Infected Or Not? Computer Having Problems


Recommended Posts

I seem to have a trojan or malware on my computer and I have not been able to fix it. I run AVG free on my computer, download updates frequently and scan fairly routinely. In trying to solve this, I have run Panda, trendmicro, bitdefender, Kaspersky and a couple of other antivirus programs to no avail. I also regularly use ad aware and spybot, and since they did not fix the problem, ran through at least a dozen other such programs, all to no avail. I ran all of these in normal mode, and also as many of them as would operate while in Safe Mode, and still no results. I use zone alarm's free firewall, and according to shieldsup, my ports are all in stealth mode. At start up, all I have checked is zonealarm, avg antivirus,startup monitor, NvCpl and TeaTimer Spybot. I've tried numerous times to remove NvCpl as a startup item, but it ALWAYS re-inserts itself at startup, so not sure if that is related to the problem or not. It stays checked even if I uncheck it and reboot, it always resets itself to automatically load itself.

What the real problem is, is that pages do not fully load to completion, particularly on Seamonkey. I will open a page and the little egg timer symbol will permanently stay in the "incomplete" mode, and I mean I can let it go for over an hour, and it will still show the page as incompletely loaded. The green status bar indicator seen on the bottom, lower right of the screen will show mostly complete, but there is still space for several more green bars, indicating the page has not fully loaded. On the lower, bottom left I will get a message like "transferring data from.." and then the name of a website. This typically seems to be related to advertisements, like spe.atdmt.com or m1.2mdn.net and others. Or sometimes it will say "waiting for..." and the name of a website.

The only way to get the timer, status bar and "waiting for" message to end is to manually go to the Stop loading icon and click it. Then its fine and cpu usage is normal. But otherwise it hangs my computer up and makes pages slow to load once one page is not completely loaded. At times, my computer CPU usage is 100% (according to the Process Manager) and basically locks up, not being able to download information or open a new browser page. The process manager will show Seamonkey at 98/99/100% system resources. Occasionally it will show that amount for Firefox or IE when it is "locked up". And I've even seen the System Idle Process listed at 98/99/100% usage, but the overall CPU usage is listed as anywhere from 2 to 100%, so I don't know what it means when the system idle process is listed a t 100% but the CPU usage is not correlated to that high number.

Figuring all this was related to advertising sites not loading correctly, I installed adblock plus on both Mozilla, and later on Firefox. Neither situation improved. In fact, Firefox seemed worse, so I uninstalled it on both browsers. Can't say as I know how to tweak the settings on adblock, so maybe I missed something there. Next I uninstalled Seamonkey and reinstalled. No help. Then I uninstalled both Seamonkey and Firefox. No help there either.

So, am I infected with something per the below Hijackthis log taken today? If I am not infected, what would be the reason for the pages not loading fully? Any suggestions to solve that problem are appreciated, whether it is something hijackthis shows, or another idea if I appear to be clean of a virus.

Thanks for the help!!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:29:30 PM, on 3/28/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\StartupMonitor.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135824330522

O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37240.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab

O16 - DPF: {F1946764-3B40-4BE3-A87D-F371B112308F} (WPActiveX Control) - http://207.97.210.114/wp/wpax.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4B97FFEB-7D41-450F-9BB5-6A9D7D03ADA7}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{8CA005BA-32C8-44FC-8257-2E7060EAD5C4}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS1\Services\Tcpip\..\{4B97FFEB-7D41-450F-9BB5-6A9D7D03ADA7}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 6961 bytes

Link to post
Share on other sites

Deckard's System Scanner

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  5. Please attach extra.txt to your post.

To attach a file to a new post, simply

  1. Go to the Atachments section on the post composition page.(just below the text entry window), and
  2. copy and paste the following into the "Select a file" box:

    C:\Deckard\System Scanner\extra.txt


  3. Click Upload.

What DSS will do:

  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
    Using Internet Explorer please do an online scan with Kaspersky Online Scanner
    Click on Kaspersky Online Scanner
    Click "I accept"
    You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then start to download the latest definition files.
    • Once the scanner is installed and the definitions downloaded, click Next.
    • Now click on Scan Settings
    • In the scan settings make sure that the following are selected:
      • Scan using the following Anti-Virus database:
        • Extended (If available otherwise Standard)

        [*]Scan Options:

        • Scan Archives
        • Scan Mail Bases

      [*]Click OK

      [*]Now under select a target to scan select My Computer

      [*]The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.

      [*]Now click on the Save report button.

      [*]Call it Kaspersky.txt

      [*]Expand the arrow beside "file types" and save as .txt file.

      [*]Save the file to your desktop.

      [*]Copy and paste that information in your next post.

    *Note

    If you have Internet Explorer 7 installed:

    If you have trouble getting past the initial download you may need to use the "zoom" tool at bottom right of the scanner window and increase it to 125% to see and press the "accept" button.

    Page will reload and you should be able to carry on scan.

    If the KAV log has your email all over it -- please attach it rather than copy/paste.

Edited by jwbirdsong
Link to post
Share on other sites

Deckard's System Scanner v20071014.68

Run by Phil on 2008-03-30 15:55:28

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --

29: 2008-03-30 22:55:33 UTC - RP762 - Deckard's System Scanner Restore Point

28: 2008-03-30 02:21:57 UTC - RP761 - System Checkpoint

27: 2008-03-28 19:03:52 UTC - RP760 - System Checkpoint

26: 2008-03-27 01:50:07 UTC - RP759 - System Checkpoint

25: 2008-03-25 23:08:34 UTC - RP758 - System Checkpoint

-- First Restore Point --

1: 2008-02-19 20:35:19 UTC - RP734 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Phil.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:00:17 PM, on 3/30/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\StartupMonitor.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Documents and Settings\Phil\Desktop\dss.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\Phil.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135824330522

O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37240.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab

O16 - DPF: {F1946764-3B40-4BE3-A87D-F371B112308F} (WPActiveX Control) - http://207.97.210.114/wp/wpax.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4B97FFEB-7D41-450F-9BB5-6A9D7D03ADA7}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{8CA005BA-32C8-44FC-8257-2E7060EAD5C4}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS1\Services\Tcpip\..\{4B97FFEB-7D41-450F-9BB5-6A9D7D03ADA7}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 6844 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 LANPkt (Realtek LANPkt Protocol) - c:\windows\system32\drivers\lanpkt.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S3 BDFsDrv - c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing)

S3 BDRsDrv - c:\program files\softwin\bitdefender10\bdrsdrv.sys (file missing)

S3 catchme - c:\docume~1\phil\locals~1\temp\catchme.sys (file missing)

S3 GMSIPCI - d:\install\gmsipci.sys (file missing)

S3 ISO503 (Chameleon Mega Video Camera) - c:\windows\system32\drivers\iso503.sys <Not Verified; Sunplus Technology Co. LTD.; SPCA504A Camera Driver>

S3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S3 Profos - c:\program files\softwin\bitdefender10\profos.sys (file missing)

S3 RushTopDevice - c:\program files\msi\core center\rushtop.sys <Not Verified; Your Corporation; Your Product Name>

S3 Trufos - c:\program files\softwin\bitdefender10\trufos.sys (file missing)

S3 XIRLINK (IBM PC Camera) - c:\windows\system32\drivers\c-itnt.sys <Not Verified; Xirlink, Inc; C-it Digital Video PC Camera>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-03-24 16:10:00 262 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job

2008-03-24 15:35:00 268 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job

2008-01-04 17:10:46 336 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job

2008-01-04 16:35:16 390 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job

-- Files created between 2008-02-29 and 2008-03-30 -----------------------------

2008-03-23 20:59:54 0 d-------- C:\Documents and Settings\Phil\Application Data\Mozilla

2008-03-10 04:36:55 20016 -ra------ C:\WINDOWS\system32\drivers\omcamhal.sys <Not Verified; OmniVision Technologies, Inc.; OmniVision PC Camera>

2008-03-10 04:36:54 136792 -ra------ C:\WINDOWS\system32\drivers\omcamvid.sys <Not Verified; OmniVision Technologies, Inc.; OmniVision PC Camera>

2008-03-10 04:36:54 6336 -ra------ C:\WINDOWS\system32\drivers\omcamsti.sys <Not Verified; OmniVision Technologies, Inc.; OmniVision PC Camera>

-- Find3M Report ---------------------------------------------------------------

2008-03-28 10:59:00 0 d-------- C:\Documents and Settings\Phil\Application Data\AVG7

2008-03-28 02:02:39 0 d-------- C:\Program Files\EFX

2008-03-23 21:08:57 118784 --a------ C:\WINDOWS\SeaMonkeyUninstall.exe

2008-03-23 21:08:57 24214 --a------ C:\WINDOWS\mozver.dat

2008-03-23 21:08:46 118784 --a------ C:\WINDOWS\GREUninstall.exe

2008-03-23 21:08:33 0 d-------- C:\Program Files\Common Files

2008-03-23 21:08:21 0 d-------- C:\Program Files\mozilla.org

2008-03-23 21:00:27 0 d-------- C:\Documents and Settings\Phil\Application Data\Talkback

2008-03-12 21:23:18 0 d-------- C:\Program Files\SpywareBlaster

2008-02-23 01:31:27 0 d-------- C:\Program Files\Lavasoft

2008-02-23 00:48:54 2855080 --a------ C:\WINDOWS\system32\mi2.exe

2008-02-23 00:48:54 0 d-------- C:\Program Files\SoftwareRevenue.org

2008-02-23 00:48:42 379071 --a------ C:\WINDOWS\system32\mi1.exe

2008-02-12 20:54:03 0 d-------- C:\Program Files\IntelliChart Desktop

2008-02-09 22:36:23 0 d-------- C:\Program Files\Browser Mouse

2008-02-08 00:54:31 0 d-------- C:\Documents and Settings\Phil\Application Data\Macromedia

2008-02-05 19:22:46 0 d-------- C:\Documents and Settings\Phil\Application Data\Adobe

2008-02-05 19:21:48 0 d-------- C:\Program Files\Common Files\Adobe

2008-02-05 19:10:21 335 --a------ C:\WINDOWS\mozregistry.dat

2008-01-27 14:24:56 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat

2008-01-01 19:11:04 81984 --a------ C:\WINDOWS\system32\bdod.bin

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [01/15/2008 05:36 PM]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/2007 05:05 PM]

"Run StartupMonitor"="StartupMonitor.exe" [05/20/2000 06:23 PM C:\WINDOWS\StartupMonitor.exe]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/29/2007 12:43 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 12:43 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]

"1A:Stardock TrayMonitor"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CoreCenter.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CoreCenter.lnk

backup=C:\WINDOWS\pss\CoreCenter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DigiCell.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DigiCell.lnk

backup=C:\WINDOWS\pss\DigiCell.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Free WebSite Tools.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Free WebSite Tools.lnk

backup=C:\WINDOWS\pss\Free WebSite Tools.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk

backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^palstart.exe]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe

backup=C:\WINDOWS\pss\palstart.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SecureDoc.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SecureDoc.lnk

backup=C:\WINDOWS\pss\SecureDoc.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1A:Stardock TrayMonitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]

"C:\Program Files\Softwin\BitDefender10\bdagent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]

"C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol]

C:\DOCUME~1\Phil\LOCALS~1\Temp\WZSE0.TMP\CookiePatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiagAP8169]

C:\Program Files\MSI\LAN Utility\DiagAP8169 /hw

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]

"C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor]

C:\Program Files\MSI\Live Update 3\LMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]

C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center]

C:\DOCUME~1\Phil\LOCALS~1\Temp\WZSE0.TMP\PPControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPMemCheck]

C:\DOCUME~1\Phil\LOCALS~1\Temp\WZSE0.TMP\PPMemCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simpleology 1.0]

C:\Program Files\Simpleology\simpleology Wimiki\simpleology Wimiki.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]

C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

7966 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-03-30 16:01:48 ------------

EXTRA FILE:

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0

Architecture: X86; Language: English

CPU 0: AMD Athlon 64 Processor 3000+

Percentage of Memory in Use: 41%

Physical Memory (total/avail): 1023.48 MiB / 596.74 MiB

Pagefile Memory (total/avail): 1692.79 MiB / 1365.89 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1910.5 MiB

A: is Removable (No Media)

C: is Fixed (NTFS) - 74.52 GiB total, 28.05 GiB free.

D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST380013AS - 74.53 GiB - 1 partition

\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Firewall v7.0.462.000 (Check Point, LTD.)

AV: AVG 7.5.519 v7.5.519 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"

"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"

"C:\\Program Files\\CandleWorks\\TS\\FXTS.exe"="C:\\Program Files\\CandleWorks\\TS\\FXTS.exe:*:Enabled:FX Trading Station"

"C:\\Program Files\\FXtrainerdesktop\\FXChart.exe"="C:\\Program Files\\FXtrainerdesktop\\FXChart.exe:*:Enabled:FXtrainerPro"

"C:\\Program Files\\MSI\\Live Update 3\\LMonitor.exe"="C:\\Program Files\\MSI\\Live Update 3\\LMonitor.exe:*:Enabled:MSI Live Monitor"

"C:\\Program Files\\mozilla.org\\Mozilla\\PalmSyncInstall.exe"="C:\\Program Files\\mozilla.org\\Mozilla\\PalmSyncInstall.exe:*:Enabled:Address Book Palm Sync Install"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\FXtrainerdesktop\\IntelliChart.exe"="C:\\Program Files\\FXtrainerdesktop\\IntelliChart.exe:*:Enabled:IntelliChart"

"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"

"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"

"C:\\Program Files\\Conference\\Conference.dll"="C:\\Program Files\\Conference\\Conference.dll:*:Enabled:Audio/Video Conference by KIOSK Team"

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"

"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"

"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"

"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"

"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Phil\Application Data

CLASSPATH=.;C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=COMPUTER

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Phil

LOGONSERVER=\\COMPUTER

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\EFX Group\Navigator;C:\Program Files\QuickTime Alternative\QTSystem\;

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 31 Stepping 0, AuthenticAMD

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=1f00

ProgramFiles=C:\Program Files

PROMPT=$P$G

QTJAVA=C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\Phil\LOCALS~1\Temp

TMP=C:\DOCUME~1\Phil\LOCALS~1\Temp

tvdumpflags=8

USERDOMAIN=COMPUTER

USERNAME=Phil

USERPROFILE=C:\Documents and Settings\Phil

windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Phil (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IbmPcCamera\Uninst.isu"

Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG

Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}

Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL

Browser Mouse --> C:\Program Files\Browser Mouse\Browser Mouse\1.1\unins000.EXE

GoToMeeting/GoToWebinar 3.0.0.198 --> C:\Program Files\Citrix\GoToMeeting\198\G2MUninstall.exe /uninstall

HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}

Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Package:FXTrek_EFX --> C:\Program Files\EFX\Uninst.exe

SeaMonkey (1.1.8) --> C:\WINDOWS\SeaMonkeyUninstall.exe /ua "1.1.8 (en)"

Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"

StartupMonitor --> MsiExec.exe /I{76EFAC4F-1712-401F-B2AE-590B170C9BCE}

Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type35070 / Error

Event Submitted/Written: 03/30/2008 03:57:54 PM

Event ID/Source: 8 / crypt32

Event Description:

Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type35069 / Warning

Event Submitted/Written: 03/30/2008 00:40:04 PM

Event ID/Source: 4101 / Ci

Event Description:

The content index filter for file "c:\windows\internet logs\zalog2008.02.12.txt" generated content data more than 8

times the file's size.

Event Record #/Type35068 / Warning

Event Submitted/Written: 03/30/2008 00:40:03 PM

Event ID/Source: 4101 / Ci

Event Description:

The content index filter for file "c:\windows\internet logs\zalog2008.02.13.txt" generated content data more than 8

times the file's size.

Event Record #/Type35067 / Warning

Event Submitted/Written: 03/30/2008 00:39:59 PM

Event ID/Source: 4101 / Ci

Event Description:

The content index filter for file "c:\windows\internet logs\zalog2008.02.12.txt" generated content data more than 8

times the file's size.

Event Record #/Type35066 / Warning

Event Submitted/Written: 03/30/2008 00:39:59 PM

Event ID/Source: 4101 / Ci

Event Description:

The content index filter for file "c:\windows\internet logs\zalog2008.02.13.txt" generated content data more than 8

times the file's size.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type16693 / Warning

Event Submitted/Written: 03/30/2008 02:34:43 PM

Event ID/Source: 4226 / Tcpip

Event Description:

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type16568 / Warning

Event Submitted/Written: 03/27/2008 00:33:48 AM

Event ID/Source: 36 / W32Time

Event Description:

The time service has not been able to synchronize the system time

for 49152 seconds because none of the time providers has been able to

provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type16544 / Warning

Event Submitted/Written: 03/25/2008 02:28:06 PM

Event ID/Source: 4226 / Tcpip

Event Description:

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type16523 / Warning

Event Submitted/Written: 03/25/2008 00:22:47 AM

Event ID/Source: 36 / W32Time

Event Description:

The time service has not been able to synchronize the system time

for 49152 seconds because none of the time providers has been able to

provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type16520 / Warning

Event Submitted/Written: 03/24/2008 01:34:26 PM

Event ID/Source: 4226 / Tcpip

Event Description:

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

-- End of Deckard's System Scanner: finished at 2008-03-30 16:01:48 ------------

extra.txt

Link to post
Share on other sites

Looks pretty good...couple of questionable file... the following should take care of them.

Download and scan with SUPERAntiSpyware Free for Home Users

  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.

    [*] Click the "Close" button to leave the control center screen.

    [*] Back on the main screen, under "Scan for Harmful Software" click Scan your computer.

    [*] On the left, make sure you check C:\Fixed Drive.

    [*] On the right, under "Complete Scan", choose Perform Complete Scan.

    [*] Click "Next" to start the scan. Please be patient while it scans your computer.

    [*] After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".

    [*] Make sure everything has a checkmark next to it and click "Next".

    [*] A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.

    [*] If asked if you want to reboot, click "Yes".

    [*] To retrieve the removal information after reboot, launch SUPERAntispyware again.

    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.

    [*] Click Close to exit the program.

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

  • Click on the Start Scanning button at bottom of page.
  • Accept the License Agreement and the ActiveX install.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report to your Desktop for later posting.

Post

  • SAS log
  • F-Secure log
  • Freh HijackThis log

in your next reply.

Link to post
Share on other sites

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 03/30/2008 at 11:26 PM

Application Version : 4.0.1154

Core Rules Database Version : 3427

Trace Rules Database Version: 1419

Scan type : Complete Scan

Total Scan Time : 00:58:51

Memory items scanned : 351

Memory threats detected : 0

Registry items scanned : 5324

Registry threats detected : 0

File items scanned : 56601

File threats detected : 6

Adware.Tracking Cookie

C:\Documents and Settings\Phil\Cookies\phil@realmedia[1].txt

C:\Documents and Settings\Phil\Cookies\[email protected][2].txt

C:\Documents and Settings\Phil\Cookies\[email protected][1].txt

C:\Documents and Settings\Phil\Cookies\phil@collective-media[1].txt

C:\Documents and Settings\Phil\Cookies\[email protected][2].txt

C:\Documents and Settings\Phil\Cookies\[email protected][1].txt

Link to post
Share on other sites

Scanning Report

Monday, March 31, 2008 01:03:57 - 02:39:16

Computer name: COMPUTER

Scanning type: Scan system for malware, rootkits

Target: C:\

Result: 1 malware found

AdWare.Win32.Mostofate (spyware)

* System

Statistics

Scanned:

* Files: 36903

* System: 3437

* Not scanned: 7

Actions:

* Disinfected: 0

* Renamed: 0

* Deleted: 0

* None: 1

* Submitted: 0

Files not scanned:

* C:\HIBERFIL.SYS

* C:\PAGEFILE.SYS

* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

* C:\WINDOWS\SYSTEM32\CONFIG\SAM

* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

Options

Scanning engines:

* F-Secure USS: 2.30.0

* F-Secure Hydra: 2.8.8110, 2008-03-31

* F-Secure AVP: 7.0.171, 2008-03-31

* F-Secure Pegasus: 1.20.0, 2008-02-26

* F-Secure Blacklight: 1.0.64

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

* Use Advanced heuristics

Copyright © 1998-2007 Product support |Send virus sample to F-Secure

F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:42:27 AM, on 3/31/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\StartupMonitor.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135824330522

O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37240.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {F1946764-3B40-4BE3-A87D-F371B112308F} (WPActiveX Control) - http://207.97.210.114/wp/wpax.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4B97FFEB-7D41-450F-9BB5-6A9D7D03ADA7}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{8CA005BA-32C8-44FC-8257-2E7060EAD5C4}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS1\Services\Tcpip\..\{4B97FFEB-7D41-450F-9BB5-6A9D7D03ADA7}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 7213 bytes

Link to post
Share on other sites

Open HiJackThis. It should open to a "New users quickstart" menu

Click "Open the Misc Tools section"

Click "Delete a file on reboot..."

In the "Enter file to delete on reboot..." window, navigate to:

C:\WINDOWS\system32\

And select the file

mi1.exe

Then click Open. After you click Open, HiJackThis will ask you if you want to restart your computer now. click NO.

Repeat for mi2.exe only reboot after mi2.exe

Please download OTCleanIt from HERE to your desktop.

Double click to run it. It will clean up the assortment of tools used during malware removal. When it has finnished, it will ask you to reboot so it can remove itself.

Are you still haveing the slow loading issues??

Link to post
Share on other sites

Hello

I did as requested. Therw was one differnece though, When I went to find mi1.exe it did not exist. All that was there was mi2.exe so I deleted that and rebooted from there, then ran OTCleanIt

And yes, unfortunately, I still have the same problem with pages not loading properly. No difference - no faster or slower.

Link to post
Share on other sites
  • 2 weeks later...

Bump - no reply for 15 days. My prior reply of April 1 below -

Hello

I did as requested. Therw was one differnece though, When I went to find mi1.exe it did not exist. All that was there was mi2.exe so I deleted that and rebooted from there, then ran OTCleanIt

And yes, unfortunately, I still have the same problem with pages not loading properly. No difference - no faster or slower.

Open HiJackThis. It should open to a "New users quickstart" menu

Click "Open the Misc Tools section"

Click "Delete a file on reboot..."

In the "Enter file to delete on reboot..." window, navigate to:

C:\WINDOWS\system32\

And select the file

mi1.exe

Then click Open. After you click Open, HiJackThis will ask you if you want to restart your computer now. click NO.

Repeat for mi2.exe only reboot after mi2.exe

Please download OTCleanIt from HERE to your desktop.

Double click to run it. It will clean up the assortment of tools used during malware removal. When it has finnished, it will ask you to reboot so it can remove itself.

Are you still haveing the slow loading issues??

Link to post
Share on other sites

Sorry, guess the reply from Samuel John threw me off somehow.

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

REBOOT

Next download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

  • Close any open browsers.
  • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
    (Vista users, please right click on OtScanIt.exe and select "Run as an Administrator")
  • Leave all the setting to the default except as noted below
    • Change the setting under BOTH files created and file modified within to 90 days.
    • Under Additional Scans sections, check the following
      • Reg - BotCheck
      • File - Additional Folder Scan

    [*]Now click the Run Scan button on the toolbar.

    [*]The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.

    [*]When the scan is complete Notepad will open with the report file loaded in it.

    [*]Save that notepad file

Since the log is too large to post, use the ADDREPLY button, then scroll down to the attachments section and attach the notepad file here.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...