Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Unable to run exe files, Can't download updated HJT [RESOLVED]

Started by rudd815 , Aug 09 2008 10:39 AM

This topic is locked

#16
rudd815

Posted 11 August 2008 - 08:46 AM

Member

Topic Starter
Member
16 posts

Now while running combo-fix, it is looking for the file I named before but it also says it can't find regedit

Deckard's System Scanner v20071014.68
Run by MONIEC on 2008-08-11 07:40:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 6.65 GiB (less than 15%) free.

-- HijackThis (run as MONIEC.exe) ----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-11 07:40:06
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\MSGSYS.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\MONIEC\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O15 - Trusted Zone: https://www.bodoglife.com (HKCU)
O15 - Trusted Zone: https://cgi5.ebay.com (HKCU)
O15 - Trusted Zone: https://superbrokers42.com (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.c...oad/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...t/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.micr...heckControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1152469941828
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics....com/serval.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab41227.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop...irus/PitPav.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/...PA.cab40641.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/...on.cab40641.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 6786 bytes

-- Files created between 2008-07-11 and 2008-08-11 -----------------------------

2008-08-09 13:05:38 0 d-------- C:\327882R2FWJFW
2008-08-09 12:27:08 1238 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-09 09:30:33 0 d-------- C:\Program Files\Trend Micro
2008-08-08 13:11:35 0 d-------- C:\Program Files\Smart Virus Remover
2008-08-08 13:09:13 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-08 13:02:05 0 d-------- C:\VundoFix Backups
2008-08-08 12:50:03 0 d-------- C:\HJT
2008-08-08 10:48:21 0 d-------- C:\bintheredunthat
2008-08-08 10:43:55 0 d-------- C:\BFU
2008-08-06 18:50:04 0 d-------- C:\Documents and Settings\MONIEC\Application Data\Malwarebytes
2008-08-06 18:49:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-06 08:33:11 0 d-------- C:\Documents and Settings\MONIEC\Application Data\TmpRecentIcons
2008-08-01 20:24:32 0 d-------- C:\Program Files\iPod
2008-07-30 21:25:19 0 d-------- C:\Documents and Settings\LocalService\Application Data\DivX
2008-07-26 07:13:14 0 d--h----- C:\WINDOWS\PIF
2008-07-25 23:53:35 0 d-------- C:\Program Files\WinSCP
2008-07-25 21:19:23 0 d-------- C:\Documents and Settings\MONIEC\Application Data\Uniblue
2008-07-25 18:39:27 0 d-------- C:\Utilities
2008-07-24 23:02:25 0 d-------- C:\Program Files\Bonjour
2008-07-24 22:53:17 0 d-------- C:\Program Files\Safari
2008-07-24 21:37:23 169984 --a------ C:\Documents and Settings\MONIEC\ZiPhoneGUI.exe <Not Verified; ; ZiPhoneGUI>
2008-07-24 21:37:23 301568 --a------ C:\Documents and Settings\MONIEC\ziphone.exe <Not Verified; ZiPhone http://www.ziphone.org; ZiPhone>
2008-07-24 21:37:23 0 d-------- C:\Documents and Settings\MONIEC\no
2008-07-24 21:37:23 6166462 --a------ C:\Documents and Settings\MONIEC\Inga.dat
2008-07-24 21:37:23 3356266 --a------ C:\Documents and Settings\MONIEC\igor.dat
2008-07-24 21:37:23 15 --a------ C:\Documents and Settings\MONIEC\I WANT THE Z ICON BACK.bat
2008-07-24 21:37:23 15 --a------ C:\Documents and Settings\MONIEC\ENTER DFU MODE.bat
2008-07-24 21:37:23 0 d-------- C:\Documents and Settings\MONIEC\docs
2008-07-24 21:37:23 9354 --a------ C:\Documents and Settings\MONIEC\dfu.dat
2008-07-24 21:37:23 17 --a------ C:\Documents and Settings\MONIEC\ACTIVATE JAILBREAK IPHONE.bat
2008-07-24 21:37:21 33550336 --a------ C:\Documents and Settings\MONIEC\zibri.dat
2008-07-24 21:37:21 17 --a------ C:\Documents and Settings\MONIEC\UNLOCK ACTIVATE JAILBREAK IPHONE.bat
2008-07-24 21:37:21 311296 --a------ C:\Documents and Settings\MONIEC\QTMLClient.dll <Not Verified; Apple Inc.; QuickTime>
2008-07-24 21:37:21 17 --a------ C:\Documents and Settings\MONIEC\JAILBREAK IPHONE IPOD.bat
2008-07-24 21:37:21 1085440 --a------ C:\Documents and Settings\MONIEC\iTunesMobileDevice.dll <Not Verified; Apple Inc.; iTunesMobileDevice>

-- Find3M Report ---------------------------------------------------------------

2008-08-09 22:59:16 0 d-------- C:\Program Files\Bodog Poker
2008-08-09 13:18:45 0 d-------- C:\Program Files\Orb Networks
2008-08-09 08:53:19 0 d-------- C:\Program Files\PCPitstop
2008-08-08 07:41:11 0 d-------- C:\Program Files\Apple Software Update
2008-08-01 20:26:34 0 d-------- C:\Program Files\iTunes
2008-07-28 07:24:46 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-28 07:23:06 0 d-------- C:\Documents and Settings\MONIEC\Application Data\AdobeUM
2008-07-26 22:48:39 0 d-------- C:\Program Files\winpwn
2008-07-26 07:13:02 0 d-------- C:\Program Files\PartyGaming.Net
2008-07-25 19:35:19 0 d-------- C:\Program Files\Spyware Doctor
2008-07-25 18:53:45 0 d-------- C:\Program Files\iLiberty
2008-07-24 23:02:01 0 d-------- C:\Program Files\QuickTime
2008-06-26 16:46:15 0 d-------- C:\Documents and Settings\MONIEC\Application Data\Adobe
2008-05-12 18:53:16 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-12 18:50:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-12 18:50:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-12 18:50:08 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-12 18:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 18:50:08 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-05-12 18:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 18:50:06 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 18:49:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/01/2006 17:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe" [05/25/2005 12:12]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 17:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
CorrectConnect.lnk - C:\Program Files\CConnect\CConnect.exe [7/3/2006 10:03:42 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll 12/20/2001 22:34 24576 C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Manager]
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Monitor]
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TPSrv"=2 (0x2)
"PNMSRV"=2 (0x2)
"pmshellsrv"=2 (0x2)
"PAVSRV"=2 (0x2)
"PavPrSrv"=2 (0x2)
"PAVFNSVR"=2 (0x2)
"iPod Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

-- End of Deckard's System Scanner: finished at 2008-08-11 07:40:44 ------------

#17
Rorschach112

Posted 11 August 2008 - 08:50 AM

Ralphie

Retired Staff
47,710 posts

Can you do this

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum.

#18
rudd815

Posted 11 August 2008 - 09:06 AM

Member

Topic Starter
Member
16 posts

Unable to open BAT file.

#19
Rorschach112

Posted 11 August 2008 - 09:32 AM

Ralphie

Retired Staff
47,710 posts

Can you get this running

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

#20
rudd815

Posted 11 August 2008 - 11:01 AM

Member

Topic Starter
Member
16 posts

Malwarebytes' Anti-Malware 1.24
Database version: 1040
Windows 5.1.2600 Service Pack 3

10:01:15 AM 8/11/2008
mbam-log-8-11-2008 (10-01-15).txt

Scan type: Quick Scan
Objects scanned: 1
Time elapsed: 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#21
Rorschach112

Posted 11 August 2008 - 11:32 AM

Ralphie

Retired Staff
47,710 posts

Ok thats good

Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

#22
rudd815

Posted 13 August 2008 - 07:16 AM

Member

Topic Starter
Member
16 posts

Here are the two scans I have completed so far

KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, August 12, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, August 11, 2008 17:06:35
Records in database: 1082963

Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area Critical Areas
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\MONIEC\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics
Files scanned 73092
Threat name 1
Infected objects 1
Suspicious objects 0
Duration of the scan 03:45:28

File name Threat name Threats count
C:\WINDOWS\system32\explorer32\explorer32.exe Infected: not-a-virus:Monitor.Win32.PCTattletale.h 1

The selected area was scanned.

KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, August 13, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, August 13, 2008 01:33:40
Records in database: 1087436

Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\
F:\

Scan statistics
Files scanned 139936
Threat name 32
Infected objects 209
Suspicious objects 1
Duration of the scan 05:58:48

File name Threat name Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00AC0000.VBN Infected: Trojan.Java.ClassLoader.k 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00B40000.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00B40001.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00B40002.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00BC0000.VBN Infected: Trojan-Downloader.Java.OpenStream.z 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00C40000.VBN Infected: Trojan.Java.ClassLoader.i 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00C40001.VBN Infected: Trojan.Java.ClassLoader.k 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00C80000.VBN Infected: Trojan.Java.ClassLoader.an 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00CC0000.VBN Infected: Trojan-Downloader.Java.Agent.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00D00000.VBN Infected: Trojan-Downloader.JS.Inor.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00D00001.VBN Infected: Trojan.Java.ClassLoader.i 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00D00002.VBN Infected: Trojan.Java.ClassLoader.k 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00D40000.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00E40000.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01A00000.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02000000.VBN Infected: Trojan.Java.ClassLoader.i 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02000001.VBN Infected: Trojan.Java.ClassLoader.i 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02040000.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02040001.VBN Infected: Trojan.Java.ClassLoader.k 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\020C0000.VBN Infected: Trojan.Java.ClassLoader.an 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02140000.VBN Infected: Trojan.Java.ClassLoader.k 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02140001.VBN Infected: Trojan-Downloader.Java.Agent.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03940000.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03EC0000.VBN Infected: Trojan-Downloader.Java.Agent.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04080000.VBN Infected: Trojan.Java.ClassLoader.an 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04080001.VBN Infected: Trojan.Java.ClassLoader.an 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04200000.VBN Infected: Trojan-Downloader.Java.Agent.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04A00000.VBN Infected: not-a-virus:FraudTool.Win32.WorldSecurityOnline.c 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04A00001.VBN Infected: Exploit.Win32.IMG-WMF.v 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04A00002.VBN Infected: Trojan-Downloader.Win32.Agent.acd 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04A00003.VBN Infected: Exploit.Win32.IMG-WMF.v 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04A00004.VBN Infected: Trojan-Downloader.Win32.Agent.acd 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04D00000.VBN Infected: Trojan.Java.ClassLoader.an 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04D40001.VBN Infected: Trojan.Java.ClassLoader.an 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04E00000.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.cm 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04F80001.VBN Infected: Trojan.Java.ClassLoader.an 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05040000.VBN Infected: Trojan.Java.ClassLoader.ao 3

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05040001.VBN Infected: not-a-virus:FraudTool.Win32.WorldSecurityOnline.c 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05040002.VBN Infected: Exploit.Win32.IMG-WMF.v 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05040003.VBN Infected: Trojan-Downloader.Win32.Agent.acd 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05040004.VBN Infected: Exploit.Win32.IMG-WMF.v 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05580018.VBN Infected: Trojan.Java.ClassLoader.an 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05600002.VBN Infected: Trojan.Java.ClassLoader.an 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0568000C.VBN Infected: Trojan.Java.ClassLoader.ao 3

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05780002.VBN Infected: Trojan-Downloader.JS.Inor.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\057C0001.VBN Infected: Trojan.Java.ClassLoader.an 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\057C0002.VBN Infected: Trojan.Java.ClassLoader.an 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05F80001.VBN Infected: Trojan-Downloader.WMA.Wimad.l 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06B80000.VBN Infected: Trojan-Downloader.WMA.Wimad.n 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06BC0000.VBN Infected: P2P-Worm.Win32.Krepper.c 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06D40000.VBN Infected: Trojan.Win32.Shutdowner.eh 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06DC0000.VBN Infected: not-virus:Hoax.Win32.Renos.beq 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06E00000.VBN Infected: not-virus:Hoax.Win32.Renos.beq 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07DC0000.VBN Infected: Exploit.JS.CVE-2005-1790.t 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07DC0001.VBN Infected: Exploit.JS.CVE-2005-1790.t 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07DC0002.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07E00000.VBN Infected: Exploit.JS.CVE-2005-1790.t 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07E00001.VBN Infected: Exploit.JS.CVE-2005-1790.t 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07E00002.VBN Infected: Exploit.JS.CVE-2005-1790.t 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07E00003.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07E40000.VBN Infected: Trojan.Java.ClassLoader.k 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07E40001.VBN Infected: Trojan.Java.ClassLoader.i 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07EC0000.VBN Infected: Trojan.Java.ClassLoader.k 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07EC0001.VBN Infected: Trojan.Java.ClassLoader.an 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07EC0002.VBN Infected: Trojan-Downloader.Java.Agent.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F00000.VBN Infected: Trojan.Java.ClassLoader.i 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09540000.VBN Infected: Exploit.JS.CVE-2005-1790.t 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09600000.VBN Infected: Exploit.JS.CVE-2005-1790.t 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09640000.VBN Infected: Exploit.JS.CVE-2005-1790.t 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09680000.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09680001.VBN Infected: Exploit.JS.CVE-2005-1790.t 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\096C0000.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\096C0001.VBN Infected: not-a-virus:FraudTool.Win32.WorldSecurityOnline.c 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\096C0002.VBN Infected: Exploit.JS.CVE-2005-1790.t 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\096C0003.VBN Infected: Exploit.JS.CVE-2005-1790.t 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\096C0004.VBN Infected: Exploit.JS.CVE-2005-1790.t 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09700000.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09740000.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09740001.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09740002.VBN Infected: Exploit.JS.CVE-2005-1790.t 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09780000.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\097C0000.VBN Infected: Trojan.Java.ClassLoader.i 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09800000.VBN Infected: Trojan.Java.ClassLoader.i 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09900000.VBN Infected: Exploit.Win32.IMG-WMF.v 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09900001.VBN Infected: Trojan.Java.ClassLoader.k 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09980000.VBN Infected: Trojan.Java.ClassLoader.k 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09980001.VBN Infected: Trojan-Downloader.Java.Agent.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\099C0000.VBN Infected: Trojan.Java.ClassLoader.an 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN Infected: Exploit.Win32.IMG-WMF.v 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09F40000.VBN Infected: Trojan.Java.ClassLoader.k 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A000000.VBN Infected: Trojan.Java.ClassLoader.i 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A000001.VBN Infected: Trojan-Downloader.Java.Agent.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A180000.VBN Infected: Trojan.Java.ClassLoader.an 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A6C0000.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AC80000.VBN Infected: Trojan-Downloader.Win32.Agent.acd 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0ACC0000.VBN Suspicious: Exploit.Win32.IMG-WMF 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0ACC0001.VBN Infected: Exploit.Win32.IMG-WMF.v 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B080000.VBN Infected: not-a-virus:AdWare.Win32.Agent.zk 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B640000.VBN Infected: Trojan.Java.ClassLoader.k 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B640001.VBN Infected: Trojan.Java.ClassLoader.an 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B700001.VBN Infected: Trojan-Downloader.Win32.Agent.acd 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B700002.VBN Infected: Trojan.Java.ClassLoader.i 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B700003.VBN Infected: Trojan-Downloader.Java.Agent.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA40000.VBN Infected: Exploit.Java.ByteVerify 2

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA40000.VBN Infected: Trojan-Downloader.Java.OpenConnection.aa 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BBC0000.VBN Infected: Exploit.Win32.IMG-WMF.v 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00000.VBN Infected: Trojan-Downloader.Win32.Ani.c 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC80000.VBN Infected: Trojan-Downloader.Win32.Agent.acd 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC80001.VBN Infected: Exploit.Java.ByteVerify 2

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC80001.VBN Infected: Trojan-Downloader.Java.OpenConnection.aa 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BDC0000.VBN Infected: Exploit.Java.ByteVerify 2

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BDC0000.VBN Infected: Trojan-Downloader.Java.OpenConnection.aa 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BDC0001.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BE00000.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BE80000.VBN Infected: Trojan.Java.ClassLoader.k 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BE80001.VBN Infected: Trojan.Java.ClassLoader.i 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BE80002.VBN Infected: Trojan.Java.ClassLoader.an 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BEC0000.VBN Infected: Exploit.JS.CVE-2005-1790.t 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BEC0001.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BF00000.VBN Infected: Trojan.Java.ClassLoader.k 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BF00001.VBN Infected: Trojan-Downloader.Java.Agent.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BF40000.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BF80000.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BFC0000.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C0C0000.VBN Infected: Trojan.Java.ClassLoader.i 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C140000.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C180000.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C340000.VBN Infected: Trojan.Java.ClassLoader.k 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C340001.VBN Infected: Trojan.Java.ClassLoader.k 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C340002.VBN Infected: Trojan-Downloader.Java.OpenStream.z 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C340003.VBN Infected: Trojan.Java.ClassLoader.an 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C340004.VBN Infected: Trojan-Downloader.Java.Agent.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C380000.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C480000.VBN Infected: Trojan.Java.ClassLoader.i 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C4C0000.VBN Infected: Trojan.Java.ClassLoader.i 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C4C0001.VBN Infected: Trojan.Java.ClassLoader.k 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C840002.VBN Infected: Trojan.Java.ClassLoader.an 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C840003.VBN Infected: Trojan.Java.ClassLoader.an 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C880000.VBN Infected: Trojan-Downloader.Java.Agent.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C880001.VBN Infected: Trojan-Downloader.Java.Agent.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C880002.VBN Infected: Trojan.Java.ClassLoader.an 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C880003.VBN Infected: Trojan-Downloader.Java.Agent.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C8C0000.VBN Infected: Trojan-Downloader.Java.Agent.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C8C0001.VBN Infected: Trojan-Downloader.Java.Agent.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C8C0002.VBN Infected: Trojan.Java.ClassLoader.an 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C8C0003.VBN Infected: Trojan-Downloader.Java.Agent.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C940000.VBN Infected: Trojan.Java.ClassLoader.an 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C980001.VBN Infected: Trojan.Java.ClassLoader.an 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C9C0000.VBN Infected: Trojan-Downloader.Java.Agent.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C9C0001.VBN Infected: not-a-virus:FraudTool.Win32.WorldSecurityOnline.c 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C9C0002.VBN Infected: Trojan-Downloader.Java.Agent.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C9C0003.VBN Infected: Trojan.Java.ClassLoader.an 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CA80000.VBN Infected: Trojan.Java.ClassLoader.an 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CA80001.VBN Infected: Trojan-Downloader.Java.Agent.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CA80002.VBN Infected: Trojan.Java.ClassLoader.an 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D2C0002.VBN Infected: Trojan.Java.ClassLoader.as 3

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D2C0003.VBN Infected: Trojan.Java.ClassLoader.as 3

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D2C0004.VBN Infected: Trojan.Java.ClassLoader.as 3

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D2C0005.VBN Infected: Trojan.Java.ClassLoader.as 3

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0ECC0000.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0ECC0001.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0ECC0002.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0ED00000.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0EEC0000.VBN Infected: Trojan-Downloader.Win32.Agent.uj 1

C:\Documents and Settings\All Users\Documents\My Music\07 Track 7 (butterflyeffect).wma Infected: Trojan-Downloader.WMA.Wimad.l 1

C:\Documents and Settings\MONIEC\.housecall6.6\Quarantine\CompControls.ocx.bac_a03408 Infected: not-a-virus:Monitor.Win32.PCTattletale.a 1

C:\Documents and Settings\MONIEC\.housecall6.6\Quarantine\count[1].htm.bac_a03408 Infected: Trojan-Downloader.JS.Inor.a 1

C:\Documents and Settings\MONIEC\.housecall6.6\Quarantine\DelDrv.exe.bac_a02064 Infected: not-a-virus:RiskTool.Win32.Deleter.b 1

C:\Documents and Settings\MONIEC\.housecall6.6\Quarantine\MSN32.dll.bac_a02064 Infected: not-a-virus:Monitor.Win32.PCTattletale.a 1

C:\Documents and Settings\MONIEC\Application Data\Sun\Java\Deployment\cache\6.0\10\77714c0a-707848f5 Infected: Trojan-Downloader.Java.OpenStream.ac 1

C:\Documents and Settings\MONIEC\Application Data\Sun\Java\Deployment\cache\6.0\16\2fea7450-5db1425d Infected: Trojan-Downloader.Java.OpenStream.ac 1

C:\Documents and Settings\MONIEC\Application Data\Sun\Java\Deployment\cache\6.0\22\74018dd6-589b51cd Infected: Trojan-Downloader.Java.OpenStream.ac 1

C:\Documents and Settings\MONIEC\Application Data\Sun\Java\Deployment\cache\6.0\35\362cfe3-2faacbac Infected: Trojan-Downloader.Java.OpenStream.ac 1

C:\Documents and Settings\MONIEC\Application Data\Sun\Java\Deployment\cache\6.0\50\8b13ef2-28e8aa76 Infected: Trojan-Downloader.Java.OpenStream.ac 1

C:\Documents and Settings\MONIEC\Application Data\Sun\Java\Deployment\cache\6.0\7\1f57d107-5810d9a2 Infected: Trojan-Downloader.Java.OpenStream.ac 1

C:\Documents and Settings\MONIEC\Desktop\File Shortcuts\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Documents and Settings\MONIEC\Desktop\File Shortcuts\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Documents and Settings\MONIEC\Desktop\Music\02 Track 2 (butterflyeffect).wma Infected: Trojan-Downloader.WMA.Wimad.l 1

C:\Documents and Settings\MONIEC\Desktop\Music\03 Track 3 (butterflyeffect).wma Infected: Trojan-Downloader.WMA.Wimad.l 1

C:\Documents and Settings\MONIEC\Desktop\Spyware\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Documents and Settings\MONIEC\Desktop\Spyware\SmitfraudFix\SmitfraudFix.zip Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Documents and Settings\MONIEC\Desktop\Spyware\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Documents and Settings\MONIEC\Local Settings\Temporary Internet Files\Content.IE5\DPRPZXB8\static[1].htm Infected: Exploit.JS.Agent.ow 1

C:\Documents and Settings\MONIEC\My Documents\My Music\02 Track 2 (butterflyeffect).wma Infected: Trojan-Downloader.WMA.Wimad.l 1

C:\Documents and Settings\MONIEC\My Documents\My Music\03 Track 3 (butterflyeffect).wma Infected: Trojan-Downloader.WMA.Wimad.l 1

C:\Documents and Settings\MONIEC\My Documents\My Music\06 Track 6 (butterflyeffect).wma Infected: Trojan-Downloader.WMA.Wimad.l 1

C:\Documents and Settings\MONIEC\My Documents\My Music\07 Track 7 (butterflyeffect).wma Infected: Trojan-Downloader.WMA.Wimad.l 1

C:\Documents and Settings\MONIEC\My Documents\My Music\300 soundtrack.wma Infected: Trojan-Downloader.WMA.GetCodec.b 1

C:\Documents and Settings\MONIEC\My Documents\My Music\cherab rock.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1

C:\Documents and Settings\MONIEC\My Documents\My Music\Mom's Music\07 Track 7 (butterflyeffect).wma Infected: Trojan-Downloader.WMA.Wimad.l 1

C:\Documents and Settings\MONIEC\My Documents\My Music\Samurai Jack Seasons 1, 2, 3 & 4 Complete Extras.avi Infected: Trojan-Downloader.WMA.GetCodec.b 1

C:\Documents and Settings\MONIEC\My Documents\My Music\survivorman.mpg Infected: Trojan-Downloader.WMA.Wimad.n 1

C:\Documents and Settings\MONIEC\My Documents\My Music\Top of Charts - 2003 (kiss).wma Infected: Trojan-Downloader.WMA.Wimad.l 1

C:\Documents and Settings\MONIEC\My Documents\tylers stuff\risk-setup.exe Infected: not-a-virus:AdWare.Win32.AdMedia.g 1

C:\WINDOWS\system32\explorer32\explorer32.exe Infected: not-a-virus:Monitor.Win32.PCTattletale.h 1

The selected area was scanned.

#23
Rorschach112

Posted 13 August 2008 - 02:08 PM

Ralphie

Retired Staff
47,710 posts

Hello

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[kill explorer]
C:\WINDOWS\system32\explorer32
C:\Documents and Settings\All Users\Documents\My Music\07 Track 7 (butterflyeffect).wma
C:\Documents and Settings\MONIEC\Desktop\Music\02 Track 2 (butterflyeffect).wma 
C:\Documents and Settings\MONIEC\Desktop\Music\03 Track 3 (butterflyeffect).wma 
C:\Documents and Settings\MONIEC\My Documents\My Music\02 Track 2 (butterflyeffect).wma 
C:\Documents and Settings\MONIEC\My Documents\My Music\03 Track 3 (butterflyeffect).wma 
C:\Documents and Settings\MONIEC\My Documents\My Music\06 Track 6 (butterflyeffect).wma 
C:\Documents and Settings\MONIEC\My Documents\My Music\07 Track 7 (butterflyeffect).wma 
C:\Documents and Settings\MONIEC\My Documents\My Music\300 soundtrack.wma
C:\Documents and Settings\MONIEC\My Documents\My Music\cherab rock.mp3
C:\Documents and Settings\MONIEC\My Documents\My Music\Mom's Music\07 Track 7 (butterflyeffect).wma 
C:\Documents and Settings\MONIEC\My Documents\My Music\Samurai Jack Seasons 1, 2, 3 & 4 Complete Extras.avi 
C:\Documents and Settings\MONIEC\My Documents\My Music\survivorman.mpg 
C:\Documents and Settings\MONIEC\My Documents\My Music\Top of Charts - 2003 (kiss).wma
C:\Documents and Settings\MONIEC\My Documents\tylers stuff\risk-setup.exe
purity 
EmptyTemp
[start explorer]

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Also post a new HijackThis log and tell me how your PC is running

#24
rudd815

Posted 14 August 2008 - 09:33 PM

Member

Topic Starter
Member
16 posts

Explorer killed successfully
C:\WINDOWS\system32\explorer32 moved successfully.
C:\Documents and Settings\All Users\Documents\My Music\07 Track 7 (butterflyeffect).wma moved successfully.
C:\Documents and Settings\MONIEC\Desktop\Music\02 Track 2 (butterflyeffect).wma moved successfully.
C:\Documents and Settings\MONIEC\Desktop\Music\03 Track 3 (butterflyeffect).wma moved successfully.
C:\Documents and Settings\MONIEC\My Documents\My Music\02 Track 2 (butterflyeffect).wma moved successfully.
C:\Documents and Settings\MONIEC\My Documents\My Music\03 Track 3 (butterflyeffect).wma moved successfully.
C:\Documents and Settings\MONIEC\My Documents\My Music\06 Track 6 (butterflyeffect).wma moved successfully.
C:\Documents and Settings\MONIEC\My Documents\My Music\07 Track 7 (butterflyeffect).wma moved successfully.
C:\Documents and Settings\MONIEC\My Documents\My Music\300 soundtrack.wma moved successfully.
C:\Documents and Settings\MONIEC\My Documents\My Music\cherab rock.mp3 moved successfully.
C:\Documents and Settings\MONIEC\My Documents\My Music\Mom's Music\07 Track 7 (butterflyeffect).wma moved successfully.
C:\Documents and Settings\MONIEC\My Documents\My Music\Samurai Jack Seasons 1, 2, 3 & 4 Complete Extras.avi moved successfully.
C:\Documents and Settings\MONIEC\My Documents\My Music\survivorman.mpg moved successfully.
C:\Documents and Settings\MONIEC\My Documents\My Music\Top of Charts - 2003 (kiss).wma moved successfully.
C:\Documents and Settings\MONIEC\My Documents\tylers stuff\risk-setup.exe moved successfully.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\~DF468A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\~DF4695.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\hsperfdata_MONIEC\1980 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\Arj.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\avlib.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\Avp1.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\AvpMgr.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\btimages.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\CAB.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\dmap.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\dtreg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\FsDrvPlg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\FSSync.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\HashCont.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\HashMD5.PPL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\HCCMP.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\ichk2.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\iChkSA.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\Inflate.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\IWGen.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\kave.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\kosglue-7.0.25.0.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\lha.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\L_llio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\MailMsg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\mdb.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\MDMAP.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\MemModSc.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\MemScan.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\minizip.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\MKavIO.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\msoe.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\nfio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\NTFSstrm.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\prKernel.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\prLoader.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\prseqio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\PrUtil.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\rar.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\ScanningProcess.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\sfdb.PPL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\TempFile.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\thpimpl.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\UniArc.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\UnLZX.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\UnStored.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MONIEC\LOCALS~1\Temp\jkos-MONIEC\binaries\WDiskIO.ppl scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08142008_202134

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33:25, on 8/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [OTScanIt] C:\Documents and Settings\MONIEC\Desktop\OTMoveIt2.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.cox.net
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.c...oad/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...t/PCPitStop.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1152469941828
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics....com/serval.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab41227.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop...irus/PitPav.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/...PA.cab40641.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/...on.cab40641.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 6177 bytes

#25
Rorschach112

Posted 15 August 2008 - 07:26 AM

Ralphie

Retired Staff
47,710 posts

Your logs are clean

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts. A log will appear (JavaRa.log), please post the contents of this log on the forum.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html

Make sure you have an Internet Connection.
Double-click OTMoveIt2.exe to run it.
Click on the CleanUp! button
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
Click Yes to beging the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

#26
rudd815

Posted 16 August 2008 - 09:35 AM

Member

Topic Starter
Member
16 posts

Uable to perform the actions above, receive errors

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:33:05, on 8/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [getPlusUninstall] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.cox.net
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.c...oad/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...t/PCPitStop.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1152469941828
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics....com/serval.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.ado...obat/nos/gp.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab41227.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop...irus/PitPav.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/...PA.cab40641.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/...on.cab40641.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 6525 bytes

#27
Rorschach112

Posted 16 August 2008 - 11:12 AM

Ralphie

Retired Staff
47,710 posts

What cant you do ?

#28
rudd815

Posted 16 August 2008 - 04:22 PM

Member

Topic Starter
Member
16 posts

When trying to update Java, the active X command does not come up so I can continue the download

#29
Rorschach112

Posted 17 August 2008 - 07:32 AM

Ralphie

Retired Staff
47,710 posts

Go on with the other steps

Then post in the Windows XP forum about java

#30
Rorschach112

Posted 20 August 2008 - 03:52 PM

Ralphie

Retired Staff
47,710 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.