chris50

April 29, 2008

Terrorist _75 i understand that fully. Because the other account had administrator capabilities and password protected as well.......That's why I reran everything ie.hijackthis and others. So when I spoke earlier I was in the process of finding and disposing of the many traces.....Ran some other scans, and nothing yet, but I'm still monitoring it closely. I did disable the other 2 boot options just to see what happens ie(backup and recovery console). It's still the same, white screen with double loaded XP screens, ...I guess the fresh install would cure this.

JSKY...Yes, more space is for sure. I know what you're saying. I guess, the room kinda filled up quickly . I guess with a "guest" you never know who is in the room with you, I guess..............

April 28, 2008

Sounds like take it to a shop to me....As I have no clue, haven't even looked.

Just got back a complete scan after 5hours...It's clean so far. I'm still going through it and double checking other things also....

April 28, 2008

You know what, since that last post of yours I was thinking the same thing. I'll begin saving the files to disks shortly..

Is this a difficult task or should I just let a local shop do it?

April 28, 2008

Yeah it does need that....That is the plan in the future. With 7.86Gb, this computer has definitely been upgraded. I was thinking maybe windows 98 era??Yet it does have 384mb memory(upgraded), as that's all it'll hold. I'm debating on my next move with it. As I'd like at least 512mb...Well, i guess there's not really an option, as I have to get another....

April 28, 2008

JSKY,

I'm not at all questioning Terrorist_75 recommendations at all. He has guided me quite well so far. What I was referring to was earlier there were 7 people here and noone responded. Obviously they weren't knowledgable enough. I've already done what he's suggested. Since then, I've been running scans out the ying-yang. I'm not coming up with a lot of traces of stuff, as I guess I've killed/deleted most previously. Some of the items found were Keyloggers, Downloaders, Trojans, And Adaware--thousands, YES 1000's. Virus Vault has already filled numerous times thus far, and I'm not done yet. I'll keep the post updated as well............

Terrorist_75 i forgot to ask. If I remove the other boot option, would the white, and/or double screens go away??....As scan is presently running and will be for a while.....

April 28, 2008

As asked by TheTerrorist_75.
How many partitions show up in your computer? Just your C:/ drive, or do you have more. Not counting your CD drives.

Only 1.....Computer has 7.86Gb storage total. All that is on the C:/drive

Wow.....6 guests.......?!?!..ERRR..I mean 7!?!?

Actually I installed the recovery console days ago..

Please tell me someone has something to say....

April 28, 2008

JSKY did you or someone just..Oh nevermind

Still awaiting help!

April 28, 2008

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=7OHJEB /Kernel=TUKernel.exe

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=7OHJEB-BAK

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

April 28, 2008

There are 2...First is Admin-me-no password...Second is him-Admin capabilities-password protected, with remote It says Administrator account is only visible in welcome screen, or when booted in safe mode

There is no boot.ini file

.....that's kinda interesting that after 1.5 years, it would start up NOW .....

That pretty much confirms he didn't wipe the old OS off and installed XP a second time.

April 28, 2008

There is no boot.ini file

.....that's kinda interesting that after 1.5 years, it would start up NOW .....

That pretty much confirms he didn't wipe the old OS off and installed XP a second time.

April 28, 2008

I just noticed something...by the way it's a desktop

1) when it's booted in normal mode, there are no other users, so it boots up to desktop

2) When it's booted in safe mode, you have to select between "Admin"-me, which has no password.......Or the previous owners name, which is password protected.

Other puter is loading, will post log in several minutes

By the way, this has only been happening the past 4-5 weeks max!!!

This is not from any malware or hacker. If this laptop only has XP loaded on it and the person who sold it reloaded XP he may have installed it incorrectly and you now have two installs. Open My Computer and double clcik your hard drive. Double click boot.ini, it should open in Notepad, then copy and paste the contents in a reply here.

April 27, 2008

I bought It 1.5 years ago, from a guy that builds/sells them. I never changed anything on it. I just plugged up and started using it. Noone else uses it but me. So, how could this happen?? Could it be done by e-mail, downloaded attachment, redirected website??How?? So, what type of issues would this cause?? What has been happenning?? It sounds a bit scary, as to what the possibilities are.....What's your assessment on it??

When I got it, the memory had been upgraded, as well as windows XP added. This is what was told to me. I don't know what operating system was on it previously..

1st-cd

2nd-floppy

3rd-harddrive

4th-ethernet

That's normal for svchost.exe. I have five instances of it running with many more processes than you. I would say this is an issue with your boot. What is your boot setup, through Vista or one of your 'nix OSes?

April 27, 2008

As you can see from my post today, I'm still having problems. Ryan has taken me through the malware forum and his suggestion is that it's not from malware. At this point, I don't think so either. He suggested that I post in this forum, support.

This is the scenario:

1) Initial white screen loads w/compaq logo.

2) seconds later windows xp screen loads with hourglass logo in bottom left corner

3) seconds later another Windows XP screen loads with same name in bottom left corner.

4) Then my icons and programs, desktop loads up.

From what I can tell, It appears to be a hacker and/or system issues. As I have a double loaded system....Hmm...

Also in task manager I have the following:

svchost.exe----one says local service

svchost.exe----two says network

svchost.exe----three says system

So, what I'm saying is I have a total of "six" processes running for the svchost.exe. Now I know that's not right.....

April 27, 2008

Hello, I'm still having problems with my computer. I've posted "MBAM log" and "HJT log" and obviously nothing there, as noted below. Yet I still have the following going on:

1) upon powering on, I get an initial "white screen" with my compaq logo. there is also an hourglass in the bottom left hand corner.

2) seconds later, it loads up my windows XP screen w the name "swissboy" in bottom left-hand corner.

3) seconds after that, it loads up another windows XP screen, with the same name "swissboy" in bottom left-hand corner.

4) moments later, it starts to load up my icons and desktop menu.....

Something's not right!?!?!?!?

Besttechie

Rating: 5

View Member Profile

Add as Friend

Send Message

Find Member's Topics

Find Member's Posts

post Today, 10:34 AM

Post #2

Mr. President

Group Icon

Group: Admin

Posts: 2129

Joined: 23-August 04

From: New York

Member No.: 1

Operating System:

Windows Vista Ultimate, Windows XP Pro, Ubuntu, Debian, Mac OSX

As Ryan stated:

QUOTE

Since the MBAM log was clean, and nothing in the HJT log is malicious, I think its safe to say that your problem isn't malware related.

I would make a thread in the Windows forum about this issue. Tell them that you've been through the malware forum, and that your copmuter is clean.

-Ryan

It does not appear your problem is malware related, make a post in PC Support and someone would be glad to continue to help you out. smile.gif

B

April 27, 2008

My topic has been closed several topics below, but my issue remains. I would think that it should be resolved fully, before it's closed, right?

April 24, 2008

Since the MBAM log was clean, and nothing in the HJT log is malicious, I think its safe to say that your problem isn't malware related.
I would make a thread in the Windows forum about this issue. Tell them that you've been through the malware forum, and that your copmuter is clean.
-Ryan

Ryan, I have submitted it. Awaiting a reply...Will keep the thread updated!!

April 23, 2008

Malwarebytes' Anti-Malware 1.11
Database version: 672
Scan type: Full Scan (C:\|)
Objects scanned: 53557
Time elapsed: 1 hour(s), 17 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
I also did another Hijack this thread, after the Malware .......
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:28:48 AM, on 4/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178210048856
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
--
End of file - 4285 bytes

April 23, 2008

Malwarebytes' Anti-Malware 1.11

Database version: 672

Scan type: Full Scan (C:\|)

Objects scanned: 53557

Time elapsed: 1 hour(s), 17 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I also did another Hijack this thread, after the Malware .......

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:28:48 AM, on 4/23/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178210048856

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--

End of file - 4285 bytes

April 23, 2008

April 23, 2008

Hi there, and welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer.
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
-Ryan

April 20, 2008

Hello, I've just stumbled across this website recently, by way of me purchasing computer items from a guy at the local flea market. He suggested 2 programs "Nod32" and "hijack this". So by way of me using hijack this, I came across this website....Anyway, I'm having computer problems on another desktop. Things it does...At the beginning, it loads up a white screen w/an hour glass in bottom left corner. It has never done this before. Then when my regular windows "blue windows XP screen" loads up, It loads up AGAIN. That's right, a second "Blue Windows XP screen" with a name in the bottom left corner. Obviously something is going on that's not right!!!!. I can access files, get on internet, and everything else, but the scenario above is not right. Please offer any assistance to help resolve..LOGFILE is below

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:40:59 PM, on 4/20/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL

O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p