Infected computer. Please help! - Page 2

DaTwinkie · 03-12-2006, 07:27 PM

Volume in drive C has no label.
Volume Serial Number is CCA0-FDD2

Directory of C:\Documents and Settings\All Users\Application Data

10/21/2005 04:50 PM <DIR> Adobe
09/09/2005 11:36 PM <DIR> Apple Computer
07/21/2005 11:46 PM <DIR> Creative
03/02/2006 11:26 PM <DIR> Kaspersky Anti-Virus Personal Pro
10/10/2005 10:22 AM <DIR> Macromedia
01/18/2006 06:36 PM <DIR> Motive
07/24/2005 04:04 PM <DIR> nView_Profiles
02/27/2006 08:57 PM 1,356 QTSBandwidthCache
08/21/2005 12:28 AM <DIR> Spybot - Search & Destroy
08/14/2005 12:49 AM <DIR> Trymedia
01/18/2006 09:22 PM <DIR> Viewpoint
1 File(s) 1,356 bytes
10 Dir(s) 662,597,632 bytes free
Volume in drive C has no label.
Volume Serial Number is CCA0-FDD2

Directory of C:\Documents and Settings\Andrew J Yu\Application Data

10/09/2005 09:36 PM <DIR> .bittorrent
08/20/2005 02:12 PM <DIR> Adobe
08/20/2005 02:09 PM 877 AdobeDLM.log
10/24/2005 08:29 PM <DIR> AdobeUM
08/13/2005 11:27 PM <DIR> Aim
09/09/2005 11:37 PM <DIR> Apple Computer
07/22/2005 12:42 AM <DIR> CyberLink
08/20/2005 02:09 PM 0 dm.ini
08/17/2005 09:26 PM <DIR> Help
08/04/2005 08:17 PM <DIR> Identities
01/18/2006 09:15 PM <DIR> Lavasoft
11/28/2005 10:19 PM <DIR> Macromedia
01/18/2006 06:37 PM <DIR> Motive
09/09/2005 11:13 PM <DIR> Real
09/11/2005 10:12 PM <DIR> Roxio
09/06/2005 09:50 PM <DIR> Sun
2 File(s) 877 bytes
14 Dir(s) 662,597,632 bytes free
Volume in drive C has no label.
Volume Serial Number is CCA0-FDD2

Directory of C:\Documents and Settings\Default User\Application Data

07/18/2005 11:23 AM <DIR> .
07/18/2005 11:23 AM <DIR> ..
07/18/2005 11:23 AM 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 662,597,632 bytes free
Volume in drive C has no label.
Volume Serial Number is CCA0-FDD2

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C has no label.
Volume Serial Number is CCA0-FDD2

Directory of C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'HP DArC Task #Hewlett-Packard#deskjet5100#MY3923R2S97A.
job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\HP\hpcoretech\comp\hpdarc.exe'
Parameters: '/#Hewlett-Packard#deskjet5100#MY3923R2S97A'
WorkingDirectory: ''
Comment: ''
Creator: 'Andrew J Yu'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 11/30/2005 19:14:00
NextRun: 03/30/2006 19:14:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 1
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: MonthlyDate
Days: 30
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 09/30/2005
EndDate: 00/00/0000
StartTime: 19:14
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

tetonbob · 03-12-2006, 09:41 PM

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you check the last one:

O21 - SSODL: AOL Instant Messenger - {86DB7CB7-F300-C3DF-3D1F-5E4F42586770} - c:\program files\aim\winnfvn32.dll (file missing)

Please run another online scan with Panda, only this time, instead of choosing My Computer, Select Other Media, and choose this location:

C:\Documents and Settings\Andrew J Yu\Application Data

Post the results here, along with a new HJT log.

DaTwinkie · 03-12-2006, 10:59 PM

Hi,

I ran the Panda virus scan in that directory and it said it couldn't find any viruses.

Here's a copy of an updated Hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 9:58:43 PM, on 3/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Andrew J Yu\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDVD4 Professional\MediaDetector.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1141402189765
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

tetonbob · 03-13-2006, 08:11 AM

Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few items to address.

Reset hidden/system files and folders

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Deselect the Show hidden files and folders option.
Select the Hide file extensions for known types option.
Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Create a new System Restore point

click Start >> Run - type SYSDM.CPL & press Enter
select the System Restore Tab
tick on the checkbox - "Turn off System Restore on all drives"
click Apply
then untick the same checkbox & click OK

Enable Windows Auto Update

Go to Start>Run - type wuaucpl.cpl
tick on the checkbox - "Keep my computer up to date"
Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place.
- Install & update SpywareBlaster with the latest definitions.
  After you have updated, click the button - enable protection for all unprotected items
SpywareGuard to catch and block spyware before it can execute.
SPYBOT - SEARCH & DESTROY
Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
AD-AWARE
Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here
IE-SPYAD
IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
- Download IE-SpyAD - Extract the contents to a new folder
  From within the folder, double-click install.bat
  Select Option #2 - Install the new IE-SPYAD list.
  Then return to the main menu.
  Select option #4 - Add the old porn sites domain
MVPS HOST FILE
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
- Download Host.zip - From within Host.zip, double click on MVPS.bat & allow it to run.
ANTIVIRUS SOFTWARE
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online antivirus scanners:

Anti-Spyware Tutorial

Here are two very good free Antivirus products which are available:
Avast!
AVG
Winpatrol - Download and install the free version of Winpatrol.
A tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software

If you do not have a firewall, here are 4 free ones available for personal use:

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

Please respond to this thread one more time so we can mark this thread as resolved.

DaTwinkie · 03-16-2006, 06:53 PM

Tetonbob,

My computer seems to be running fine now. Thank you so much for all of your help. I really appreciate it.

-DaTwinkie

03-12-2006, 09:41 PM	#22 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,488 OS: 2000 Pro; XP Pro; XP Home	Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you check the last one: O21 - SSODL: AOL Instant Messenger - {86DB7CB7-F300-C3DF-3D1F-5E4F42586770} - c:\program files\aim\winnfvn32.dll (file missing) Please run another online scan with Panda, only this time, instead of choosing My Computer, Select Other Media, and choose this location: C:\Documents and Settings\Andrew J Yu\Application Data Post the results here, along with a new HJT log. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

03-13-2006, 08:11 AM	#24 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,488 OS: 2000 Pro; XP Pro; XP Home	Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few items to address. Reset hidden/system files and folders Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Deselect the Show hidden files and folders option. Select the Hide file extensions for known types option. Select the Hide protected operating system files option. Click Yes to confirm. Click OK. Create a new System Restore point click Start >> Run - type SYSDM.CPL & press Enter select the System Restore Tab tick on the checkbox - "Turn off System Restore on all drives" click Apply then untick the same checkbox & click OK Enable Windows Auto Update Go to Start>Run - type wuaucpl.cpl tick on the checkbox - "Keep my computer up to date" Under settings, choose "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: SpywareBlaster to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items SpywareGuard to catch and block spyware before it can execute. SPYBOT - SEARCH & DESTROY Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here AD-AWARE Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here IE-SPYAD IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. Download IE-SpyAD - Extract the contents to a new folder From within the folder, double-click install.bat Select Option #2 - Install the new IE-SPYAD list. Then return to the main menu. Select option #4 - Add the old porn sites domain MVPS HOST FILE The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Download Host.zip - From within Host.zip, double click on MVPS.bat & allow it to run. ANTIVIRUS SOFTWARE It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online antivirus scanners: Anti-Spyware Tutorial Here are two very good free Antivirus products which are available: Avast! AVG Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here: Using Winpatrol to protect your computer from malicious software If you do not have a firewall, here are 4 free ones available for personal use: ZoneAlarm Avast Antivirus/Firewall Tiny Personal Firewall OutPost Firewall In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles HOW DID I GET INFECTED IN THE FIRST PLACE? THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Please respond to this thread one more time so we can mark this thread as resolved. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

03-12-2006, 10:59 PM	#23 (permalink)
DaTwinkie Registered User Join Date: Mar 2006 Posts: 15 OS: Win XP	Hi, I ran the Panda virus scan in that directory and it said it couldn't find any viruses. Here's a copy of an updated Hijack this log: Logfile of HijackThis v1.99.1 Scan saved at 9:58:43 PM, on 3/12/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\AIM\aim.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Andrew J Yu\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Yahoo! Pager] 1 O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDVD4 Professional\MediaDetector.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1141402189765 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

03-16-2006, 06:53 PM	#25 (permalink)
DaTwinkie Registered User Join Date: Mar 2006 Posts: 15 OS: Win XP	Tetonbob, My computer seems to be running fine now. Thank you so much for all of your help. I really appreciate it. -DaTwinkie