17 ----N---- C:\WINDOWS\system32\spupdwxp.exe2008-12-05 03:54:17 ----A---- C:\WINDOWS\system32\spdwnwxp.exe2008-12-05 03:54:15 ----N---- C:\WINDOWS\system32\slserv.exe2008-12-05 03:54:15 ----N---- C:\WINDOWS\system32\slrundll.exe2008-12-05 03:54:15 ----N---- C:\WINDOWS\slrundll.exe2008-12-05 03:54:14 ----N---- C:\WINDOWS\system32\slgen.dll2008-12-05 03:54:14 ----N---- C:\WINDOWS\system32\slextspk.dll2008-12-05 03:54:14 ----N---- C:\WINDOWS\system32\slcoinst.dll2008-12-05 03:54:07 ----N---- C:\WINDOWS\system32\setupn.exe2008-12-05 03:53:52 ----N---- C:\WINDOWS\system32\s3gnb.dll2008-12-05 03:53:51 ----N---- C:\WINDOWS\system32\rhttpaa.dll2008-12-05 03:53:50 ----N---- C:\WINDOWS\system32\rasqec.dll2008-12-05 03:53:48 ----N---- C:\WINDOWS\system32\qutil.dll2008-12-05 03:53:47 ----N---- C:\WINDOWS\system32\qcliprov.dll2008-12-05 03:53:46 ----N---- C:\WINDOWS\system32\qagentrt.dll2008-12-05 03:53:46 ----N---- C:\WINDOWS\system32\qagent.dll2008-12-05 03:53:43 ----N---- C:\WINDOWS\system32\photometadatahandler.dll2008-12-05 03:53:40 ----N---- C:\WINDOWS\system32\onex.dll2008-12-05 03:53:36 ----N---- C:\WINDOWS\system32\nv4_disp.dll2008-12-05 03:53:26 ----N---- C:\WINDOWS\system32\napstat.exe2008-12-05 03:53:25 ----N---- C:\WINDOWS\system32\napmontr.dll2008-12-05 03:53:25 ----N---- C:\WINDOWS\system32\napipsec.dll2008-12-05 03:53:24 ----N---- C:\WINDOWS\system32\mtxparhd.dll2008-12-05 03:53:23 ----N---- C:\WINDOWS\system32\msxml6r.dll2008-12-05 03:53:23 ----N---- C:\WINDOWS\system32\msxml6.dll2008-12-05 03:53:21 ----N---- C:\WINDOWS\system32\msshavmsg.dll2008-12-05 03:53:21 ----N---- C:\WINDOWS\system32\mssha.dll2008-12-05 03:53:06 ----N---- C:\WINDOWS\system32\mmcperf.exe2008-12-05 03:53:06 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll2008-12-05 03:53:06 ----N---- C:\WINDOWS\system32\mmcex.dll2008-12-05 03:53:05 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll2008-12-05 03:52:41 ----N---- C:\WINDOWS\system32\l2gpstore.dll2008-12-05 03:52:41 ----N---- C:\WINDOWS\system32\kmsvc.dll2008-12-05 03:52:40 ----N---- C:\WINDOWS\system32\kbdpash.dll2008-12-05 03:52:40 ----N---- C:\WINDOWS\system32\kbdnepr.dll2008-12-05 03:52:40 ----N---- C:\WINDOWS\system32\kbdiultn.dll2008-12-05 03:52:39 ----N---- C:\WINDOWS\system32\kbdbhc.dll2008-12-05 03:52:28 ----N---- C:\WINDOWS\system32\hsfcisp2.dll2008-12-05 03:52:22 ----A---- C:\WINDOWS\002674_.tmp2008-12-05 03:52:21 ----N---- C:\WINDOWS\system32\faxpatch.exe2008-12-05 03:52:20 ----N---- C:\WINDOWS\system32\eapsvc.dll2008-12-05 03:52:20 ----N---- C:\WINDOWS\system32\eapqec.dll2008-12-05 03:52:20 ----N---- C:\WINDOWS\system32\eappprxy.dll2008-12-05 03:52:20 ----N---- C:\WINDOWS\system32\eapphost.dll2008-12-05 03:52:20 ----N---- C:\WINDOWS\system32\eappgnui.dll2008-12-05 03:52:20 ----N---- C:\WINDOWS\system32\eappcfg.dll2008-12-05 03:52:19 ----N---- C:\WINDOWS\system32\eapp3hst.dll2008-12-05 03:52:19 ----N---- C:\WINDOWS\system32\eapolqec.dll2008-12-05 03:52:14 ----N---- C:\WINDOWS\system32\dot3ui.dll2008-12-05 03:52:14 ----N---- C:\WINDOWS\system32\dot3svc.dll2008-12-05 03:52:14 ----N---- C:\WINDOWS\system32\dot3msm.dll2008-12-05 03:52:14 ----N---- C:\WINDOWS\system32\dot3dlg.dll2008-12-05 03:52:13 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll2008-12-05 03:52:13 ----N---- C:\WINDOWS\system32\dot3cfg.dll2008-12-05 03:52:13 ----N---- C:\WINDOWS\system32\dot3api.dll2008-12-05 03:52:11 ----N---- C:\WINDOWS\system32\dimsroam.dll2008-12-05 03:52:11 ----N---- C:\WINDOWS\system32\dimsntfy.dll2008-12-05 03:52:10 ----N---- C:\WINDOWS\system32\dhcpqec.dll2008-12-05 03:52:07 ----N---- C:\WINDOWS\system32\credssp.dll2008-12-05 03:51:59 ----N---- C:\WINDOWS\system32\bitsprx4.dll2008-12-05 03:51:58 ----N---- C:\WINDOWS\system32\azroles.dll2008-12-05 03:51:57 ----N---- C:\WINDOWS\system32\ativvaxx.dll2008-12-05 03:51:57 ----N---- C:\WINDOWS\system32\ativtmxx.dll2008-12-05 03:51:56 ----N---- C:\WINDOWS\system32\ati3duag.dll2008-12-05 03:51:56 ----N---- C:\WINDOWS\system32\ati3d1ag.dll2008-12-05 03:51:55 ----N---- C:\WINDOWS\system32\ati2dvag.dll2008-12-05 03:51:55 ----N---- C:\WINDOWS\system32\ati2dvaa.dll2008-12-05 03:51:55 ----N---- C:\WINDOWS\system32\ati2cqag.dll2008-12-05 03:51:46 ----N---- C:\WINDOWS\system32\aaclient.dll2008-12-05 03:51:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$2008-12-05 03:46:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$2008-12-05 03:45:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$2008-12-05 03:43:45 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$2008-12-05 03:29:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$2008-12-05 03:28:17 ----D---- C:\Documents and Settings\Valentin Bernacho\Application Data\AdobeUM2008-12-05 03:23:11 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$2008-12-05 03:20:11 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$2008-12-05 03:18:20 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$2008-12-05 03:15:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$2008-12-05 03:13:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$2008-12-05 03:12:21 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$2008-12-05 03:10:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$2008-12-05 03:08:28 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$2008-12-05 03:07:40 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$2008-12-05 03:06:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$2008-12-05 03:05:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$2008-12-05 03:03:58 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$2008-12-05 02:40:15 ----A---- C:\WINDOWS\system32\wucltui.dll.mui2008-12-05 02:40:15 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui2008-12-05 02:40:15 ----A---- C:\WINDOWS\system32\wuapi.dll.mui2008-12-05 00:22:10 ----D---- C:\2Wire_DSL_Setup_Tool2008-12-04 14:00:20 ----D---- C:\Documents and Settings\Valentin Bernacho\Application Data\Help2008-12-02 14:33:12 ----D---- C:\Documents and Settings\Valentin Bernacho\Application Data\Adobe2008-11-24 20:59:59 ----D---- C:\help2008-11-24 20:59:38 ----D---- C:\Program Files\Activision======List of files/folders modified in the last 1 months======2008-12-15 03:59:23 ----D---- C:\Program Files2008-12-15 03:58:48 ----D---- C:\WINDOWS\system32\drivers2008-12-15 03:58:48 ----D---- C:\WINDOWS2008-12-15 03:31:31 ----D---- C:\WINDOWS\system32\CatRoot22008-12-15 03:31:03 ----SHD---- C:\WINDOWS\Installer2008-12-15 03:29:42 ----D---- C:\WINDOWS\temp2008-12-15 03:29:40 ----A---- C:\hpqp.ini2008-12-15 03:29:36 ----A---- C:\XP_TV.ini2008-12-15 03:29:02 ----D---- C:\WINDOWS\system322008-12-15 03:28:47 ----RSHD---- C:\WINDOWS\system32\dllcache2008-12-15 03:28:47 ----HD---- C:\WINDOWS\inf2008-12-15 03:28:47 ----D---- C:\WINDOWS\system32\en-US2008-12-15 03:28:47 ----D---- C:\WINDOWS\Media2008-12-15 03:28:47 ----D---- C:\WINDOWS\Help2008-12-15 03:28:47 ----D---- C:\Program Files\Internet Explorer2008-12-15 03:28:04 ----A---- C:\WINDOWS\SchedLgU.Txt2008-12-15 02:59:17 ----D---- C:\WINDOWS\system32\wbem2008-12-15 02:59:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI2008-12-15 02:59:11 ----SD---- C:\Documents and Settings\Valentin Bernacho\Application Data\Microsoft2008-12-15 02:35:34 ----D---- C:\WINDOWS\SoftwareDistribution2008-12-15 02:29:40 ----RSD---- C:\WINDOWS\assembly2008-12-15 02:27:20 ----D---- C:\WINDOWS\WinSxS2008-12-15 02:16:53 ----D---- C:\Program Files\Yahoo!2008-12-15 00:55:49 ----SD---- C:\WINDOWS\Tasks2008-12-15 00:30:57 ----SD---- C:\WINDOWS\Downloaded Program Files2008-12-13 02:23:12 ----HD---- C:\Program Files\InstallShield Installation Information2008-12-13 02:23:12 ----D---- C:\Program Files\Common Files\Microsoft Shared2008-12-13 02:21:48 ----RSD---- C:\WINDOWS\Fonts2008-12-11 03:02:14 ----A---- C:\WINDOWS\imsins.BAK2008-12-11 03:01:36 ----D---- C:\WINDOWS\ie7updates2008-12-11 03:01:30 ----HD---- C:\WINDOWS\$hf_mig$2008-12-09 19:32:14 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!2008-12-09 17:24:37 ----A---- C:\WINDOWS\system32\MRT.exe2008-12-09 15:34:59 ----D---- C:\Program Files\Hewlett-Packard2008-12-07 12:09:50 ----D---- C:\Program Files\Selectsoft2008-12-07 06:20:03 ----D---- C:\Program Files\Java2008-12-07 05:41:13 ----D---- C:\Program Files\Google2008-12-06 19:52:21 ----A---- C:\WINDOWS\OEWABLog.txt2008-12-06 15:16:31 ----A---- C:\WINDOWS\win.ini2008-12-06 15:16:05 ----A---- C:\WINDOWS\setuplog.txt2008-12-06 15:15:05 ----D---- C:\WINDOWS\system32\Setup2008-12-06 15:15:05 ----D---- C:\WINDOWS\AppPatch2008-12-06 15:15:05 ----D---- C:\Program Files\Windows Media Player2008-12-06 15:15:05 ----D---- C:\Program Files\Messenger2008-12-06 14:31:30 ----D---- C:\WINDOWS\security2008-12-06 04:39:19 ----D---- C:\Program Files\Windows Media Connect 22008-12-06 04:12:24 ----D---- C:\WINDOWS\system32\CatRoot2008-12-06 04:05:04 ----D---- C:\WINDOWS\network diagnostic2008-12-06 04:05:03 ----D---- C:\WINDOWS\ime2008-12-06 04:04:50 ----D---- C:\WINDOWS\system32\usmt2008-12-06 04:04:48 ----D---- C:\WINDOWS\PeerNet2008-12-06 04:04:47 ----D---- C:\Program Files\Movie Maker2008-12-06 04:02:21 ----D---- C:\WINDOWS\system32\Restore2008-12-06 04:02:21 ----D---- C:\WINDOWS\system32\npp2008-12-06 04:02:20 ----D---- C:\WINDOWS\msagent2008-12-06 04:02:19 ----D---- C:\WINDOWS\srchasst2008-12-06 04:02:18 ----D---- C:\WINDOWS\system32\Com2008-12-06 04:02:18 ----D---- C:\Program Files\NetMeeting2008-12-06 04:02:15 ----D---- C:\Program Files\Windows NT2008-12-06 04:02:14 ----D---- C:\Program Files\Outlook Express2008-12-06 04:02:13 ----D---- C:\Program Files\Common Files\System2008-12-06 04:02:06 ----D---- C:\WINDOWS\system32\oobe2008-12-06 04:02:05 ----D---- C:\WINDOWS\system2008-12-06 01:09:41 ----D---- C:\WINDOWS\Debug2008-12-06 00:59:52 ----A---- C:\WINDOWS\SYSTEM.INI2008-12-06 00:59:01 ----D---- C:\Program Files\Common Files\Scanner2008-12-05 12:59:07 ----D---- C:\WINDOWS\CAVTemp2008-12-05 04:49:54 ----D---- C:\Program Files\Adobe2008-12-05 04:49:39 ----D---- C:\Program Files\Common Files======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-14 12672]R3 BCM43XX;Controlador del adaptador de red Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-01-19 424320]R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-06-02 572928]R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-08-21 1035008]R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-08-21 201600]R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2006-11-22 16024]R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-26 81408]R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-16 193120]R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-21 718464]S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-07 152984]R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]S2 Vongo Service;Vongo Service; C:\Program Files\Vongo\VongoService.exe []S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-05-08 98304]S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-07 138168]S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]-----------------EOF-----------------Logfile of random's system information tool 1.04 (written by random/random)Run by Valentin Bernacho at 2008-12-15 04:39:43Microsoft Windows XP Home Edition Service Pack 3System drive C: has 32 GB (46%) free of 68 GBTotal RAM: 502 MB (19% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 04:39:48 a.m., on 15/12/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18241)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exeC:\Program Files\CONEXANT\SmartAudio\SmartAudio.exeC:\Program Files\Sakar\Mouse Driver\MouseDriver.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Hp\HP Software Update\HPWuSchd2.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Documents and Settings\Valentin Bernacho\Local Settings\Application Data\Google\Update\GoogleUpdate.exeC:\hardcopy\hardcopy.exeC:\Program Files\HP\Digital Imaging\bin\hpqimzone.exeC:\PROGRA~1\hpq\Shared\HPQTOA~1.EXEC:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Valentin Bernacho\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Valentin Bernacho\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Valentin Bernacho\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Valentin Bernacho\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Documents and Settings\Valentin Bernacho\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Valentin Bernacho\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Valentin Bernacho\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Valentin Bernacho\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Valentin Bernacho\Desktop\RSIT.exeC:\Program Files\Trend Micro\HijackThis\Valentin Bernacho.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLLO2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dllO2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLLO4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exeO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /StartO4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exeO4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exeO4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SmartAudio\SmartAudio.exe -cO4 - HKLM\..\Run: [DyanPointMouseDriverHelper] C:\Program Files\Sakar\Mouse Driver\MouseDriver.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentO4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-M4PKV.exe" /REGO4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscriptO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Valentin Bernacho\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')O4 - Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exeO4 - Global Startup: Hardcopy.LNK = C:\hardcopy\hardcopy.exeO4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptopO16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.att.net/sdccommon/download/tgctlcm.cabO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u1...ows-i586-jc.cabO23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeO23 - Service: Vongo Service - Unknown owner - C:\Program Files\Vongo\VongoService.exe (file missing)O24 - Desktop Component 1: (no name) - http://www.att.net/--End of file - 11116 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\GoogleUpdateTaskUser.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29}]AT&&T Toolbar - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL [2008-05-15 1865544][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-07 320920][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-12-07 2403392][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-12-07 737776][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-07 34816][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin

2 more replies

I downloaded a wolf3d from utorrent it is resident on my desk top and when I click on it a command box apears and at the top it says C:\docume~1\minemi~1\desktop\wolf3d.exe. I try to delete it ands it says cannot delete wolf3d:it is being used by another person or program. Close any programsthat might be using the file and try again. here is the log from dss Deckard's System Scanner v20071014.68
Run by Mine Mine on 2008-06-13 08:00:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Mine Mine.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:17 AM, on 6/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Godlike Developers\RAM Saver Pro\ramsaverpro.exe
C:\Program Files\Spybot - Search & D... Read more

Thanks but i figured it out myself. Just took me a while to figure it out after being up for almost 48 hours. Brain wasn't functioning. But I got it.

1 more replies

Hi!

Ive downloaded and registered program but cant find it anywhere on computer
need help

What's the program?

1 more replies

I bought Easy Hi Qrecorder program a few years ago. It worked fine. I had to re-download to a new computer as the other had crashed.

I use XP home edition.The Easy Hi Q recorder is reputable, from Roemer Software. I redownloaded it to the next computer which had been recently cleaned out of my son's user account and all his programs and files.

The Easy Hi Q downloads fine and installs. But when I click on the execute file to start it, I get "DWGTrueView 2010 wanting to install instead, which was part of an Autocad program my son had, for mapping. I can't seem to get rid of this mix up. Then of course it can't find the "source" file from that autocad program since it has been deleted for months. I also tried a clean disk and defragmented after deleting all my sons files.
I just want my Easy Hi Q recorder to work properly and open up.

I just tried an XP repair using the XP disk. Still no change. And it took all afternoon to do this.

Hiya and welcome to Tech Support Guy

Sorry for the lateness in a reply, but these forums are very busy

Are you still having this problem? If so, it may not be virus related, but we can have a look just in case:

can you do the following:

Regards

eddie

1 more replies

i have tried to download some anti virus software from CNET and half way through a window pops up asking me which program i want to use to run the software - i have no idea - help

apologies - more specifically - i am trying to run a piece of software downloaded from microsoft called microsoft security essential - a window pops up asking me to "choose which program you want to use to open this file" - help !

2 more replies

Hi guys, I downloaded a torrent program and it had imbeded spyware. I uninstalled it again but i'm not sure that I got rid of the extra spyware.
I am running vista

Here's my log :
Logfile of HijackThis v1.99.1
Scan saved at 1:14:19 PM, on 2/02/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toddler Keys\Toddler Keys.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Lindsay\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = htt... Read more

I dont see any signs of malware in the log.Its fine.

1 more replies

I tried to install the free version of Spamfighter, but when it came to activation I got a message saying it was impossible to connect to the server and to check my connections which are good. I tried another similar type program called Bullguard and got the same result. I ran anti virus programs and tried again without success. I then tried a cd burner program, and had no problem installing and running the app. I am running xp pro sp3. Any ideas?

Why...did you decide to try to install malware-defense programs...at this time?

What other such programs (e.g., firewall, AV, etc.) are currently installed on your system?

Can you go to Windows Update and successfully check for critical updates?

Louis

1 more replies

I need help with trying to load a google earth and Itunes on to my computer.When I download the programs on to my laptop then double click on the icons to download the program it start up going through its normal process but then the process stops and a message comes up which says:

THIS INSTALLATION PACKAGE COULD NOT BE OPENED-VERIFY THAT THE PACKAGE EXISTS AND THAT YOU CAN ACCESS IT, OR CONTACT THE APPLICATION VENDOR TO VERIFY THAT THIS IS A VALID WINDOWS INSTALLER PACKAGE

I have downloaded both program on a different computer then saved it to cd but even this did not work it came up with the same message

With Vista it's a good idea to right click on the installer and select "Run as administrator".

I've installed the latest version of iTunes on several computers without any problems.
Google Earth, OTOH, fought me tooth and nail before I got it installed - not a real pleasant experience. It took a lot of googling to get it to work correctly!

5 more replies

I have a Downloaded Program File entry, that has "unknown status", no creation date, and it says "none" under Last Accessed.

It does claim to be 4kb's in size.

This program file has no name, but instead, is a grouping of numbers and letters, all enclosed in parenthese..{}.

Highlighting it, and right clicking it only brings up the properties of the entry.

It cannot be deleted either from the keyboard, or from the menu...File>delete..Edit>cut.

The properties of this entry show it to be an Active X control, (with no creation date, no access date and no status. It does not appear to be damaged...it does not say that there are any damaged files associated with it).

I dont feel comfortable giving you the codebase http address, because Im not sure if it turns into a link that anyone can access. But I will tell you that it includes the words; fpdownload, macromedia, polarbear, ultrashim.cab

Using my search bar to go to that location brings me to a folder, with an apparent program that has yet to be installed.

There are 3 icons in this cab folder...a .dll icon, a configuration/notepad icon with the name "erma", and the remaining icon is an INSTALL icon.

Clicking on any of these icons brings up a command to "extract", or copy.

I do vaguely remember going to macromedia.com, (adobe.com) a couple of weeks ago, and downloading and installing the adobe flash player and the shockwave player. I seem to remember that when I first began us... Read more

http://www.sophos.com/security/blog/2008/02/1075.htmlQUOTE SOPHOS:"Ultrashim.cab is normally a valid Macromedia Flash filename, and is a very good example of why you can?t trust files based on name alone. It?s pointed to in a similar way to last time so that it appears that Flash is asking you to download an update. But don?t be fooled, you definitely don?t want this ?update?."Submit it to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis. Post back with the results.http://virusscan.jotti.org/http://www.virustotal.com/metodos.html

3 more replies

Hi,

In Internet Explorer, when I look at:
Tools->Internet Options->General Tab, Browsing History, Settings->View Objects
a window pops up titled C:\WINDOWS\Downloaded Program Files. I came across this while trying to resolve another problem....which will be in another post and has nothing to do with this post.

The status of one of the files is "Damaged" and I have no idea if it should be deleted and reinstalled or deleted and not reinstalled, or just left alone. It also states the install date was on 4/29/05 (which would be before I purchased this HP Pavilion laptop--I purchased it after September 2005). The last access date for the program states today, 12/7/07.
Here is the program file description:
{49232000-16E4-426C-A231-62846947304B}
Under Properties is the following info:
ActiveX Control
80KB
Status: Damaged

Would this damaged program be affecting the performance of my laptop? Since it's been installed since I've owned it, I wouldn't know if the performance is slower than it should be or not, or why the laptop is accessing a damaged file (and what happens when it does access this damaged file???)

Any info would be greatly appreciated....

9 more replies

I downloaded Norton Internet Security from the Net. Tried to install it but ran into a problem so I want to do an XP Home System Restore to a date earlier than the download. Doing so will lose all the recent downloaded Internet files so I need to find the NIS download file and burn it to CD before doing the restore. The desktop icon properties show the path but Windows Explorer only shows four temporary Internet folders, I think it creates new ones for each session, and I cannot find earlier ones. I've tried "show hidden files" but without success and have run a search in Explorer as well.

Where the download is saved depends on your browser settings and whether you selected a folder at the time.
If you can remember the name of the downloaded file (or part of it) you can do a search for that file. If you cannot remember go back to the download site and follow the links to download and at some stage the filename will be visible.

4 more replies

i recently downloaded a program which i now want to remove. it gave me an uninstall option which when clicked brings up a blank window and nothing happens. when i try to uninstall through the control panel the same blank window appears.

Any suggestions?

10 more replies

called mgi video wave, it was a trial demo. Well now the trial is up, I rarely used it, I'm a newbie so can someone tell me how I get rid of the program and all its files? Since it was a trial demo if I decide to try it again at a later date, can I download the free trial again? Thanks for any suggestions....Cindoo
Hope I put this post in the right place.

7 more replies

I have two programs in this folder , one of which is my antivirus(norton) and the other is Download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab. I ran an hijack this log about a week ago and it did not show up on the log. Ikeep a log to compare readings, this scan it showed up on the hjt log. Are these programs already installed and can be deleted from the folder?

The Norton one will be your update ActiveX,
The Flash is macromedia ActiveX control.

Both can be deleted,

However when you next update Norton it will be reinstalled, and by deleting the shockwave control will mean you will not be able to view some websites properly

Both are legitimate controls and can be safely left on your system

1 more replies

Hi. I have downloaded a legal program but don't understand how to install it. The instructions said to extract the rar file which I've done but no joy. The instructions seem to assume some knowledge! I have the following files: an nfo file, 21 files named *.r00, *.r01 etc, an sfv file and a rar file which I have extracted...there are now a bin file and a cue file in an extracted files folder. What on earth do I do next? Please can someone help me with step by step instructions for a complete dummy !! Thanks.

Hello Rubi. I am a little confused with what kind of file you want help with so I am providing the instructions regarding the *.bin and *.cue files.

How Do I Use or Open Bin, Cue, or ISO Files?

If you are looking for instructions on extracting the *.rar and *.r01 files, then please go here.

Hope that helps.

-- Goku

3 more replies

The weather channel desktop 6 when attempting to remove in 'add or remove programs' I get the following message: wise uninstall
Could not open INSTALL.LOG file.
Another issue with:
Play 7 Wonders 2 in 'add or remove programs' the following popup appears - Fatal Error! Missing required resource!
Reinstallation is not going anywhere with these two programs
Unsure where these programs came from, if they are safe downloads or what kind of junk they carry with them, but I am not having much luck in removing them.
Laptop specs as follows:
Dell Latitude D630 X-86 based PC running windows xp pro service pack 3 build 2600
Anyone know how I can get past this problem?
Charlie

7 more replies

Hi

may i ask you why my legit windows 8.1 pro 64bit full updated doesn't warn me anymore when i run a program downloaded form the net ?

for example if i download a program like process hacker under w7 i have a window like this
under w8.1 i haven't it
and i have never changed any settings

thanks

Windows 8 uses the SmartScreen filter to perform an application reputation check, and it now does system wide (not just when downloading programs with Internet Explorer like it did before).

In Windows 8, SmartScreen will only notify you when you run an application that has not yet established a reputation and therefore is a higher risk:

The user experience for applications with an established reputation is simple and clean: you just click and run, removing the prompt you would have seen in Windows 7.

Source: Scroll down to "Microsoft SmartScreen for Internet Explorer and now for Windows too":
Protecting you from malware - Building Windows 8 - Site Home - MSDN Blogs

8 more replies

I downloaded a program from what appeared to be a trusted site, but it seems to have infected my computer. It keeps redirecting me when I'm on in chrome and it shuts it down sometimes. Any help would be appreciated. Thank you.

23 more replies

Hi I have just started using windows 10 on a new PC. I have tried to download an anti virus program. It downloads and installs (well it appears to) but the program is not there when finished. Not in the programs lists or on 'remove programs' either. I cant find any way of searching the PC like I did in XP or Vista 'search for all files and folders'. Is this option still there hidden away to make things more difficult? I am at the end of my tether with this. Any help would be appreciated thanks.

Also check as Windows Defender might already be activated and windows firewall may be blocking it

0 more replies

I use a program (downloaded from the internet) which has become a problem.
It has been OK, but when I updated it to the newer version, it made my startup and shutdown, real slow.
I have uninstalled the program and wiped all traces of it.
My PC then ran as fast as new.
Am I allowed, in this Forum, to say the name of the program?

I'd say so? Would help us to identify any common problems with said program. Maybe when you installed the new version, it added itself to the programs that start on boot. Could be something there.

9 more replies

hello team i notice i have some damaged downloaded program files. Please see attachment. Is there anything i can delete there, and what can i do to fix the damaged ones? Im always trying to clean up unneccessary files, and programs etc. I dont know much but remember the list there was smaller. I do have 2 screenshots from the past if needed but this list got big quick, and seems to have lotsa damaged files?

You will need to be more specific as to what program this is in reference to .
Also if you could supply the other screen shots that would be of help also.

cheers

11 more replies

My computers are both running Win 7 64-bit. I am thoroughly confused when it comes to placing programs that I download into their proper folders: That is, program files (x86) vs program files. I have read stuff on this, but still confused. for the most part, even when a dl'd program suggests being installed into PF, I, for whatever reason, place it into PF (x86). Although I have read that placing the program into the wrong folder may cause the program not to work properly, so far I have not had this problem...nor any other problems that I am aware of. Could someone please set me straight on this issue?

I let the installer put it where it is supposed to.

If I trust the software I trust they know best where it should be installed/placed.

4 more replies

More replies

My wife has her separate user account in Windows 10 and I have mine. She needed to download Jobulator for her work. It asked for my password since I am listed as administrator. While she was signed on her account via Windows 10, she downloaded Jobulator. Now, when I sign on to my account I see her program listed and sitting on my screen. It stays on top of other windows and in reality I don't need or require the program. If I delete if from my main Windows screen will it delete it from her use? Thanks for the help.

More replies

Hi,
I'm following the directions for removing the locked computer ransomware which says I need to download the appropriate version of Hitmanpro for the machine it will be used to repair.  I'm downloading it onto my good 64 bit machine so I can get it onto a USB drive as indicated.  Unfortunately, when I download the 32 bit version and try to run it so I can do that, I get an error message that the program has detected my machine is 64 bit, and I must go back to their website and download the "correct" 64 bit version.  Is there any way around this?

A:Hitmanpro won't let me use 32 bit program downloaded to 64 bit machine

You went here
copy that to the USB
Now insert that into the 32 machine and run it.

1 more replies

Hi..I'm looking for some advice here..I cannot remove a program that was downloaded from bearshare. I've tried restarting in safe mode, going into deleting the program, but it keeps asking me to insert the disk I originally downloaded from--and I don't have it.

2 more replies

I only do what the voices in my head tell me to do...Click to expand...

All of the Downloaded Program Files on my WinXP were listed as "damaged". So... I went off road and just simply deleted the file...the Downloaded Programs File, not each seperate file, as I had some type of error when I tried to do so, I believe something about the file was being used somewhere else, to close everything and try again, but would not delete no matter what I closed down.

Now, go figure, there is no longer a Downloaded Program File on the system.

My question is...does this return when there are new files that are downloaded for use? Or???? This is sounding more and more like an X-Files case...should have not cancelled the show!

Thanx for your time and help!! Hopefully I will get it some day!!

More replies

I have a Downloaded Program File entry, that has "unknown status", no creation date, and it says "none" under Last Accessed.
It does claim to be 4kb's in size.

This program file has no name, but instead, is a grouping of numbers and letters, all enclosed in parenthese..{}.

Highlighting it, and right clicking it only brings up the properties of the entry.

It cannot be deleted either from the keyboard, or from the menu...File>delete..Edit>cut.

The properties of this entry show it to be an Active X control, (with no creation date, no access date and no status. It does not appear to be damaged...it does not say that there are any damaged files associated with it).
The "codebase" has an entry that I cannot put in here because it give access to my computer, and this program, (I think.)
Using my search bar to go to that location brings me to a folder, with an apparent program that has yet to be installed.

There are 3 icons in this cab folder...a .dll icon, a configuration/notepad icon with the name "erma", and the remaining icon is an INSTALL icon.
Clicking on any of these icons brings up a command to "extract", or copy.

I do vaguely remember going to macromedia.com, (adobe.com) a couple of weeks ago, and downloading and installing the adobe flash player and the shockwave player. I seem to remember that when I first began using my new computer with the vista OS, that these needed to be updated or installed to run so... Read more

More replies

Good evening everyone---

First, I will state that I'm using WinXP Home and IE6...

I was wondering if anyone could please tell me how to get the files within the C:\Windows\Downloaded Program Files folder to appear? It used to display all the active x controls and plugins that I had downloaded, but now it shows zero items? However when I right click on the folder and choose properties it says it contains 6 files. They also do not appear under add/remove programs in control panel.

I would like to get these files to appear, so that I can right click on them and choose the remove option.

If it isn't possible to get these items to appear, is there some command I can execute in order to remove/unregister these active x controls/plugins?

8 more replies

Hi All,

Win7Pro.

NetLimiter - The Ultimate Bandwidth Shaper

I've never tried it, just saw it on lifehacker and noticed it does provide info for individual applications.

2 more replies

first of all if i am in the wrong section , my apoligies.if you could tell me the correct section, i will delete and repost. Also i have a post already on games not working,if the two are linked, i will also remove this post.

My question is do i need to delete and replace the damaged programsand how.

Or can i just delete them.

my problem is as follows,

creative software autoupdate: damaged
creative software autoupdate support package: damaged
get_atlom class: damaged
MUWebcontrol class: installed
NVIDIA smart scan: damaged
System requirments lab class: damaged
Trend Micro activex scan agent 6.6:installed
Windows live safety center base module: damaged
WUWEB control class: installed

Hello and welcome to TSF

This looks like failed ActiveX downlaods too me

Open up Internet Explore, click Tools, Internet Options, click on the tab Security and underneath 'Security Level for this Zone' put it on Medium.
Then click on the tab Privacy and under 'settings' put it on Medium. Click Apply then Ok.

1 more replies

Hello,
While searching for programs/files to remove that I no longer use I opened my downloaded Programs file and found "Adult Links". (Yes my husband visits those sites) Anyhow, when I try to remove it, a box comes up with the following: "These program files are currently being used by one or more programs. Please close some programs and try again. You may have to restart Windows" I closed all programs except "Explorer and systray" and restarted, but it just won't go away. I've been trying for a couple of weeks now. Also if someone knows how to remove it, could there possibly be a way to block it from coming back?

I'd really appreciate any and all suggestions.
Thank you
Yvonne

Post the scan log from HijackThis
Unzip somewhere to keep and run hijackthis.exe - press Scan - the Scan button changes to a Save Log button
Save, and then copy and paste the entire log here.
Dont' choose to fix anything yet - most entries will be harmless

1 more replies

Running down a dream....Click to expand...

I have "Damaged" downloaded program files, all of them at this status. What the heck could cause this? And what are these files in the first place? I have copied them prior to this damaged thing, on floppy disks. Do not know what the heck to do with the copies, but have them.
1-What are these "downloaded program files" and what do they mean to me, my system?
2-What could have caused them all to show as "damaged" in the status of each file? How do I figure out what caused this so it does not repeat itself? (had only 1 prob that day, with install of Microsoft updates?). Really think I should find out if I did something naughty that system did not approve of, so I can apologize to it and fix it up so it is happy with me again.
3-How do I use the copies of these files, if I need to, and do the "out with the old, in with the new" dance...how do I install the new files back into the system and get the damaged ones out?
Thanx for you help, again...have a great day!!

These can include perfectly legitimate applications, like Macromedia Flash player, Quicktime player, the Google toolbar installer, and the like, but also spyware.

The best way to view them is as follows:

Go to Internet Options > Temp Internet Files > Settings > Show Objects.

If any of them are damaged, right click them, and choose Remove from the context menu.

You'll just be prompted to download them again whenever Windows or an application needs them.

Cheers,

1 more replies

Hi
I have a desk top PC with Windows XP SP3 and use IE 8. When I clicked on Tools> Internet Options.>General Tab>Browsing History>Settings and then View Objects I found there were 17 entries with one dating back to 2005. Some entries are associated with programs that have long since been removed. Of the 17 files listed 10 were shown as "Installed" in the Status column while 6 were shown as"Damaged" and 1 as "Unknown".
Some of the "Damaged " files have either "none" in terms of size or "none" shown as a creation date.
Can anyone tell me whether or not it is safe to delete these entries?
Thank you.
NONIC

Hi -Have you attempted to go - Start > Programs > Accessories > System Tools > Disk Cleanup ?? Wait while it loads (can take a few minutes)Tick the boxes in there and click OK > OK - This removes many older built up files Now run Defrag (also in the same area System Tools) and see if many are removed -

11 more replies

Hi.
I have an HP Pavilion running Vista home premium.

When I am cleaning my computer out at the end of the day, I open up internet options and "veiw objects", which brings up my DOWNLOADED PROGRAM FILES folder.

In there are 3 or 4 active x files.

But 1 in particular has a status of DAMAGED.

Vista is different in that I cannot just delete this damaged file, like I could in XP, or in earlier windows versions.

All I can do is right click it, which brings up a "properties" link.

This damaged file is an active x file, and the "code base" reads like this:

http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp dot cab (I changed this to read 'dot com' because it appears to be a direct hyperlink to my computers files...and I dont know if anyone could click on this and open my files...so, i added the dot com)

The link takes me to a gp[1] file that looks like it originates from my adobe illustrator installation, and inside this file are several Adobe GetPlus application files, a .dll and a .ocx active x file.

Here is the explorer folder trail to this GetPlus folder that is apparently corrupted.

Temporary Internet Files>Low>Content IE.5>PO6ALQ9S>gp[1] (which appears to be a cab file, as it has that icon that looks like a two drawer blue file cabinet with the bottom drawer half open).

This thing was created 11/2006, but I cannot remember if tha... Read more

Get KILLBOX.EXE at http://killbox.net/

2 more replies

Installation support file version 2007,11,28 in the Downloaded Program Files has been damaged, due to which my pc is showing unexpected errors, is there any way to solve this problem..
should i delete it or do something else, kindly help me..

Installation support file has been damaged, version 2007,11,28,1
Program file\yahoo\common\Yinsthelper.dll
due to this i am not able to install yahoo messenger and my pc is also showing some unexpected problems..
kindly help me..

1 more replies

HELLO,
MY PROBLEM, WHICH COULD BE CHALLENGING.
I PURCHASED KASPERSKY INTERNET SECURITY 2010. IT DOWNLOADS BUT IT WILL NOT INSTALL. AFTER I GO THROUGH THE CONTRACTS A WINDOW SHOWS UP HEADED INSTALLMENT IN PROGRESS, AND BELOW THAT IT SAYS The PROGRAM FEATURES YOU SELECTED ARE BEING INSTALLED. A BAR CHART IN THE WINDOW SHOWS THE PROGRESS. wHEN THE BARGRAPH IS AT MAX, THE PROGRAM LOCKS UP CANT SHUT IT IUFF, IHADD TO TAKE THE BATTERY OUY FOR A FEW SECONDS SO THAT I COULD REBOOT. A KASPERSKY TECH SENT ME SEVERAL LINKS THAT HE WANTED TO LOK AY BUT AFTER GOING IN CIRCLES HE SAID IT IS A MICROSOFT ISSUE, I PAID \$90 ON THAT PROGRAM, BUT I THOUGHT OF YOU GUYS BEFORE I REQEST MY MONEY BACK, CAN YOU HELP? I AM ON STRESS LEAVE FROM WORK AND I AM STILL RECOVERING 4 HRS AFTER DEALING WIRH THAT TECH. HE CONFUSED THE HELL OUY OF ME.
ROGER NORTHALL

10 more replies

hey whats up guys, i recently stumbled across a virus scanner on the internet that told me i had viruses on my computer and so i followed the instructions and it ended with "you have 20 viruses on your pc, please buy me now to get rid of them for only 69.99" and i was like uh no thanks already have a virus scanner. now this program will NOT GO AWAY, i cant get rid of it and its DRIVING ME F-ING CRAZY. it just keeps popping up and now i cant even pull up my ctrl alt delete end process thing. someone please HELP this thing is driving me CRAZY!!!!!!!!!! (pulls out all hair) i tried to download the hijackthis thing and post it but it wont even let me do that HEEEELP !!!!!!!!!!!

bump

3 more replies

I was looking around my PC - internet prop, settings, view objects and found many DL program files. Some are listed more than once installed, same day and version; some status unknown; some total size '0'. Surely some can be deleted - if not all - but?? Surprised the control panels add-remove does not show these programs to be installed??Esp Java runtime enviroment? Where do these programs originate from?? I know the Java program I am running is 1.5.0. updated to 6 but it does not show in this file. Even found some Symantec Script Runner Class and RuFSI Utilit Class files installed created 6/06 but I deleted all AV system a long time ago??

6 more replies

Hello, i'm wondering if it is possible to change a open with option back to unknown application on some files. i accidentally clicked open with the picture opener and its stuck on it now. how can i revert this? step by step if possible.

Thank you.

A:How to change a file's open with program to when i first downloaded it

Go to Default Programs in Control Panel open it, select Set your Default Programs. First off you need to know the extension of this file you do not want any program to open, example, jpeg, gif..etc.. Select each program that can open this file and uncheck that extension for it, then would be back to unknown.

0 more replies

Help
then spybot.search destroy
then hijackthis 1977

Logfile of HijackThis v1.97.7
Scan saved at 3:22:52 PM, on 4/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\S3tray2.exe
C:\Program Files\Config\ConfigHighSpeed\3.52.1010.10\IACLiM.exe
C:\PROGRA~1\AIM95\aim.exe
C:\Documents and Settings\Owner\Application Data\eber.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Gearbox Connection Kit\bin\gbConMon.exe
C:\Program Files\Gearbox Connection Kit\bin\gbdash.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for hijackthis1977.zip\Hija... Read more

11 more replies

Had a few machines that do this now, after the infection is COMPLETELY gone... you get couldn't be downloaded for anything you download in IE. Repairing/Reinstalling IE doesn't help, replacing windows defender program folder does not help.

Experienced this on vista/7 x86/x64

A:How to fix "program couldn't be downloaded" in IE after removing infections?

FYI works in other profiles, not just the one that was originally infected... so it's some sort of registry key issue for currentuser

2 more replies

Hi
I have both HP Photosmart Essentials and HP Photosmart Primier. I inadvertently checked for the Essentials to always open my photos, when I really want Primier. Where do I find that list of 'open with'? I have looked everywhere. Probably in the wrong places.
dbl

11 more replies

Hi, I am still having a problem trying to get rid of a file dealing with Dialer.one0none. The only time this shows up is when running Norton Anti Virus scan, as being in c:/windows/downloaded program files\109554.exe. I cannot delete it using NAV. When searching for this file, it is no where to be found.
My question is this, Can I delete the entire contents of the c:/windows/downloaded program files? Maybe this would get rid of it.
I am running Windows XP Home ed. I am on cable and do not have my phone connected to the computer. There don't seem to be any problems other than this keeps coming up on my virus scan as a threat and when I try to delete it, it fails. I have tried the Safe Mode way, also have submitted a HJT Log earlier. I just need to know if the c:/windows/downloaded program files is needed. Thanks for your help. Roger

yes, you can safely delete the contents of that folder.

2 more replies

ok here's the deal, I have vista home premium, lately the computer when starting, and sometimes during operation desktop loses icons they go into system32 folder,the program "Hulu" will not run. Also there are some important vista updates that will not install. Can anyone out there give me a little assistance...

More replies

So I accidentally downloaded an antivirus program that is really a virus.

It really sucks. Internet explorer refuses to work. Task manager has been disabled by the administrator. Any program that operates under windows explorer fails to run properly. This makes it very difficult to use the computer.
What exactly is wrong? Do I need to repair the registry? What if I did not make a backup?
This problem has been plaguing me for a long time. Any help would be greatly appreciated.

Kevin

A:So I accidentally downloaded an antivirus program that is really a virus.

Hello CL Smooth.

8 more replies

I have Windows XP 2005 which had the Norton Security pack with McAfee Firewall and McAfee Anitivirus. The antivirus expired. Oops on my part. I purchased and downloaded The Shield Deluxe 2008. Immediately I had windows popping up that stated - Detected: Riskware: Invader and messages of processes trying to inject into other processes. I have no clue what this means or the action to take. Is anyone familiar with this? I uninstalled the McAfee antivirus from Add/Remove. I don't know if I should uninstall The Shield or if it is actually working. Is there hope?
ritap

A:Downloaded New Antivirus Program And Can't Begin To Figure Out What's Going On

http://www.siteadvisor.com/sites/pcsecurityshield.comyou have been taken advantage of, now we need to see what they put on your computer

3 more replies

I had an anti-viral/spyware program auto-download to my laptop. After removing it desktop won't run. Have work limitedly through task manager. Program called AVGT. Any suggestions on how to remedy?

Hiya and welcome to Tech Support Guy

Sorry for the lateness in a reply, but these forums are very busy

Are you still having this problem? If so, can you do the following:

Regards

eddie

1 more replies

When I click on Internet Options, Settings, view objects. Under dependency all show damaged. Is this right? I am running IE 7, Windows XP Home Edition and using Service Pack 3. I have been trying to get help and noone has responded. It won't let me delete disabled downloaded Active x controls.

I see no Settings tab in IE 7 .

Louis

2 more replies

I downloaded an alarm clock program, and it's pretty cool, so I kept it. I wanted to keep it on top so I right clicked it and clicked a word I can no longer remember, but it wasn't "keep on top". Now my mouse cursor treats it as if it is no longer there (can't click on it) and the program, which name I can't remember, isn't in the add/remove programs list nor is it in google.history...So I'm confused, is this spyware? it seems like a cool little program, and it works fine, but since I chose the wrong command when I right clicked it I can't set up alarms like I wanted too. I need help......

What happens if you hold right click on the clock?

Check:
C:\Program Files\WindowsApps

2 more replies

When opening a program i downloaded i get a error message, can anyone please give me some help on this one as i do not have a clue what it means or what i have to do. The error reads

C:\Documents and Settings\All Users\Documents\file i downloaded.exe is not a valid Win32 application.

This has happened for a few programs i have tried to download and cant seem to get them to work

thanks for any help

Hello and to BC

Secondly, what type of program are you trying to download, if its a simple program such as an AV , or a free game or something like that, from a trusted site, it should not be giving you an error such as that

if its an older exe file maybe it just won't work with your xp, Just a couple of thoughts to toss out there
Hope to hear from you soon

2 more replies

Hello, I downloaded a program from http://phyxer.info/ and the real site is phyxer.org. I downloaded the program from the phishing site and installed it, when I clicked on it, nothing happened so I went to googe and typed in the name and then was directed to the real site where it had news of a spoof site.

So what i've done so far is: i'm currently running a scan using nod32, I emailed the program to nod and kaspersky as well as the author of the original software at phyxer.org, and ran hijack this. Here is the log, what should I do guys any help is appreciated.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:39:44 PM, on 4/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Program Files\Port Explorer\PortExplorer.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\Eset\nod32.exe

here is an image of port explorer with nothing but nod32 and basic startup programs running, note: whsconnect is windows home server so thats nothing to worry about.

2 more replies

i recently was downlaoding a song from a torrent website and got infected from the file. it seems rather serious and i cant get anything done on my computer now with all the popups and system errors flashing up. please helpLogfile of Trend Micro HijackThis v2.0.2Scan saved at 2:09:54 AM, on 9/26/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\WgaTray.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\WINDOWS\system32\hkcmd.exeC:\Program File... Read more

2 more replies

Hi Bleeping Computer,

A cracked program was installed onto my computer. I scanned my computer with malwarebytes and got rid of it, but I saw the program listed in the startup tab in the task manager menu.

I disabled it, ran malwarebytes again and the anti-virus said my computer was clean. I still see the cracked program listed and am not sure if my computer is actually clean.

Can you find the program to uninstall from "Programs and Features" or "Add or Remove Programs"?

11 more replies

Hi All,

I'm new to vista, have just installed Home Premium yesterday, and having problems already

Vista just simply won't run or save a program or file that I have downloaded.

I am logged on as the administator, and when I try to download a program, if I try to run it, it will download it, the progress will go to 100%, then when i click run, it just vanishes and does nothing else?? If i click to save it first, it asks me where to save it to, then just vanishes.

I have a dual core 1.8 system, 2gig ram, and a 256 graphics card.

I've had a search on the 'net and can't find this problem anywhere, Can anyone help please?

Regards, fb

Hi fb902350. . .

Welcome to the Tech Support Forum - Vista Support!

Are you using IE7 or an alternate browser such as Firefox?

Regrards. . .

jcgriff2

8 more replies

SPECS: Asus G50VT using Windows Vista Home Premium x64, a 2.13 gigahertz Intel Core2 Duo CPU, 4GB Installed Memory. Anything else please ask, I will give it to you from my Belarc Advisor Computer Profile

Welcome
The best course of action, in this situation, is to remove the problem download with a system restore. Go back to at least a day before the problem began. YOur stuff should not be affected.
System Restore - How to

2 more replies

I am trying to delete an active x file MSN Games - Installer but when I click on File-Remove Program File, nothing happens. I tried to just delete the file and still nothing happens. Im trying to follow instructions from MSN games support because I can no longer play multiplayer online games.

Beth

go to control panel open up Internet options. then click on programs. then click on manage add ons. in there look for that active x file. you can disable it there or delete it . if you cant delete there try disabling it and the go to add and remove to try to delete it.

3 more replies

Hi,

In c:\ windows\downloaded program files, I see references to Java and Shockwave. But there are a number of files in this folder that I do not see. I have all files visible in the folder options.

I know that there are other files in this folder because I can see them when using command.exe.

Thanks

4 more replies

More replies

Hello
I have written a VB6 program.
I would in the near future like to make a Web-Site where people can download this program and it will automatically install on there computer. How is this done?

Could somebody please explain what I need, and how to do the above. Even how they access my VB6 program from the Web-Site, ready to download.
A Big Thanks

Gary.

A:Packaging a VB6 Program for self setup on a Clients Computer when downloaded from Web

If the program just needs to have files put into a folder to install, you could just create a ZIP file containing the necessary files. One step above that would be a self-extracting zip file.

If you need an installer that presents the licensing agreement, allows them to do custom installs, modifies the registry, etc then go with an installer package such as Inno Setup Compiler.

1 more replies

My IE proxy address was deleted by a program I downloaded. I have since deleted the program but cannot sign into my yahoo email account. The proxy address was deleted. How do I know what this address and port should be

2 more replies

Hello i just installed vista inspirat 2 form crystalxp.net its a program that changes ur xp yo look like vista for example,it changes icons to vista icons and the theme.but today i was doing research on it and i heard it changes system files!!! im worried now!!! because when i go to click on user accounts it doesnt appear it just gives me a blank window!!! also when i click on system restore it gives me a blank window!!! im wondering if this is bad? and if vista inspirat is good?please help me out

A:I downloaded a program called vista inspirat 2 for my xp i think i may have a problem

Hi, I don't know what you can do about the blank windows...but, here is how you can uninstall the Vista Inspirat pack

http://www.crystalxp.net/bricopack/en-precautions.htm

You use the Recovery Console, not the Restore Console as it says at that site.

You may not know how to use the Console, so here you go:

http://www.bleepingcomputer.com/tutorials/tutorial117.html

To start the Recovery Console directly from the Windows XP CD you would do the following:

Insert the Windows XP cd in your computer.
Restart your computer so you are booting off of the CD.
When the Welcome to Setup screen appears, press the R button on your keyboard to start the Recovery Console.
The Recovery Console will start and ask you which Windows installation you would like to log on to. If you have multiple Windows installations, it will list each one, and you would enter the number associated with the installation you would like to work on and press enter. If you have just one Windows installation, type 1 and press enter.
It will then prompt you for the Administrator's password. If there is no password, simply press enter. Otherwise type in the password and then press enter. If you do not know your password then see this.
If you entered the correct password you will now be presented with a C:\Windows> prompt and you can start using the Recovery Console.Click to expand...

Now, you just type in the command as it says at the crystalxp.net page....

1 more replies

my wife downloaded a dialer chat program that totally removed adaware is there any way to restrict this from happening agian?

the os is xp

go here http://forums.net-integration.net/index.php?showtopic=3051 for info on how to tighten your security settings and how to help prevent future attacks.
The Immunize feature in Spybot used in conjunction with SpywareBlaster , SpywareGuard and weekly scans with Spybot and Adaware will go a long way toward keeping your PC free of these pests..

Important!: ALWAYS check for updated detections and referencefiles before scanning with Spybot and Adaware. And be sure to check for updates to SpywareBlaster and SpywareGuard on a weekly basis.

2 more replies

I downloaded a free software for editting and burning my home digital video tapes to DVD, "BurnToDisk" via forum.videohelp.com. But when I try to open it I get a message, MSVCR100.dll can't be found. How do I replace it. Or do you know of/should I try a different editting software? I can still open and use the free software that came with various cameras I have bought over the years. But their bit rate onto the final DVD is too low and I am getting blur/checkering (pixelation?) on action scenes.

A:Downloaded a free DVD editting /Burn program but MSVCR100.dll missing pops up?

See this Microsoft fix which sounds like the same problem you have.

4 more replies

i m using vista home premium 32 sp2..
Machine! Hp Dv6 Core 2 duo 2.10GHZ -3 GB RAM- 512MB AtI Gaming card....
i have got 2 major problems now !!!!
1) in Windows/downloaded program files i have got a file which is damaged and when i right clicked on it. only Properties occurs! and that thing i basically got from IE's(Version 8) Tools>Options under the heading of browsing setting> and View Objects...

2)i don;t know what is the problem with my IE8 whenever i open Hp's website it wouldnt opened and for other websites it words but for a very few minutes. but after that i get the error that the webpage can't be displayed---- but In google Chrome it works gr8 ..

Originally Posted by amar4ever

i m using vista home premium 32 sp2..
Machine! Hp Dv6 Core 2 duo 2.10GHZ -3 GB RAM- 512MB AtI Gaming card....
i have got 2 major problems now !!!!
1) in Windows/downloaded program files i have got a file which is damaged and when i right clicked on it. only Properties occurs! and that thing i basically got from IE's(Version 8) Tools>Options under the heading of browsing setting> and View Objects...

2)i don;t know what is the problem with my IE8 whenever i open Hp's website it wouldnt opened and for other websites it words but for a very few minutes. but after that i get the error that the webpage can't be displayed---- but In google Chrome it works gr8 ..

Hello amar4ever;

Cannot Rename or Move a File or Folder in Vista Fix

If not there are some other steps we can take.

Cheers!
Robert

4 more replies

I understand the process of how to remove downloaded Active X controls using the Disk Cleanup Utility.

My question is, exactly how many versions of the same Active X control do I need to keep?

For example, I have 3 Java Runtime Environment 1.6.0 controls showing in the list.
Two of them were installed on 07-28-2010 and are both for updates. They appear to be the same kind of control as each other.

The third is called "Classic Java plug in for Netscape and ..?' which I don't know where that came from....if it was an option in an update, I didn't choose it. I wouldn't choose that because I don't have/use Netscape. It was installed on 2-2-2011.

Can I remove the classic plug in for Netscape and one of the other update controls?

Thanks!
p.s.....I am utilizing your suggestion page about "Slow Computers/browser ..check here first". this is where my question originates from. I run XP Professional Service Pack 3.

In order to remove older Java Installations we recommed this: JavaRA it remove all older versions of Java.

2 more replies

Hello, Please help me. I have Windows 2000 Professional. I'm pretty new to all this as I have only had a computer for about a week. I got some adware threats detected by Norton Antivirus 2004 and have done a lot of reading up and I am now tring to delete them.

One of the removal instructions provided by Norton promps me to delete a file in C:\Winnt\Downloaded Program Files but when I go to view this folder it looks like there are no files inside. Now, I know there are files in there as Norton Antivirus has picked up one in there and when I view the proporties for that folder it states there are 12 files inside but when I view the folder with Windows Explorer it appears empty!

I've gone into folder option and changed the settings so it shows hidden files and hidden system files yet this still doesn't let me view the files in this folder. How can I delete this file if I am unable to view it?

If anyone can point me to a turorial that explains this or explain it to me I would really appreciate this.

Cheers, Luke.

I'm assuming you have done this to Show hidden files and folders:
Go to Control Panel/Folder Options/View and select "Show hidden files and folders"

Also,place a check in "Display the contents of system folders"
And,uncheck "Hide protected operating system files(Recommended)"

If the above doesn't work try this:
Create the REG_DWORD ShowSuperHidden (if it doesn't already exist) Set the value to 1, click OK, and close the Registry editor

1 more replies

I just downloaded a free trial of Macromedia Fireworks and am unable to use it. An error box pops us saying it cannot find " SN.DLL " and that if I uninstall and reinstall the progrm it might help. I did it but it did not help. I was cleaning my computer yesterday and might have deleted it by an accident. Is there anyway I can fix this problem? Thanks in advance

8 more replies

I had a few problems, which I hope have been resolved, but I still have two downloaded files which say they are damaged.

In XP using IE, Tools -> Internet Options -> Settings -> View Objects
the following files have the status "damaged:"

cpbrkpie Control

A. Do I fix them? Delete them? Ignore this?
B. What is the likely cause of this? Virus? Worm? Spyware?

When attempting to load a second virus software, the following file was deleted from my Temp Internet Files: C:\Documents&Settings\my name\localSettings\temporary Internet Files\Content.IE5\ECJHRSQ9 motiveSB.exe
Was this something sinister? It seems to have fixed everything except my mouse (2 of the 5 buttons don't operate as programmed and I'm having no luck finding new drivers for it).

Thanks in advance for any suggestions.

I have been told that cpbrkpie is a virus. I tried to remove it, but my wireless optical mouse doesn't work in safe mode for some reason.
Also, my wireless router is giving me grief and I had to bypass it to get online.
Anyone have some input?

1 more replies

In internet options under temporary internet files and then under settings view objects there 5 java runtime environment active X controls with yellow exclamation points. Is this supposed to be this way and if not how do I fix this? Also, the setting in my temp internet files folder is set at 1192. Is this correct or should it be changed?

8 more replies

So I downloaded something and although avast said it blocked a trojan/virus, I just want to sure my PC is safe/clean. Think you guys can help me out?

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:10:11 PM, on 2/5/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18163)

FIREFOX: 42.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Users\Gene\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe

2 more replies

alright so i would say i am pretty computer literate at least for 16 you put me in my whole high school i would pry be second best, here is my HJT file i cant find nothing but i can tell you my problem the quick launch bar is messed up i open it an nothing is there it opens but just lines come and regedit says its in use by another program and task manager wont open

View attachment 32453

Clear these three items in HJT and rescan:

O2 - BHO: (no name) - {3745D43B-4A84-485D-8EE9-BC6D0401DBF6} - C:\WINDOWS\system32\vtUkIBqR.dll
O2 - BHO: (no name) - {4F96CCB9-01EC-419E-AAEA-C2C913F2A236} - C:\WINDOWS\system32\byXRkIYS.dll
O20 - Winlogon Notify: byXRkIYS - C:\WINDOWS\SYSTEM32\byXRkIYS.dll

If they are still present, then download MalwareBytes Anti-Malware and while you are there grab the RogueRemoverFree as well. FileASSASSIN is under More Tools in Anti-Malware, and can actually delete the files while in use. Run that if the files wont delete or keep showing up in HJT. Make sure you update MalwareBytes before you do a full scan

7 more replies

Hello -It may not be unusual for a program to update itself if you are subscribed to it, like many Adobe products that Auto Update -Thank You - Detals of what Networx Can ShowText edited to show link to programs base

4 more replies

More replies

Thanks

Hi cloud366, it sounds like you have done a repair install. When you pressed F10, did you choose Last Known Good Configuration from the boot menu?

Also, check in C:\Documents and Settings for a duplicate profile. It could be that your original profile has corrupted and Windows built you a new one.

All those type of "custom features" live in your local profile.

3 more replies

Is there a way to find out just how much in total the Get Windows 10 app has downloaded it so far?

There's no way to know that when Windows 10 hasn't been officially released yet. Maybe at a later date.

41 more replies

So far I like it. However, I do a lot of photos and cannot figure out how to set up a new folder and organize them. Any advice ? Thank you

10 more replies

I took advantage of the student offer of Windows 7 and last night downloaded windows 7. I thought that because my laptop was 64 bit capable I could do a clean install to it from the download, which I now obviously realise was a mistake.

Does anyone know how I can change this download for a 32 bit version?

Thanks

Why can't you install 64bit? Have you tried and got an error?

2 more replies

hello my coputer is windos vista and the problem is everery time that i try to downloading anything i cant because there is a box that say "you current security setting do not allow this file to be downloaded" plis i really need help michael

More replies

downloaded IE9, but cant find it did search, found an empty folder but that all thats marked IE, toshiba laptop running mozilla firefox 3.6

3 more replies

Think i accidently downloaded something or not, Over the past week it has been getting slower and ie has now been hanging up. here is a dss log and thank you:Deckard's System Scanner v20071014.68Run by Gil on 2008-06-09 22:07:02Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --28: 2008-06-10 02:07:21 UTC - RP513 - Deckard's System Scanner Restore Point27: 2008-06-10 00:51:33 UTC - RP512 - System Checkpoint26: 2008-06-04 03:16:24 UTC - RP511 - Software Distribution Service 3.025: 2008-06-03 21:13:28 UTC - RP510 - Software Distribution Service 3.024: 2008-06-03 02:32:27 UTC - RP509 - Software Distribution Service 3.0-- First Restore Point -- 1: 2008-03-13 20:18:23 UTC - RP486 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 448 MiB (512 MiB recommended).-- HijackThis (run as Gil.exe) -------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:10:47 PM, on 6/9/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC: ... Read more

2 more replies

I was working trying to fix my DVDFab express tonight, and I was using a keygenerator... bad I know... but anyways, I ended up downloading and installing something that made my desktop wallpaper go to white and flicker... THe program initiated a msdos looking window with an error message that asked me if I wanted to abort... I couldn't choose anything and had to reboot... that's when I found it had erased my wallpaper and I couldn't get it fixed.. i knew it was some kind of malicious program...

so i came to you guys and I have followed all your steps... My wallpaper is back and I think I have gotten rid of most stuf, but my computer is still running kind of weird, slow, just not the same....

I have ran Adaware SE Personal, Spybot, Notron Anti-Virus, Kapersky Online Scanner, CWShredder, and Spyware Blaster... Please see if something else is on there...

Thanks Guys!!!!

Here is my HijackThis log...

Logfile of HijackThis v1.99.1
Scan saved at 12:32:05 AM, on 12/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'.
8. Exit Ewido. DO NOT scan yet.

Restart your computer and boot into Safe Mode (if you d... Read more

1 more replies

I opened a file from AIM, and now all these programs are trying to modify my computer. All help would be appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 8:10:06 PM, on 9/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system\wcisvc.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Yolkavich\Desktop\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch ... Read more

More replies

I just purchased a new HP desktop, INtel core 2 Quad processor, 64 bit performance with 8gb of ram, 1 Terrabyte hard drive. It came with Vista home premium 64 bit edition. I had previously purchased Vista Ultimate for a laptop that no longer works. When I downloaded Vista Ultimate I put in the 32 bit instead of the 64.....I am not able to do a restore to go back to the way I purchased it. I am not very computer savvy. Can anyone please help??? Thank you. And what would be the down fall for keeping the 32 bit installed (somone had told me I wouldn't be using the full capicity of the computer) Thanks again.

Originally Posted by cmb1966

I just purchased a new HP desktop, INtel core 2 Quad processor, 64 bit performance with 8gb of ram, 1 Terrabyte hard drive. It came with Vista home premium 64 bit edition. I had previously purchased Vista Ultimate for a laptop that no longer works. When I downloaded Vista Ultimate I put in the 32 bit instead of the 64.....I am not able to do a restore to go back to the way I purchased it. I am not very computer savvy. Can anyone please help??? Thank you. And what would be the down fall for keeping the 32 bit installed (somone had told me I wouldn't be using the full capicity of the computer) Thanks again.

32bit will only see 4gigs of ram and usually only be able to use abt 3.3 its also a bit slower depending on how you use it. when changing from one OS format (32bit) to another (64bit) it has to be a clean install.

Now about restoring you may have a backup there and available but since you are 32 bit and it isnt you cant use it. If you were to reinstall vista 64 it probably be available

7 more replies

i downloaded a thing i thought was safe but turns out my mcafee site advisor and mcafee software let a trojan get on my computer. it the TrojanDownloader:WIN32/zlob.ZWC. microsoft malicious software tool detects it but wont remove it. mcafee dont detect it at all.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

1 more replies

system running : windows XP professional with sp3

okay, as the title implies, while surfing the internet a tab appeared in the firefox window that said "Updating..." but never showed/displayed anything. After that, I noticed the windows start/tool bar had changed from the XP theme version to the classic version. Then i noticed that there was no network connectivity. When I tried to look up what was wrong, the properties, rename, and delete options have been disabled from the right-click menu.
I received a message that there was attempt to update registry but whatever was done was restored, then my PC reboot.
what I've done so far:
I tried to boot using the windows xp CD but nothing happens. Windows eventually boots up, but I don't get any options to run repair or anything.
Used CA anti-virus for scan and found nothing (did this again in safe mode and still found nothing)
I did a search to see if I could find what was modified, it shows that all user accounts including a Helpassist?? account have been updated in some form or fashion so i don't know what else to do

I see svchost.exe, services.exe, and system taking up 50% of CPU occasionally but not sure what to make of that.

to get the internet started I tried to turn on some network services but all failed due to 'timeout'

Please let me know any ideas, or how to get started on trying to fix this problem.

thanks,
homero
other pcs are connected to the internet just fine.

any ideas? anyone? a starting point?

2 more replies

Hey.
I have had some problems with my computer, and know I have tried my best. Someone told me to download Hijack and then post my log here. Could someone please take a look at it-, If there's something more to be done, please let me know.

Thanks

Logfile of HijackThis v1.98.2
Scan saved at 21:57:56, on 11.10.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programfiler\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Programfiler\Fellesfiler\Nokia\NCLTools\NclTray.exe
C:\PROGRA~1\ELEKTR~1\OPTISK~1\Amoumain.exe
C:\Programfiler\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\Fellesfiler\Nokia\Services\ServiceLayer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\bcmwltry.exe

It's a program that can restore your internet connection if it's lost after the NewDotNet uninstall.

Uninstall NewDotNet via Start-Control Panel-Add or Remove Programs.

If that fails, then follow the instructions below:

From a computer that has Internet access, click on the following link:

NewDotNet uninstaller

Insert the floppy disk into the floppy drive of the computer that needs to have our software uninstalled from.

Click on Start.

Click on Run.

In the Open window type, A:\uninstall6_22.exe.

Click on the OK button.

Re-start the computer.

http://www.newdotnet.com/

Uninstall:

MyWay or MyWebSearch

Twaintech

Restart the computer.

Download and save these freeware/donationware programs to a permanent folder. Remember to check for updates and run them weekly.
***NOTE***A new version of Ad-aware has been released.
***ALSO***A new version of SpyBot's been released (v1.3...it's no longer in beta). If you have been using 1.2 you can install right over it. If you downloaded and used 1.3 beta it is suggested you remove it and reboot prior to installing.

First in the main window look in the bottom right corner and click on "Check for updates now." then click Connect and download the latest reference files.... Read more

1 more replies

Hello

I have setup every application to "ask me before checking for updates",

Even when I am not using any brower, email or any opther application, I notice that my lights on my modem are blinking quite fast... that is something is being downloded. It has been going on for quite sometime.

How do I find out what is being downloded (or uploaded)?

I use
toshiba laptop
window 7 prof
IE9
MS office 2010
Internet secuirity (antivirus, etc ...) from Bell
Thank you very much

And you have no browser open? And check for new email only infrequently?

You could try disconnecting from the modem and see if any program complains.

In Network Connections right click on your connection and select Status. Watch the Bytes sent and received to get an idea of the upload vs download and how much.

3 more replies

I downloaded a program yesterday and ran it but nothing happened. Then I read comments on a video of it and someone said it was most likely a RAT and another guy saying it was probably a virus. I can provide the file if that will help. I don't want a RAT.

1 more replies

Good morning, On the very infrequent occasion when MBAM Pro happens to display an OUTGOING block message, I will try and ascertain which program on my computer is making the call using the TcpView program. Unfortunately, it seems I can never get TcpView going fast enough to catch the program responsible. (Being I use an XP Pro machine, the block message only displays the IP address).Question: Is there some other method I can use to see which application on my machine is making these infrequent outgoing calls? (HpHosts shows the IP address to be malicious and located in Germany).Thanks for any info.

A:MBAM outgoing block; Any program besides TcpView to find originating program on computer?

Yes, use procmon. Start procmon before you get the warning, and filter on "Operation is TCP Connect".

7 more replies

Hey everyone, i have a trouble, my laptop yesterday shows a blue screen "STOP: c0000135 The program cant start because %hs is missing from your computer. Try reinstalling th program to fix this problem."

*I can't start in safe mode
*I can't repair since DVD Windows 7
*I can't Restore System

I installed in a USB flash driver FARBAR recovery scan tool in the command propt

It was the log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-01-2013 02
Ran by SYSTEM at 24-01-2013 11:13:13
Running from F:\
Service Pack 1 (X86) OS Language: Spanish Modern Sort
Attention: Could not load system hive.
Attention: System hive is missing.

==================== Registry (Whitelisted) ===================

Attention: Software hive is missing.

ATTENTION: Unable to load Software hive.
==================== Services (Whitelisted) ===================
==================== Drivers (Whitelisted) ====================
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
==================== One Month Modified Files and Folders ========
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.