Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Task Manager Freezes, Pages won't switch (toggle) [RESOLVED]


  • This topic is locked This topic is locked

#1
shealyb

shealyb

    New Member

  • Member
  • Pip
  • 6 posts
Hello, Having to press control/alt/delete to toggle between pages. Sometimes it works and sometimes it doesn't. Either I have to reboot or wait about 20 minutes for it to unfreeze.
The perfect Keylogger I believe is my husbands program installed to watch the kids.
Please help, tried other site fore help and waited 4 days already.
Thank YOu



AVG SCAN:
<history>
<!-- 01c8714f385356c0 -->
<rec time="2008/02/07 06:37:57" user="Beth" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/02/07 07:04:15" user="Beth" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Program Files\BPK\inst.bin</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">PSW.Banker3.XOY</attr>
</rec>
<rec time="2008/02/07 08:00:24" user="Beth" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/02/07 08:20:04" user="Beth" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Program Files\BPK\inst.bin</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">PSW.Banker3.XOY</attr>
</rec>
<rec time="2008/02/07 09:24:17" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avgcc:506-497;avgui:507-503;avgw:506-502;email:512-501;ems:510-494;fshmfx86:510-473;kernel:510-501;lngus:508-501;setup:510-503;update:516-503;</attr>
</rec>
<rec time="2008/02/07 09:27:21" user="Beth" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_13</attr>
</rec>
<rec time="2008/02/07 09:29:34" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1259-1205;banner:489-100;iavi:1273-1147;</attr>
</rec>
<rec time="2008/02/07 09:38:06" user="Beth" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Program Files\BPK\bpkr.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/07 09:38:06" user="Beth" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Program Files\BPK\inst.bin</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">PSW.Banker3.XBI</attr>
</rec>
<rec time="2008/02/07 15:10:01" user="Beth" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_13</attr>
<attr name="infectedfiles">2</attr>
</rec>
<rec time="2008/02/07 15:10:07" user="Beth" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Program Files\BPK\bpkr.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2008/02/07 15:10:07" user="Beth" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Program Files\BPK\inst.bin</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2008/02/08 07:45:40" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/08 08:00:06" user="Beth" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/02/08 09:23:31" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1276-1273;</attr>
</rec>
<rec time="2008/02/08 11:58:47" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/08 12:40:10" user="Beth" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2008/02/08 12:56:00" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/08 21:30:05" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/08 22:19:34" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/08 23:19:34" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/09 00:32:34" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/09 08:00:04" user="Beth" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/02/09 09:10:06" user="Beth" source="General">
<value>@HL_TestStopped</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2008/02/09 09:21:56" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/09 10:58:14" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/09 12:08:00" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/09 13:12:17" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/09 21:35:15" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/09 22:11:12" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/09 23:25:47" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/10 00:12:17" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/10 01:11:12" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/10 02:11:12" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/10 03:12:17" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/10 04:12:17" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/10 05:30:53" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/10 06:12:17" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/10 07:12:17" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/10 08:00:05" user="Beth" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/02/10 11:24:54" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1262-1259;iavi:1280-1276;</attr>
</rec>
<rec time="2008/02/10 11:25:43" user="Beth" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_13</attr>
</rec>
<rec time="2008/02/10 14:25:30" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/10 17:19:52" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/10 18:40:11" user="Guest" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/02/10 20:30:55" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/10 20:51:09" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/10 22:47:08" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/11 00:16:14" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/11 00:51:09" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/11 01:51:09" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/11 02:51:09" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/11 03:51:09" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/11 04:52:14" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/11 05:52:14" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/11 06:52:14" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/11 08:00:05" user="Beth" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/02/11 09:22:34" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1281-1280;</attr>
</rec>
<rec time="2008/02/11 11:07:49" user="Beth" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2008/02/11 11:24:35" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/11 11:49:36" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/11 13:54:47" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/11 15:28:13" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/11 16:38:24" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/11 16:51:09" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/11 17:27:21" user="Guest" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/02/11 17:27:53" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1282-1281;</attr>
</rec>
<rec time="2008/02/11 20:28:22" user="Beth" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\DBJLJ3BW\favicon[1].htm</attr>
<attr name="finding">@EID_Id_vir</attr>
<attr name="virusname">Exploit</attr>
</rec>
<rec time="2008/02/11 21:38:08" user="Guest" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2008/02/11 22:51:29" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/11 23:36:01" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/12 00:36:01" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/12 01:34:56" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/12 02:34:56" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/12 03:36:01" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/12 04:36:01" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/12 05:34:56" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/12 08:00:05" user="Beth" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/02/12 08:03:11" user="Beth" source="General">
<value>@HL_TestStopped</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2008/02/12 09:22:30" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1283-1282;</attr>
</rec>
<rec time="2008/02/12 11:59:07" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/12 13:34:56" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/12 16:16:36" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/12 16:34:56" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/12 18:08:34" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/12 18:08:54" user="Beth" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2008/02/13 08:00:04" user="Beth" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/02/13 09:22:34" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1264-1262;iavi:1286-1283;</attr>
</rec>
<rec time="2008/02/13 11:33:33" user="Beth" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2008/02/14 08:00:05" user="Beth" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/02/14 08:08:28" user="Beth" source="General">
<value>@HL_TestStopped</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2008/02/14 09:23:03" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1265-1264;iavi:1288-1286;</attr>
</rec>
<rec time="2008/02/15 08:00:07" user="Beth" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/02/15 09:23:06" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1266-1265;iavi:1290-1288;</attr>
</rec>
<rec time="2008/02/15 12:16:37" user="Beth" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2008/02/16 08:00:07" user="Beth" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/02/16 09:22:40" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1292-1290;</attr>
</rec>
<rec time="2008/02/16 09:53:51" user="Beth" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2008/02/16 13:16:00" user="Beth" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/02/16 15:15:58" user="Beth" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2008/02/17 10:24:04" user="Beth" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/02/17 10:24:54" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1267-1266;iavi:1293-1292;</attr>
</rec>
<rec time="2008/02/17 14:18:22" user="Beth" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2008/02/18 08:00:06" user="Beth" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/02/18 09:22:33" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1295-1293;</attr>
</rec>
<rec time="2008/02/19 08:00:15" user="Beth" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/02/19 08:33:50" user="Beth" source="General">
<value>@HL_TestStopped</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2008/02/19 09:23:12" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1268-1267;iavi:1297-1295;</attr>
</rec>
</history>
SUPERAntiSPyware:
<history>
<!-- 01c8714f385356c0 -->
<rec time="2008/02/07 06:37:57" user="Beth" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/02/07 07:04:15" user="Beth" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Program Files\BPK\inst.bin</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">PSW.Banker3.XOY</attr>
</rec>
<rec time="2008/02/07 08:00:24" user="Beth" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/02/07 08:20:04" user="Beth" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Program Files\BPK\inst.bin</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">PSW.Banker3.XOY</attr>
</rec>
<rec time="2008/02/07 09:24:17" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avgcc:506-497;avgui:507-503;avgw:506-502;email:512-501;ems:510-494;fshmfx86:510-473;kernel:510-501;lngus:508-501;setup:510-503;update:516-503;</attr>
</rec>
<rec time="2008/02/07 09:27:21" user="Beth" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_13</attr>
</rec>
<rec time="2008/02/07 09:29:34" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1259-1205;banner:489-100;iavi:1273-1147;</attr>
</rec>
<rec time="2008/02/07 09:38:06" user="Beth" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Program Files\BPK\bpkr.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/07 09:38:06" user="Beth" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Program Files\BPK\inst.bin</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">PSW.Banker3.XBI</attr>
</rec>
<rec time="2008/02/07 15:10:01" user="Beth" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_13</attr>
<attr name="infectedfiles">2</attr>
</rec>
<rec time="2008/02/07 15:10:07" user="Beth" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Program Files\BPK\bpkr.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2008/02/07 15:10:07" user="Beth" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Program Files\BPK\inst.bin</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2008/02/08 07:45:40" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/08 08:00:06" user="Beth" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/02/08 09:23:31" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:1276-1273;</attr>
</rec>
<rec time="2008/02/08 11:58:47" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/08 12:40:10" user="Beth" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2008/02/08 12:56:00" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/08 21:30:05" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/08 22:19:34" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/08 23:19:34" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/09 00:32:34" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/09 08:00:04" user="Beth" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/02/09 09:10:06" user="Beth" source="General">
<value>@HL_TestStopped</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2008/02/09 09:21:56" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/09 10:58:14" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/09 12:08:00" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/09 13:12:17" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/09 21:35:15" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/09 22:11:12" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/09 23:25:47" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/10 00:12:17" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/10 01:11:12" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/10 02:11:12" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/10 03:12:17" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/10 04:12:17" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/10 05:30:53" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/10 06:12:17" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/10 07:12:17" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/10 08:00:05" user="Beth" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/02/10 11:24:54" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1262-1259;iavi:1280-1276;</attr>
</rec>
<rec time="2008/02/10 11:25:43" user="Beth" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_13</attr>
</rec>
<rec time="2008/02/10 14:25:30" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/10 17:19:52" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/10 18:40:11" user="Guest" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/02/10 20:30:55" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/10 20:51:09" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/10 22:47:08" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/11 00:16:14" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/11 00:51:09" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/11 01:51:09" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/11 02:51:09" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/11 03:51:09" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/11 04:52:14" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{83646298-8518-493C-80A9-E4FA2CD8B2AF}\RP103\A0021734.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Small.60.BB</attr>
</rec>
<rec time="2008/02/11 05:52:14" user="SYSTEM&qu
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and let me see what I can do

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
shealyb

shealyb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Hi there and let me see what I can do

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


Ok here is the info you requested.


Deckard's System Scanner v20071014.68
Run by Beth on 2008-02-19 19:02:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-02-20 00:02:52 UTC - RP117 - Deckard's System Scanner Restore Point
2: 2008-02-19 22:22:20 UTC - RP116 - System Checkpoint
1: 2008-02-18 21:38:16 UTC - RP115 - fixing computer


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Beth.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:03:34 PM, on 2/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\BPK\bpk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\UDA8VK0F\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Beth.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [bpk] C:\Program Files\BPK\bpk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinn...am/skillgam.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinn...GamesLoader.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1194704878859
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/...ol.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.co...aploader_v6.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinn...es/wwspades.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 6503 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.2.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.2.0>
R3 rtl8185 (Realtek RTL8185 54M Wireless LAN Network Adapter Driver) - c:\windows\system32\drivers\rtl8185.sys <Not Verified; Realtek Semiconductor Corporation; Realtek RTL8185 54M Wireless LAN Network Adapter>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 JL2005C (Dual Mode Camera) - c:\windows\system32\drivers\jl2005c.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 nmraapache (Pure Networks Net2Go Service) - "c:\program files\pure networks\network magic\webserver\bin\nmraapache.exe" -k runservice <Not Verified; Pure Networks, Inc.; Pure Networks Net2Go Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: D-Link DFE-530TX+ PCI Adapter
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_13011186&REV_10\3&61AAA01&0&68
Manufacturer: D-Link
Name: D-Link DFE-530TX+ PCI Adapter
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_13011186&REV_10\3&61AAA01&0&68
Service: rtl8139


-- Scheduled Tasks -------------------------------------------------------------

2008-02-18 19:00:08 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-01-19 and 2008-02-19 -----------------------------

2008-02-18 18:42:44 8576 --a------ C:\WINDOWS\system32\drivers\stltjbjfvyed.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-02-18 18:22:29 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-02-17 17:16:52 0 d-------- C:\WINDOWS\system32\NtmsData
2008-02-16 15:30:39 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-16 15:30:34 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-16 15:30:34 0 d-------- C:\Documents and Settings\Beth\Application Data\SUPERAntiSpyware.com
2008-02-16 15:29:53 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-16 10:53:56 0 d-------- C:\Program Files\Trend Micro
2008-02-14 18:20:32 0 d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2008-02-08 13:00:37 0 d-------- C:\Documents and Settings\Guest\Application Data\AVG7
2008-02-07 15:10:05 0 dr-h----- C:\$VAULT$.AVG
2008-02-07 06:37:14 0 d-------- C:\Documents and Settings\Beth\Application Data\AVG7
2008-02-07 06:36:38 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-07 06:35:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-07 06:35:56 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-27 10:02:34 0 d-------- C:\Program Files\Dr Daisy Pet Vet
2008-01-22 19:23:53 0 d-------- C:\Documents and Settings\All Users\Application Data\pixelStorm
2008-01-20 14:33:17 0 d-------- C:\Documents and Settings\Guest\Application Data\Google


-- Find3M Report ---------------------------------------------------------------

2008-02-19 19:00:25 0 d-------- C:\Program Files\BPK
2008-02-18 23:02:52 0 d-------- C:\Program Files\Google
2008-02-18 11:35:51 0 d-------- C:\Documents and Settings\Beth\Application Data\Apple Computer
2008-02-16 15:29:53 0 d-------- C:\Program Files\Common Files
2008-02-14 06:32:44 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-10 19:48:27 0 d-------- C:\Documents and Settings\Beth\Application Data\LimeWire
2008-01-27 10:04:01 0 d-------- C:\Documents and Settings\Beth\Application Data\PlayFirst
2008-01-27 10:02:34 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-26 11:20:00 0 d-------- C:\Program Files\MSN Games
2008-01-23 07:43:23 0 d-------- C:\Documents and Settings\Beth\Application Data\Macromedia
2007-12-30 21:43:50 0 d-------- C:\Documents and Settings\Beth\Application Data\Google
2007-12-30 16:55:38 0 d-------- C:\Program Files\LimeWire
2007-12-30 16:55:21 0 d-------- C:\Documents and Settings\Beth\Application Data\Sun
2007-12-30 16:54:24 0 d-------- C:\Program Files\Java
2007-12-30 16:52:42 0 d-------- C:\Program Files\Common Files\Java
2007-12-27 18:51:29 0 d-------- C:\Program Files\MyDSC2
2007-12-27 18:51:29 0 d-------- C:\Program Files\JL2005D
2007-12-27 18:51:29 0 d-------- C:\Program Files\JL2005C
2007-12-25 12:58:25 0 d-------- C:\Program Files\iTunes
2007-12-25 12:58:18 0 d-------- C:\Program Files\iPod
2007-12-25 12:58:02 0 d-------- C:\Program Files\QuickTime
2007-12-25 12:57:24 0 d-------- C:\Program Files\Apple Software Update
2007-12-25 12:57:03 0 d-------- C:\Program Files\Common Files\Apple


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [02/07/2008 09:24 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"bpk"="C:\Program Files\BPK\bpk.exe" [01/12/2001 12:24 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [12/30/2007 08:39 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Configuration Utility HW.15.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.15.lnk
backup=C:\WINDOWS\pss\Wireless Configuration Utility HW.15.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Beth^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Beth\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
"C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"nmservice"=2 (0x2)
"nmraapache"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-02-19 19:04:07 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 2200+
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 1535.53 MiB / 870.48 MiB
Pagefile Memory (total/avail): 3435.07 MiB / 3107.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.73 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 76.32 GiB total, 44.8 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6Y080P0 - 76.33 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 76.32 GiB - C:

\\.\PHYSICALDRIVE1 - SanDisk ImageMate 6 in 1 USB Device

\\.\PHYSICALDRIVE2 - SanDisk ImageMate 6 in 1 USB Device

\\.\PHYSICALDRIVE3 - SanDisk ImageMate 6 in 1 USB Device

\\.\PHYSICALDRIVE4 - SanDisk ImageMate 6 in 1 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntivirusOverride is set.

AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Beth\\Local Settings\\Application Data\\Abacast\\Abaclient.exe"="C:\\Documents and Settings\\Beth\\Local Settings\\Application Data\\Abacast\\Abaclient.exe:*:Enabled:Abaclient"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Beth\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SUBFRAMEIV
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Beth
LOGONSERVER=\\SUBFRAMEIV
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0800
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Beth\LOCALS~1\Temp
TMP=C:\DOCUME~1\Beth\LOCALS~1\Temp
USERDOMAIN=SUBFRAMEIV
USERNAME=Beth
USERPROFILE=C:\Documents and Settings\Beth
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Eric Scott (admin)
Beth (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
802.11g Wireless Adapter HW.15 V.1.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{F266A90C-3F4A-4F65-9901-3DBBB0D77D80}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BlazingTools Perfect Keylogger --> C:\Program Files\BPK\bpkun.exe
Dr Daisy Pet Vet --> "C:\Program Files\InstallShield Installation Information\{E313C778-60B1-4AC7-974E-1283BD3E0A24}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Network Magic --> C:\Documents and Settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe /uninstall
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PCI Audio Driver --> cmuninst.exe
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Uninstall Dual Mode Camera --> "C:\Program Files\JL2005D\unins000.exe"
Windows Driver Package - Pure Networks, Inc. Pure Networks Device Discovery Driver (08/24/2007 4.6.7236.0) --> rundll32.exe C:\PROGRA~1\DIFX\B7A8D76A63BBE060C656AA54D656BF7D1C31D4C3\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\pnarp_EA1D46527BDDE0262D42D36737D2D9EC73FFB1A0\pnarp.inf
Windows Driver Package - Pure Networks, Inc. Pure Networks Wireless Driver (08/24/2007 4.6.7236.0) --> rundll32.exe C:\PROGRA~1\DIFX\B7A8D76A63BBE060C656AA54D656BF7D1C31D4C3\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\purendis_63F463FB269B562703E37AAC1A91B3A645B65380\purendis.inf
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type527 / Error
Event Submitted/Written: 02/18/2008 08:25:47 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type519 / Error
Event Submitted/Written: 02/17/2008 05:11:20 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application taskmgr.exe, version 5.1.2600.2180, faulting module bpkhk.dll, version 0.0.0.0, fault address 0x00001b48.
Processing media-specific event for [taskmgr.exe!ws!]

Event Record #/Type514 / Error
Event Submitted/Written: 02/17/2008 00:15:01 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application taskmgr.exe, version 5.1.2600.2180, faulting module bpkhk.dll, version 0.0.0.0, fault address 0x00001b48.
Processing media-specific event for [taskmgr.exe!ws!]

Event Record #/Type512 / Error
Event Submitted/Written: 02/16/2008 02:06:06 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application taskmgr.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type511 / Error
Event Submitted/Written: 02/16/2008 02:06:06 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application taskmgr.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type884 / Warning
Event Submitted/Written: 02/19/2008 02:35:23 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0018E72E10AD. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type876 / Warning
Event Submitted/Written: 02/19/2008 07:57:39 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type861 / Warning
Event Submitted/Written: 02/18/2008 05:47:28 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0018E72E10AD. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type859 / Warning
Event Submitted/Written: 02/18/2008 05:47:08 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0018E72E10AD. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type856 / Warning
Event Submitted/Written: 02/18/2008 05:45:41 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0018E72E10AD. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-02-19 19:04:07 ------------
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there the key logger is your problem

Faulting application taskmgr.exe, version 5.1.2600.2180, faulting module bpkhk.dll, version 0.0.0.0, fault address 0x00001b48.

The .dll is part of the keylogger and causing your system to hang. See here for further details http://ca.com/us/sec...px?id=453073333

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

BlazingTools Perfect Keylogger

Please note any other programs that you dont recognize in that list in your next response

THEN

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#5
shealyb

shealyb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ok, here's what you requested:::Thank you for your help,again!
p.s. as far as I can tell the add/remove programs list looks familiar except for the windows programs, but I am unsure if they are necessary?

COMBO-Fix Log
ComboFix 08-02-20.2 - Beth 2008-02-20 7:32:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.872 [GMT -5:00]
Running from: C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\1XW32M0N\ComboFix[1].exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))
.

2008-02-19 19:02 . 2008-02-19 19:02 <DIR> d-------- C:\Deckard
2008-02-18 18:42 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\stltjbjfvyed.sys
2008-02-18 18:22 . 2008-02-18 23:40 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-18 18:22 . 2008-02-18 18:22 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-18 18:22 . 2008-02-18 18:22 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-18 18:22 . 2008-02-18 18:22 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-18 11:35 . 2008-02-18 11:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-18 11:35 . 2008-02-18 11:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-17 17:16 . 2008-02-17 17:17 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-02-16 15:30 . 2008-02-20 07:18 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-16 15:30 . 2008-02-16 15:30 <DIR> d-------- C:\Documents and Settings\Beth\Application Data\SUPERAntiSpyware.com
2008-02-16 15:30 . 2008-02-16 15:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-16 15:29 . 2008-02-16 15:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-16 10:53 . 2008-02-16 10:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-15 18:47 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-02-15 18:47 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-02-14 18:20 . 2008-02-14 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2008-02-08 13:00 . 2008-02-11 17:27 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\AVG7
2008-02-07 06:37 . 2008-02-20 07:11 <DIR> d-------- C:\Documents and Settings\Beth\Application Data\AVG7
2008-02-07 06:36 . 2008-02-07 06:36 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-07 06:35 . 2008-02-07 06:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-07 06:35 . 2008-02-20 07:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-27 10:02 . 2008-01-27 10:02 <DIR> d-------- C:\Program Files\Dr Daisy Pet Vet
2008-01-22 19:23 . 2008-01-22 19:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\pixelStorm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 12:29 --------- d-----w C:\Program Files\BPK
2008-02-19 04:02 --------- d-----w C:\Program Files\Google
2008-02-18 16:35 --------- d-----w C:\Documents and Settings\Beth\Application Data\Apple Computer
2008-02-14 11:32 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-11 00:48 --------- d-----w C:\Documents and Settings\Beth\Application Data\LimeWire
2008-01-27 15:04 --------- d-----w C:\Documents and Settings\Beth\Application Data\PlayFirst
2008-01-27 15:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-01-27 15:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-26 16:20 --------- d-----w C:\Program Files\MSN Games
2008-01-26 16:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-21 18:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-12-30 21:55 --------- d-----w C:\Program Files\LimeWire
2007-12-30 21:54 --------- d-----w C:\Program Files\Java
2007-12-30 21:52 --------- d-----w C:\Program Files\Common Files\Java
2007-12-30 18:44 --------- d-----w C:\Documents and Settings\Guest\Application Data\CafeMomToolbar
2007-12-27 23:51 --------- d-----w C:\Program Files\MyDSC2
2007-12-27 23:51 --------- d-----w C:\Program Files\JL2005D
2007-12-27 23:51 --------- d-----w C:\Program Files\JL2005C
2007-12-25 17:58 --------- d-----w C:\Program Files\QuickTime
2007-12-25 17:58 --------- d-----w C:\Program Files\iTunes
2007-12-25 17:58 --------- d-----w C:\Program Files\iPod
2007-12-25 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-25 17:57 --------- d-----w C:\Program Files\Common Files\Apple
2007-12-25 17:57 --------- d-----w C:\Program Files\Apple Software Update
2007-12-25 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-30 20:39 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-07 09:24 579072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"bpk"="C:\Program Files\BPK\bpk.exe" [2001-01-12 12:24 434176]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 02:33 8720384]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-07 06:36 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 00:56 53760 C:\WINDOWS\system32\narrator.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Configuration Utility HW.15.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.15.lnk
backup=C:\WINDOWS\pss\Wireless Configuration Utility HW.15.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Beth^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Beth\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2002-10-15 17:00 1818624 C:\WINDOWS\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 12:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-12-07 02:33 8720384 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
--a------ 2007-10-29 22:04 451896 C:\Program Files\Pure Networks\Network Magic\nmapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
--a------ 2007-10-01 20:08 451896 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-12-30 20:39 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"nmservice"=2 (0x2)
"nmraapache"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

S3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);C:\WINDOWS\system32\drivers\ES1370MP.sys [2002-08-05 11:17]
S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys [2007-02-14 20:03]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-19 00:00:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 07:33:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-20 7:34:31
.
2008-02-14 08:08:37 --- E O F ---





Hijack this log
ComboFix 08-02-20.2 - Beth 2008-02-20 7:32:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.872 [GMT -5:00]
Running from: C:\Documents and Settings\Beth\Local Settings\Temporary Internet Files\Content.IE5\1XW32M0N\ComboFix[1].exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))
.

2008-02-19 19:02 . 2008-02-19 19:02 <DIR> d-------- C:\Deckard
2008-02-18 18:42 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\stltjbjfvyed.sys
2008-02-18 18:22 . 2008-02-18 23:40 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-18 18:22 . 2008-02-18 18:22 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-18 18:22 . 2008-02-18 18:22 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-18 18:22 . 2008-02-18 18:22 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-18 11:35 . 2008-02-18 11:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-18 11:35 . 2008-02-18 11:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-17 17:16 . 2008-02-17 17:17 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-02-16 15:30 . 2008-02-20 07:18 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-16 15:30 . 2008-02-16 15:30 <DIR> d-------- C:\Documents and Settings\Beth\Application Data\SUPERAntiSpyware.com
2008-02-16 15:30 . 2008-02-16 15:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-16 15:29 . 2008-02-16 15:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-16 10:53 . 2008-02-16 10:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-15 18:47 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-02-15 18:47 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-02-14 18:20 . 2008-02-14 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2008-02-08 13:00 . 2008-02-11 17:27 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\AVG7
2008-02-07 06:37 . 2008-02-20 07:11 <DIR> d-------- C:\Documents and Settings\Beth\Application Data\AVG7
2008-02-07 06:36 . 2008-02-07 06:36 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-07 06:35 . 2008-02-07 06:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-07 06:35 . 2008-02-20 07:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-27 10:02 . 2008-01-27 10:02 <DIR> d-------- C:\Program Files\Dr Daisy Pet Vet
2008-01-22 19:23 . 2008-01-22 19:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\pixelStorm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 12:29 --------- d-----w C:\Program Files\BPK
2008-02-19 04:02 --------- d-----w C:\Program Files\Google
2008-02-18 16:35 --------- d-----w C:\Documents and Settings\Beth\Application Data\Apple Computer
2008-02-14 11:32 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-11 00:48 --------- d-----w C:\Documents and Settings\Beth\Application Data\LimeWire
2008-01-27 15:04 --------- d-----w C:\Documents and Settings\Beth\Application Data\PlayFirst
2008-01-27 15:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-01-27 15:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-26 16:20 --------- d-----w C:\Program Files\MSN Games
2008-01-26 16:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-21 18:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-12-30 21:55 --------- d-----w C:\Program Files\LimeWire
2007-12-30 21:54 --------- d-----w C:\Program Files\Java
2007-12-30 21:52 --------- d-----w C:\Program Files\Common Files\Java
2007-12-30 18:44 --------- d-----w C:\Documents and Settings\Guest\Application Data\CafeMomToolbar
2007-12-27 23:51 --------- d-----w C:\Program Files\MyDSC2
2007-12-27 23:51 --------- d-----w C:\Program Files\JL2005D
2007-12-27 23:51 --------- d-----w C:\Program Files\JL2005C
2007-12-25 17:58 --------- d-----w C:\Program Files\QuickTime
2007-12-25 17:58 --------- d-----w C:\Program Files\iTunes
2007-12-25 17:58 --------- d-----w C:\Program Files\iPod
2007-12-25 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-25 17:57 --------- d-----w C:\Program Files\Common Files\Apple
2007-12-25 17:57 --------- d-----w C:\Program Files\Apple Software Update
2007-12-25 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-30 20:39 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-07 09:24 579072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"bpk"="C:\Program Files\BPK\bpk.exe" [2001-01-12 12:24 434176]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 02:33 8720384]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-07 06:36 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 00:56 53760 C:\WINDOWS\system32\narrator.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Configuration Utility HW.15.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.15.lnk
backup=C:\WINDOWS\pss\Wireless Configuration Utility HW.15.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Beth^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Beth\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2002-10-15 17:00 1818624 C:\WINDOWS\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 12:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-12-07 02:33 8720384 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
--a------ 2007-10-29 22:04 451896 C:\Program Files\Pure Networks\Network Magic\nmapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
--a------ 2007-10-01 20:08 451896 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-12-30 20:39 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"nmservice"=2 (0x2)
"nmraapache"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

S3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);C:\WINDOWS\system32\drivers\ES1370MP.sys [2002-08-05 11:17]
S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys [2007-02-14 20:03]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-19 00:00:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 07:33:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-20 7:34:31
.
2008-02-14 08:08:37 --- E O F ---

Edited by shealyb, 20 February 2008 - 06:40 AM.

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looking OK now - so we will now give your system a spring clean and see what the result of that is

Prefetch is clickable for more information

Click start then run, type prefetch then press enter, click edit then select all, (all files will highlight), right click any file, click delete, confirm

Click start then all programmes, accessories, system tools to run disc clean up

Reboot

Download, install and run
Tuneup Utilities 2008

Select Free up disk space


Select Unneccesary files and backups then clean

Select Maintain Windows

Run Drive Defrag

Run Tune Up registry clean up

Then run Reg Defrag, the screen will lose colour during the process which can take a few minutes and then needs a reboot

Those will have cleared the drive of obsolete software errors

These are suggestions for making the most of the free trial

Select Increase performance

Run the internet Optimiser to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.

After the reboot, click Increase performance then system optimizer to run system advisor


If you could now let me know how your computer is running
  • 0

#7
shealyb

shealyb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
hello,
It kind of seems a little better. Still have to press control/alt/delete to get to one page if another is open.Only sometimes. It hasn't froze up yet.
So far so good.
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You still have traces of the keylogger do you wish to keep it ?

Also when it slows could you open task manager and see which process is using the most CPU / memory
  • 0

#9
shealyb

shealyb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
no, I was aware we were going to remove it. Actually I though I did.

The programs that are using the most cpu is iexplore.exe and explorer.exe
the problem usually happens when I start internet explorer.
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm your start up looks pretty lean but most of them are updating programmes and are not required for start up

Lets try this

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [bpk] C:\Program Files\BPK\bpk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot

Let me know how that goes and if it makes a difference
  • 0

#11
shealyb

shealyb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Everything is a+++++++++++
Thank you so very much. Totally awsome, I been putting up with that problem for 2 months.
Thank Thank Thank YOU!!
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP