Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

computer is badly infected and running at about 20% [RESOLVED]


  • This topic is locked This topic is locked

#1
atlus

atlus

    Member

  • Member
  • PipPip
  • 42 posts
Hi .. heard great things about this site
1st time poster .. my computer is so badly infected (courtesy of my kids) that I was unable to install and run HJT given I was missing the MSVBVM60.dll file - finally I got that reinstalled so that I could run HJT - I ahve run and copoied a scan for anyone who might beable to give me some direction

thanking you in advance

atlus (Brian)



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:58 AM, on 12/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\GameSpot\DownloadManager_Win32.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\kktools\userdump.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TOSHIBA\gigabeat room 3.0\TosGbWatcher.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\GameSpot\GDM_TrayApp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TosGbWatcher] "C:\Program Files\TOSHIBA\gigabeat room 3.0\TosGbWatcher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.browserga...om/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.browserga...om/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.co...laxoInstall.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=48835
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonu...key/ITCDKey.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094579958468
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v8.cab
O16 - DPF: {6E2D6932-3885-4FA2-8DD4-DB63FFE33797} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkCnv.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1133360368031
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://vpn.rbc.com/.../WhlCompMgr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://vpn.rbc.com/...m0/ra/msrdp.cab
O16 - DPF: {935429C3-0AD6-4570-AC55-B55D600C2B60} - http://slimthug.mixm...lugin/Setup.exe
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimd...lidstateion.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://interactiveb...bex/ieatgpc.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O22 - SharedTaskScheduler: auras - {f0d4f88e-e1f8-460f-a41c-6cfb7f73af79} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://storage.msn.c...BXUyLvCggasz2pQ
O24 - Desktop Component 1: (no name) - http://65.54.175.250...1c3c2f3b2042c06

--
End of file - 13883 bytes
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello atlus

Welcome to G2Go. :)
=====================

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
atlus

atlus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
as per your request .. here is the new copy of my scan

thanks for your help - greatly appreciated

Deckard's System Scanner v20071014.68
Run by Brian on 2008-07-12 11:42:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
17: 2008-07-12 15:43:23 UTC - RP1288 - Deckard's System Scanner Restore Point
16: 2008-07-11 14:37:05 UTC - RP1287 - Software Distribution Service 3.0
15: 2008-07-11 01:08:08 UTC - RP1286 - Microsoft OneCare Protection Checkpoint
14: 2008-07-10 21:48:47 UTC - RP1285 - Microsoft OneCare Protection Checkpoint
13: 2008-06-04 04:06:25 UTC - RP1284 - Microsoft OneCare Protection Checkpoint


-- First Restore Point --
1: 2008-05-20 07:01:48 UTC - RP1272 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 76% (more than 75%).
Total Physical Memory: 448 MiB (512 MiB recommended).
System Drive C: has 1.26 GiB (less than 15%) free.


-- HijackThis (run as Brian.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:45 AM, on 12/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\GameSpot\DownloadManager_Win32.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\kktools\userdump.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TOSHIBA\gigabeat room 3.0\TosGbWatcher.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\GameSpot\GDM_TrayApp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Brian\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Brian.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TosGbWatcher] "C:\Program Files\TOSHIBA\gigabeat room 3.0\TosGbWatcher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.browserga...om/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.browserga...om/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.co...laxoInstall.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=48835
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonu...key/ITCDKey.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094579958468
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v8.cab
O16 - DPF: {6E2D6932-3885-4FA2-8DD4-DB63FFE33797} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkCnv.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1133360368031
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://vpn.rbc.com/.../WhlCompMgr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://vpn.rbc.com/...m0/ra/msrdp.cab
O16 - DPF: {935429C3-0AD6-4570-AC55-B55D600C2B60} - http://slimthug.mixm...lugin/Setup.exe
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimd...lidstateion.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://interactiveb...bex/ieatgpc.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O22 - SharedTaskScheduler: auras - {f0d4f88e-e1f8-460f-a41c-6cfb7f73af79} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://storage.msn.c...BXUyLvCggasz2pQ
O24 - Desktop Component 1: (no name) - http://65.54.175.250...1c3c2f3b2042c06

--
End of file - 13922 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 cbidf - c:\windows\system32\drivers\cbidf2k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 dac2w2k - c:\windows\system32\drivers\dac2w2k.sys <Not Verified; Mylex Corporation; Mylex Disk Array Controller Driver>
R0 Spssys (Toshiba SPS Service) - c:\windows\system32\drivers\spssys.sys <Not Verified; Toshiba Corporation; spssys>
R1 NetworkX - c:\windows\system32\ckldrv.sys
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys
R3 DumaNT - c:\windows\system32\drivers\dumant.sys <Not Verified; Windows ® 2000 DDK provider; Stereo Helper Driver>
R3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSFHWBS2 - c:\windows\system32\drivers\hsfhwbs2.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 SunkFilt39 (Alcor Micro Corp - 3239) - c:\windows\system32\drivers\sunkfilt39.sys <Not Verified; Alcor Micro Corp.; SunkFilt39>
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

S2 KXCVPGON - c:\windows\system32\kxcvpgon.dyf (file missing)
S2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys (file missing)
S3 cdrmkaun - c:\docume~1\brian\locals~1\temp\cdrmkaun.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 mxnic (Macronix MX987xx Family Fast Ethernet NT Driver) - c:\windows\system32\drivers\mxnic.sys <Not Verified; Macronix International Co., Ltd.; Macronix MX987xx Family Fast Ethernet Adapter>
S3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt92>
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S3 XDva016 - c:\windows\system32\xdva016.sys (file missing)
S3 XDva020 - c:\windows\system32\xdva020.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Crypkey License - crypserv.exe
R2 DNADownloader - c:\program files\gamespot\downloadmanager_win32.exe <Not Verified; CNET Networks; GameSpot Download Manager>

S3 LiveUpdate - "c:\progra~1\symantec\liveup~1\lucoms~1.exe" (file missing)
S3 usprserv (User Privilege Service) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 Automatic LiveUpdate Scheduler - "c:\program files\symantec\liveupdate\aluschedulersvc.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0064&SUBSYS_904D1509&REV_A2\3&13C0B0C5&0&09
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0064&SUBSYS_904D1509&REV_A2\3&13C0B0C5&0&09
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-05-20 12:31:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-12 and 2008-07-12 -----------------------------

2008-07-12 10:17:02 0 d-------- C:\WINDOWS\LastGood


-- Find3M Report ---------------------------------------------------------------

2008-07-12 11:47:55 0 d-------- C:\Documents and Settings\Brian\Application Data\DNA
2008-06-02 21:08:26 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-05-20 03:02:07 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-13 19:39:34 0 d-------- C:\Program Files\World of Warcraft


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/12/2005 04:06 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [07/07/2006 07:15 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/10/2006 08:58 AM]
"TosGbWatcher"="C:\Program Files\TOSHIBA\gigabeat room 3.0\TosGbWatcher.exe" [07/11/2005 04:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [11/12/2007 11:56 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/12/2007 01:10 PM]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [21/04/2008 10:23 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 03:56 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [16/06/2007 09:29 PM]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [05/03/2007 05:57 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 09:05 PM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [07/05/2008 07:01 PM]

C:\Documents and Settings\Brian\Start Menu\Programs\Startup\
GameSpot Download Manager.lnk - C:\Program Files\GameSpot\GDM_TrayApp.exe [10/07/2007 2:17:16 AM]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [24/08/2007 4:45:42 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 10:05:26 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [27/07/2007 7:12:19 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [21/01/2000 4:15:54 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Brian^Start Menu^Programs^Startup^Check for ContinuumClient Updates.lnk]
path=C:\Documents and Settings\Brian\Start Menu\Programs\Startup\Check for ContinuumClient Updates.lnk
backup=C:\WINDOWS\pss\Check for ContinuumClient Updates.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Brian^Start Menu^Programs^Startup^Check for TWS Updates.lnk]
path=C:\Documents and Settings\Brian\Start Menu\Programs\Startup\Check for TWS Updates.lnk
backup=C:\WINDOWS\pss\Check for TWS Updates.lnkStartup
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX5400]
"C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX5400 (Copy 1)]
"C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" /P28 "EPSON Stylus CX5400 (Copy 1)" /O6 "USB001" /M "Stylus CX5400"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX6600 Series]
"C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE" /P26 "EPSON Stylus CX6600 Series" /O6 "USB002" /M "Stylus CX6600"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"C:\Program Files\Ahead\InCD\InCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
"C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\mnyexpr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
"C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"nwiz.exe" /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpWasher]
"C:\Program Files\Webroot\PopUpWasher\PopUpWasher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\valve\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
"C:\Program Files\eMachines Bay Reader\shwiconem.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\taskdir]
C:\WINDOWS\system32\taskdir.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosGbWatcher]
"C:\Program Files\TOSHIBA\gigabeat room 3.0\TosGbWatcher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
"C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
"C:\Program Files\Webroot\Washer\wwDisp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide




-- End of Deckard's System Scanner: finished at 2008-07-12 11:56:02 ------------

Deckard's System Scanner v20071014.68
Run by Brian on 2008-07-12 11:42:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
17: 2008-07-12 15:43:23 UTC - RP1288 - Deckard's System Scanner Restore Point
16: 2008-07-11 14:37:05 UTC - RP1287 - Software Distribution Service 3.0
15: 2008-07-11 01:08:08 UTC - RP1286 - Microsoft OneCare Protection Checkpoint
14: 2008-07-10 21:48:47 UTC - RP1285 - Microsoft OneCare Protection Checkpoint
13: 2008-06-04 04:06:25 UTC - RP1284 - Microsoft OneCare Protection Checkpoint


-- First Restore Point --
1: 2008-05-20 07:01:48 UTC - RP1272 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 76% (more than 75%).
Total Physical Memory: 448 MiB (512 MiB recommended).
System Drive C: has 1.26 GiB (less than 15%) free.


-- HijackThis (run as Brian.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:45 AM, on 12/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\GameSpot\DownloadManager_Win32.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\kktools\userdump.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TOSHIBA\gigabeat room 3.0\TosGbWatcher.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\GameSpot\GDM_TrayApp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Brian\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Brian.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TosGbWatcher] "C:\Program Files\TOSHIBA\gigabeat room 3.0\TosGbWatcher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.browserga...om/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.browserga...om/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.co...laxoInstall.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=48835
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonu...key/ITCDKey.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094579958468
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v8.cab
O16 - DPF: {6E2D6932-3885-4FA2-8DD4-DB63FFE33797} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkCnv.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1133360368031
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://vpn.rbc.com/.../WhlCompMgr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://vpn.rbc.com/...m0/ra/msrdp.cab
O16 - DPF: {935429C3-0AD6-4570-AC55-B55D600C2B60} - http://slimthug.mixm...lugin/Setup.exe
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimd...lidstateion.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://interactiveb...bex/ieatgpc.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O22 - SharedTaskScheduler: auras - {f0d4f88e-e1f8-460f-a41c-6cfb7f73af79} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://storage.msn.c...BXUyLvCggasz2pQ
O24 - Desktop Component 1: (no name) - http://65.54.175.250...1c3c2f3b2042c06

--
End of file - 13922 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 cbidf - c:\windows\system32\drivers\cbidf2k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R0 dac2w2k - c:\windows\system32\drivers\dac2w2k.sys <Not Verified; Mylex Corporation; Mylex Disk Array Controller Driver>
R0 Spssys (Toshiba SPS Service) - c:\windows\system32\drivers\spssys.sys <Not Verified; Toshiba Corporation; spssys>
R1 NetworkX - c:\windows\system32\ckldrv.sys
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys
R3 DumaNT - c:\windows\system32\drivers\dumant.sys <Not Verified; Windows ® 2000 DDK provider; Stereo Helper Driver>
R3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSFHWBS2 - c:\windows\system32\drivers\hsfhwbs2.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 SunkFilt39 (Alcor Micro Corp - 3239) - c:\windows\system32\drivers\sunkfilt39.sys <Not Verified; Alcor Micro Corp.; SunkFilt39>
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

S2 KXCVPGON - c:\windows\system32\kxcvpgon.dyf (file missing)
S2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys (file missing)
S3 cdrmkaun - c:\docume~1\brian\locals~1\temp\cdrmkaun.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 mxnic (Macronix MX987xx Family Fast Ethernet NT Driver) - c:\windows\system32\drivers\mxnic.sys <Not Verified; Macronix International Co., Ltd.; Macronix MX987xx Family Fast Ethernet Adapter>
S3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt92>
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S3 XDva016 - c:\windows\system32\xdva016.sys (file missing)
S3 XDva020 - c:\windows\system32\xdva020.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
  • 0

#5
atlus

atlus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
As per your request here is the Malware scan ... it says I have successfully removed everything

thanks Kahdah for your help - I greatly appreciate it - please let me know if there is anything else you see that needs removing


atlus (Brian)

:)


Malwarebytes' Anti-Malware 1.20
Database version: 944
Windows 5.1.2600 Service Pack 2

8:46:43 AM 13/07/2008
mbam-log-7-13-2008 (08-46-43).txt

Scan type: Quick Scan
Objects scanned: 56143
Time elapsed: 19 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 20
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e94eb13e-d78f-0857-7734-5e67a49ffff1} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\antispykit 5.3 (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\antispykit 5.3.exe (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{f0d4f88e-e1f8-460f-a41c-6cfb7f73af79} (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\WinSpyKiller (Rogue.WinSpyKiller) -> Quarantined and deleted successfully.
C:\Program Files\MyWay (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\History (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Settings (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brian\Start Menu\Programs\AntiSpyKit 5.3 (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jasmine\Start Menu\Programs\VirusHeat 4.3 (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brian\Start Menu\Programs\AntiSpywareShield (Rogue.AntiSpywareShield) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UADC_0001_D10M0210.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\WinSpyKiller\WinSpyKiller.lic (Rogue.WinSpyKiller) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\History\search (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Settings\prevcfg.htm (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brian\Start Menu\Programs\AntiSpyKit 5.3\AntiSpyKit 5.3.lnk (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brian\Start Menu\Programs\AntiSpyKit 5.3\Uninstall AntiSpyKit 5.3.lnk (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jasmine\Start Menu\Programs\VirusHeat 4.3\Uninstall VirusHeat 4.3.lnk (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jasmine\Start Menu\Programs\VirusHeat 4.3\VirusHeat 4.3 Website.lnk (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brian\Start Menu\Programs\AntiSpywareShield\Uninstall.lnk (Rogue.AntiSpywareShield) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\filekiller.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brian\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpyKit 5.3.lnk (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jasmine\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm
  • 0

#7
atlus

atlus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Hi Kahdah ...attached is the SmitfraudFix report ....

when opening a web page the computer is STILL incredibly slow .. to launch my home page it takes over a minute .. I think there is still something slowing my computers performance greatly.

Also .. when I get updated via email that you have repsonded to me through Geeks to GO, I CANNOT open the link which takes me back to this thread. I am UNABLE to open any links that come to me through my email .. I have to copy the link and paste it into a new web page - and again .. it takes as much as 2 minutes to open the page

thanks again for any direction






SmitFraudFix v2.329

Scan done at 9:44:08.02, 13/07/2008
Run from C:\Documents and Settings\Brian\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\kktools\userdump.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Brian


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Brian\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Brian\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://storage.msn.c...LXY5uwAI9GCgQpH
NsqmdiBXUyLvCggasz2pQ"
"SubscribedURL"="http://storage.msn.c...LXY5uwAI9GCgQpH
NsqmdiBXUyLvCggasz2pQ"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="http://65.54.175.250...c3c2f3b2042c06"
"SubscribedURL"="http://65.54.175.250...c3c2f3b2042c06"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"system"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce MCP Networking Controller
DNS Server Search Order: 24.226.1.93
DNS Server Search Order: 24.226.10.193
DNS Server Search Order: 24.226.10.194

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5992070F-BD62-4957-B2FD-DB7C3206F4F5}: DhcpNameServer=24.226.1.93 24.226.10.193 24.226.10.194
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5992070F-BD62-4957-B2FD-DB7C3206F4F5}: DhcpNameServer=24.226.10.193 24.226.1.93 24.226.10.194
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5992070F-BD62-4957-B2FD-DB7C3206F4F5}: DhcpNameServer=24.226.1.93 24.226.10.193 24.226.10.194
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.226.1.93 24.226.10.193 24.226.10.194
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.226.10.193 24.226.1.93 24.226.10.194
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.226.1.93 24.226.10.193 24.226.10.194


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#9
atlus

atlus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Hi kahdah - the Kaspersky was very difficult for me to install on my computer due to a conflict with Java - I think I took care of that problem and finally ran a VERY lengthy scan using Kaspersky. Below od the latest results of the scan . There are a LOT of viruses in my computer - please see the attached

Thanks as always in advance

atlus(brian)


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR...224/loose.dtd">

<html>
<head>
<title>KASPERSKY ONLINE SCANNER 7 REPORT</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>
<style type='text/css'>
.pagetitle { font-size:20px; color:#FFFFFF; font-family: Arial, Geneva, sans-serif; }
.text { font-size:11px; font-family: Arial, Geneva, sans-serif; }
TD { font-size:11px; font-family: Arial, Geneva, sans-serif; }
</style>

</head>

<body>
<table width='100%' border='0'>
<tr align='center' bgcolor='#005447'>
<td colspan='2' height='30px' class='pagetitle'>
<b>KASPERSKY ONLINE SCANNER 7 REPORT</b>
</td>
</tr>
<tr>
<td colspan='2' height='70px'>
Sunday, July 13, 2008<br>
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)<br>
Kaspersky Online Scanner 7 version: 7.0.25.0<br>
Program database last update: Sunday, July 13, 2008 16:21:04<br>
Records in database: 949010<br>
</td>
</tr>
<tr>
<td colspan='2' height='10px'>
</td>
</tr>
</table>
<table width='100%' border='0'>
<tr bgcolor='#EFEBDE'>
<td colspan='2' height='20px'><b>Scan settings</b></td>
</tr>
<tr>
<td height='15px' width='250px'>Scan using the following database</td>
<td>extended</td>
</tr>
<tr>
<td height='15px'>Scan archives</td>
<td>yes</td>
</tr>
<tr>
<td height='15px'>Scan mail databases</td>
<td>yes</td>
</tr>
<tr>
<td colspan='2' height='10px'>
</td>
</tr>
<tr bgcolor='#EFEBDE'>
<td height='20px'><b>Scan area</b></td>
<td>My Computer</td>
</tr>
<tr>
<td colspan='2' height='20px'>
C:\<br>
D:\<br>
E:\<br>
F:\<br>
H:\<br>
I:\<br>
J:\
</td>
</tr>
<tr>
<td colspan='2' height='10px'>
</td>
</tr>
<tr bgcolor='#EFEBDE'>
<td colspan='2' height='20px'><b>Scan statistics</b></td>
</tr>
<tr>
<td height='15px'>Files scanned</td>
<td>220970</td>
</tr>
<tr>
<td height='15px'>Threat name</td>
<td>21</td>
</tr>
<tr>
<td height='15px'>Infected objects</td>
<td>49</td>
</tr>
<tr>
<td height='15px'>Suspicious objects</td>
<td>41</td>
</tr>
<tr>
<td height='15px'>Duration of the scan</td>
<td>04:41:52</td>
</tr>
</table>
<br>
<table width='100%%' border="0">

<tr bgcolor='#EFEBDE'><td height='20px'><b>File name</b></td>
<td width='200px'><b>Threat name</b></td>
<td width='100px'><b>Threats count</b></td>
</tr>
<tr><td height='20px'>C:\Deckard\System Scanner\backup\DOCUME~1\Brian\LOCALS~1\Temp\ICD1.tmp\UADC_0001_D10M0210.exe</td><td>Infected: not-a-virus:Downloader.Win32.AdvancedCleaner.c</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Deckard\System Scanner\backup\DOCUME~1\Brian\LOCALS~1\Temp\ICD2.tmp\UADC_0001_D10M0210.exe</td><td>Infected: not-a-virus:Downloader.Win32.AdvancedCleaner.c</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\UADC_0001_D10M0210.exe</td><td>Infected: not-a-virus:Downloader.Win32.AdvancedCleaner.c</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Deckard\System Scanner\backup\WINDOWS\temp\TMP0000000165671E03510114F2</td><td>Infected: Trojan-Downloader.Win32.Zlob.lps</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Deckard\System Scanner\backup\WINDOWS\temp\TMP00000001BC56A0F770C78DB4</td><td>Infected: Trojan-Downloader.Win32.Zlob.lps</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Deckard\System Scanner\backup\WINDOWS\temp\TMP000000FE4022741F6C15DE11</td><td>Infected: Trojan-Downloader.Win32.Zlob.lps</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Deckard\System Scanner\backup\WINDOWS\temp\TMP000000FFB4F8F2C2948AF384</td><td>Infected: Trojan-Downloader.Win32.Zlob.lps</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Deckard\System Scanner\backup\WINDOWS\temp\TMP0000013FB4A6DAD59F1CE513</td><td>Infected: Trojan-Downloader.Win32.Zlob.lps</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Deckard\System Scanner\backup\WINDOWS\temp\TMP000001404A41ED49776FB0A1</td><td>Infected: Trojan-Downloader.Win32.Zlob.lps</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Deckard\System Scanner\backup\WINDOWS\temp\TMP00000140D1605FC9E9F49A18</td><td>Infected: Trojan-Downloader.Win32.Zlob.lps</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\35\2f0a2a3-4304fede</td><td>Infected: Exploit.Java.ByteVerify</td><td>2</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\35\2f0a2a3-4304fede</td><td>Infected: Trojan-Downloader.Java.OpenConnection.aa</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\43\246caceb-57417d50</td><td>Infected: Trojan.Java.ClassLoader.ao</td><td>3</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\44\6f7fca2c-585f1c7d</td><td>Infected: Trojan.Java.ClassLoader.ap</td><td>3</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\55\ee685f7-18fffe46</td><td>Infected: Trojan-Downloader.Java.OpenConnection.aj</td><td>2</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\55\ee685f7-18fffe46</td><td>Infected: Exploit.Java.ByteVerify</td><td>2</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\58\57fba77a-1122c043</td><td>Infected: Trojan-Downloader.Java.OpenStream.c</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\58\57fba77a-1122c043</td><td>Infected: Trojan.Java.ClassLoader.h</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\58\57fba77a-1122c043</td><td>Infected: Trojan.Java.ClassLoader.d</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Desktop\SmitfraudFix\Reboot.exe</td><td>Infected: not-a-virus:RiskTool.Win32.Reboot.f</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Desktop\SmitfraudFix\SmitfraudFix.exe</td><td>Infected: not-a-virus:RiskTool.Win32.Reboot.f</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Incomplete\CORRUPT-0-lil wayne tie my hands.mp3</td><td>Infected: Trojan-Downloader.WMA.Wimad.n</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Local Settings\Application Data\Identities\{83336FEA-ECA8-4FFC-9B9D-EA0E97685FCA}\Microsoft\Outlook Express\Deleted Items.bak</td><td>Infected: Trojan-Spy.HTML.Bankfraud.ra</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Local Settings\Application Data\Identities\{83336FEA-ECA8-4FFC-9B9D-EA0E97685FCA}\Microsoft\Outlook Express\Deleted Items.bak</td><td>Infected: Trojan-Spy.HTML.Bankfraud.ri</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Local Settings\Application Data\Identities\{83336FEA-ECA8-4FFC-9B9D-EA0E97685FCA}\Microsoft\Outlook Express\Deleted Items.bak</td><td>Suspicious: Email-Worm.Win32.Bagle.mail</td><td>2</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Local Settings\Application Data\Identities\{83336FEA-ECA8-4FFC-9B9D-EA0E97685FCA}\Microsoft\Outlook Express\Deleted Items.bak</td><td>Infected: Email-Worm.Win32.Bagle.gen</td><td>2</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Local Settings\Application Data\Identities\{83336FEA-ECA8-4FFC-9B9D-EA0E97685FCA}\Microsoft\Outlook Express\Deleted Items.bak</td><td>Suspicious: Trojan-Spy.HTML.Fraud.gen</td><td>9</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Local Settings\Application Data\Identities\{83336FEA-ECA8-4FFC-9B9D-EA0E97685FCA}\Microsoft\Outlook Express\Deleted Items.dbx</td><td>Infected: Trojan-Spy.HTML.Bankfraud.ra</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Local Settings\Application Data\Identities\{83336FEA-ECA8-4FFC-9B9D-EA0E97685FCA}\Microsoft\Outlook Express\Deleted Items.dbx</td><td>Infected: Trojan-Spy.HTML.Bankfraud.ri</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Local Settings\Application Data\Identities\{83336FEA-ECA8-4FFC-9B9D-EA0E97685FCA}\Microsoft\Outlook Express\Deleted Items.dbx</td><td>Suspicious: Email-Worm.Win32.Bagle.mail</td><td>2</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Local Settings\Application Data\Identities\{83336FEA-ECA8-4FFC-9B9D-EA0E97685FCA}\Microsoft\Outlook Express\Deleted Items.dbx</td><td>Infected: Email-Worm.Win32.Bagle.gen</td><td>2</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Local Settings\Application Data\Identities\{83336FEA-ECA8-4FFC-9B9D-EA0E97685FCA}\Microsoft\Outlook Express\Deleted Items.dbx</td><td>Suspicious: Trojan-Spy.HTML.Fraud.gen</td><td>14</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Local Settings\Application Data\Identities\{83336FEA-ECA8-4FFC-9B9D-EA0E97685FCA}\Microsoft\Outlook Express\Deleted Items.dbx</td><td>Infected: Trojan-Spy.HTML.Paylap.bg</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\067626D1-00001148.eml</td><td>Suspicious: Trojan-Spy.HTML.Fraud.gen</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\23EF2F85-000009D3.eml</td><td>Suspicious: Trojan-Spy.HTML.Fraud.gen</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\27432DBF-000000D3.eml</td><td>Infected: Trojan-Spy.HTML.Bankfraud.ra</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\27432DBF-000000D3.eml</td><td>Infected: Trojan-Spy.HTML.Bankfraud.ri</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\2E480420-000009F5.eml</td><td>Suspicious: Trojan-Spy.HTML.Fraud.gen</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\30D6736E-0000119C.eml</td><td>Suspicious: Trojan-Spy.HTML.Fraud.gen</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\31F22F5E-00000AB8.eml</td><td>Suspicious: Trojan-Spy.HTML.Fraud.gen</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\366E12A6-00000A6E.eml</td><td>Suspicious: Trojan-Spy.HTML.Fraud.gen</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\3D091FAF-0000093D.eml</td><td>Suspicious: Trojan-Spy.HTML.Fraud.gen</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\42383278-00001387.eml</td><td>Suspicious: Trojan-Spy.HTML.Fraud.gen</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\500F3FA3-0000095B.eml</td><td>Suspicious: Trojan-Spy.HTML.Fraud.gen</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\71D8588A-00000A07.eml</td><td>Suspicious: Trojan-Spy.HTML.Fraud.gen</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\738E7B6F-000013A3.eml</td><td>Suspicious: Trojan-Spy.HTML.Fraud.gen</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\73C11D72-0000130A.eml</td><td>Suspicious: Trojan-Spy.HTML.Fraud.gen</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\7637068E-00000CCA.eml</td><td>Infected: Trojan-Spy.HTML.Paylap.bg</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\77CD664A-000008C3.eml</td><td>Suspicious: Trojan-Spy.HTML.Fraud.gen</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\796C6054-0000090F.eml</td><td>Suspicious: Trojan-Spy.HTML.Fraud.gen</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Shared\02 Track 2 (monkeyhouse).wma</td><td>Infected: Trojan-Downloader.WMA.Wimad.k</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Shared\cannon instrumental.mp3</td><td>Infected: Trojan-Downloader.WMA.Wimad.n</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Shared\getting money lil wayne.mp3</td><td>Infected: Trojan-Downloader.WMA.Wimad.n</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Shared\LIL WAYNE FT JAY Z ECHO.mp3</td><td>Infected: Trojan-Downloader.WMA.Wimad.n</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Shared\lollipop by lil wayne.mp3</td><td>Infected: Trojan-Downloader.WMA.Wimad.n</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Shared\oh what you said.wm</td><td>Infected: Trojan-Downloader.WMA.Wimad.m</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Brian\Shared\stuntin like my daddy rock ver.mp3</td><td>Infected: Trojan-Downloader.WMA.Wimad.n</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Program Files\Smart Panel\Guide\Documents and Settings\Brian\Application Data\Macromedia\Flash Player\#SharedObjects\3NEKME84\disney.go.com\disneychannel\lizziemcguire\games\tilestyle\tilestyle.swf\Program Files\Dacris Benchmarks 5.0\DLL\3dtest.dll</td><td>Infected: Backdoor.Win32.Rbot.cif</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td colspan='3' height='20px'><b>
The selected area was scanned.</td></tr></table>
</body>
</html>
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\35\2f0a2a3-4304fede
    C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\43\246caceb-57417d50
    C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\44\6f7fca2c-585f1c7d
    C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\55\ee685f7-18fffe46
    C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\58\57fba77a-1122c043
    C:\Documents and Settings\Brian\Desktop\SmitfraudFix
    C:\Documents and Settings\Brian\Incomplete\CORRUPT-0-lil wayne tie my hands.mp3
    C:\Documents and Settings\Brian\Shared\02 Track 2 (monkeyhouse).wma
    C:\Documents and Settings\Brian\Shared\cannon instrumental.mp3
    C:\Documents and Settings\Brian\Shared\getting money lil wayne.mp3
    C:\Documents and Settings\Brian\Shared\LIL WAYNE FT JAY Z ECHO.mp3
    C:\Documents and Settings\Brian\Shared\lollipop by lil wayne.mp3
    C:\Documents and Settings\Brian\Shared\oh what you said.wm
    C:\Documents and Settings\Brian\Shared\stuntin like my daddy rock ver.mp3
    C:\Program Files\Smart Panel\Guide\Documents and Settings\Brian\Application Data\Macromedia\Flash Player\#SharedObjects\3NEKME84\disney.go.com\disneychannel\lizziemcguire\games\tilestyle\tilestyle.swf\Program Files\Dacris Benchmarks 5.0\DLL\3dtest.dll
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=========================
Let me know how things are running and post the OT MOve it log and a new Hijackthis log.
  • 0

Advertisements


#11
atlus

atlus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
thanks again Kahdah .. here you go with the latest from Moveit

C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\35\2f0a2a3-4304fede moved successfully.
C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\43\246caceb-57417d50 moved successfully.
C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\44\6f7fca2c-585f1c7d moved successfully.
C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\55\ee685f7-18fffe46 moved successfully.
C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\58\57fba77a-1122c043 moved successfully.
C:\Documents and Settings\Brian\Desktop\SmitfraudFix moved successfully.
C:\Documents and Settings\Brian\Incomplete\CORRUPT-0-lil wayne tie my hands.mp3 moved successfully.
C:\Documents and Settings\Brian\Shared\02 Track 2 (monkeyhouse).wma moved successfully.
C:\Documents and Settings\Brian\Shared\cannon instrumental.mp3 moved successfully.
File/Folder C:\Documents and Settings\Brian\Shared\getting money lil wayne.mp3 not found.
C:\Documents and Settings\Brian\Shared\LIL WAYNE FT JAY Z ECHO.mp3 moved successfully.
C:\Documents and Settings\Brian\Shared\lollipop by lil wayne.mp3 moved successfully.
C:\Documents and Settings\Brian\Shared\oh what you said.wm moved successfully.
C:\Documents and Settings\Brian\Shared\stuntin like my daddy rock ver.mp3 moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\Smart Panel\Guide\Documents and Settings\Brian\Application Data\Macromedia\Flash Player\#SharedObjects\3NEKME84\disney.go.com\disneychannel\lizziemcguire\games\tilestyle\tilestyle.swf\Program Files\Dacris Benchmarks 5.0\DLL\3dtest.dll
C:\Program Files\Smart Panel\Guide\Documents and Settings\Brian\Application Data\Macromedia\Flash Player\#SharedObjects\3NEKME84\disney.go.com\disneychannel\lizziemcguire\games\tilestyle\tilestyle.swf\Program Files\Dacris Benchmarks 5.0\DLL\3dtest.dll NOT unregistered.
File move failed. C:\Program Files\Smart Panel\Guide\Documents and Settings\Brian\Application Data\Macromedia\Flash Player\#SharedObjects\3NEKME84\disney.go.com\disneychannel\lizziemcguire\games\tilestyle\tilestyle.swf\Program Files\Dacris Benchmarks 5.0\DLL\3dtest.dll scheduled to be moved on reboot.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07132008_211258

Files moved on Reboot...
DllUnregisterServer procedure not found in C:\Program Files\Smart Panel\Guide\Documents and Settings\Brian\Application Data\Macromedia\Flash Player\#SharedObjects\3NEKME84\disney.go.com\disneychannel\lizziemcguire\games\tilestyle\tilestyle.swf\Program Files\Dacris Benchmarks 5.0\DLL\3dtest.dll
C:\Program Files\Smart Panel\Guide\Documents and Settings\Brian\Application Data\Macromedia\Flash Player\#SharedObjects\3NEKME84\disney.go.com\disneychannel\lizziemcguire\games\tilestyle\tilestyle.swf\Program Files\Dacris Benchmarks 5.0\DLL\3dtest.dll NOT unregistered.
File move failed. C:\Program Files\Smart Panel\Guide\Documents and Settings\Brian\Application Data\Macromedia\Flash Player\#SharedObjects\3NEKME84\disney.go.com\disneychannel\lizziemcguire\games\tilestyle\tilestyle.swf\Program Files\Dacris Benchmarks 5.0\DLL\3dtest.dll scheduled to be moved on reboot.
  • 0

#12
atlus

atlus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
here is my latest HJT scan as well .. internet is still really slow when opening a new browser

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:31:47, on 13/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\kktools\userdump.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.co...laxoInstall.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=48835
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonu...key/ITCDKey.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094579958468
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v8.cab
O16 - DPF: {6E2D6932-3885-4FA2-8DD4-DB63FFE33797} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkCnv.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1133360368031
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://vpn.rbc.com/.../WhlCompMgr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://vpn.rbc.com/...m0/ra/msrdp.cab
O16 - DPF: {935429C3-0AD6-4570-AC55-B55D600C2B60} - http://slimthug.mixm...lugin/Setup.exe
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimd...lidstateion.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://interactiveb...bex/ieatgpc.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://storage.msn.c...BXUyLvCggasz2pQ
O24 - Desktop Component 1: (no name) - http://65.54.175.250...1c3c2f3b2042c06

--
End of file - 11849 bytes




Thanks again
atlus (brian)
  • 0

#13
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
*Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

Then I will need you to show hidden Files \Folders.
To do this:
*Click Start.
*Open My Computer.
*Select the Tools menu and click Folder Options.
*Select the View Tab.
*Under the Hidden files and folders heading select Show hidden files and folders.
*Uncheck the Hide protected operating system files (recommended) option.
*Click Yes to confirm.
*Click OK

After that using Windows Explorer (to get there right-click your Start button and go to "Explore")
Delete this file listed below:

C:\Program Files\Smart Panel\Guide\Documents and Settings\Brian\Application Data\Macromedia\Flash Player\#SharedObjects\3NEKME84\disney.go.com\disneychannel\lizziemcguire\games\tilestyle\tilestyle.swf\Program Files\Dacris Benchmarks 5.0\DLL\3dtest.dll

Then close Windows Explorer.

Now reset your Hidden files\folders to hidden.
To do this:
To reset:*Click Start.
*Open My Computer.
*Select the Tools menu and click Folder Options.
*Select the View Tab.
*Under the Hidden files and folders heading select Do not Show hidden files and folders.
*Check the Hide protected operating system files (recommended) option.
*Click Yes to confirm.
*Click OK
====================
Reboot back into normal mode and let me know if that makes a difference.
  • 0

#14
atlus

atlus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Hey Kahdah

it appears to have helped - the computer is still dragging - but it IS opening much faster than before -

if I have a web page finally open .. if you move your mouse over a link and I CLICK the link .. it can take 1-2 minutes for the new page to open
I THINK there is a problem with my JAVA - it said when I was attempting to download KASPERSKY that "Seaveral java virtual machines running in the same process caused an error"

I went to the help screen provided by Java and the ARE aware of this problem (I am NOT the only one) and they are working on a resolve but as of yesterday none existed. However there are apparently some "work arounds" that users have posted with success and I have tried them to what I think is limited success.
I feel it is Java BECAUSE when I open my main home page (MSN) everything opens rather quickly except for the macromedia flash advertisments .. it seems that THAT is where the computer is getting jamed - when a web page is media rich.
I noticed the file that you had me manually goi and delete and that appeared to be a Macromedia problem as well


if you like I can resend you a cureent HJT log again ... it is BETTER and I truly appreciate your help .. but I know this computer can run faster once we figure out exactly what is holding the performance down - 99% of the problem is when browsing the web



Thanks Kahdah

atlus(Brian)
  • 0

#15
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
That file was malware that is why I had you remove it.
Try this see if you can uninstall Flash and all of java then try browsing.
If you are prompted to install Flash then do so.
Then if all is well try to reinstall Java.

Also what antivirus program are you running?

PLease also post one more dss log.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP