Tech Support Forum banner
Status
Not open for further replies.
1 - 7 of 7 Posts

·
Registered
Joined
·
48 Posts
Discussion Starter · #1 ·
hi!
Running XP on a Athlon Xp 3200+ 1GB ram, lots of harddrives.
Over the last couple of months, my system has progressively began acting funny: locking up while I'm rendering out video, hanging for a few seconds here and there when I'm not doing anything taxing, misc slowdowns, my wireless network card forgets all it's parameters when I reboot sometimes, and I have to run the network setup thing again. General "weirdness." Been giving me an annoying amount of trouble lately.

Last year this machine was acting funny, you guys came through and straightened me out. Thanx so much for the help. I'm on the net constantly, so I'm sure I'm picking up parasites along the way.

I went through the 5 steps listed above. I tried running the panda scan overnight last night, but the computer locked up during that scan. I tried it again today, but I quit the panda scan after 5 hours and 700,000 files, and disinfected what it said it found. I don't remember if I turned off AVG before the last scan.

I turned off virtual memory and ran chkdsk and did a bootup defrag on all the drives with Diskeeper. I think I forgot to turn on virtual memory again...lol.

Thanx in advance!

--------------------
Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-25 16:00:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
24: 2008-05-25 23:01:06 UTC - RP1487 - Deckard's System Scanner Restore Point
23: 2008-05-25 21:28:11 UTC - RP1486 - Installed Diskeeper 2008 Pro Premier.
22: 2008-05-25 21:01:39 UTC - RP1485 - Deckard's System Scanner Restore Point
21: 2008-05-24 07:02:12 UTC - RP1484 - System Checkpoint
20: 2008-05-23 07:00:20 UTC - RP1483 - Installed Pirates of the Caribbean - At Worlds End


-- First Restore Point --
1: 2008-05-16 11:39:05 UTC - RP1464 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-25 16:06:38
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC 2 Answering Machine Pro\PC2AM2P_PROC.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\hp\KBD\kbd.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
C:\WINDOWS\ltmsg.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
C:\WINDOWS\Gtwatch.exe
C:\WINDOWS\Gtwatch.exe
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\WINDOWS\PixArt\Pac7311\Monitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
C:\Program Files\Live365\Radio365\Radio365TrayAgent.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Works\WkCalRem.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Owner\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?wl=true
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://my.ebay.com/ws/eBayISAPI.dll...ntPage=MyeBayAllSelling&LogUID=wendysgiftshop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Program Files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [GCS] "C:\Program Files\GrabClipSave\GrabClipSave.exe"
O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Microsoft Works\WkCalRem.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Port Mapper.lnk = C:\Documents and Settings\Owner\Desktop\HomeNetMagic_PortMapper\HomeNetMagic\PortMapper\PortMapper.exe
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.google.com (HKCU)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/fhg.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} () - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://216.237.70.217/activex/AxisCamControl.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.2.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - F:\3ds max\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc - C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
O23 - Service: PC2AM2P_PROC - Teley - C:\Program Files\PC 2 Answering Machine Pro\PC2AM2P_PROC.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe


--
End of file - 16513 bytes

-- File Associations -----------------------------------------------------------

.reg - Regedit.Document - DefaultIcon - unable to read value
.reg - Regedit.Document - shell\open\command - c:\Winnt\Regedit.exe %1
.reg - Regedit.Document - shell\edit\command - unable to read value
.txt - txtfile - DefaultIcon - C:\EditPadClassic\EditPad.exe,0
.txt - txtfile - shell\open\command - C:\EditPadClassic\EditPad.exe "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ewido security suite driver - c:\program files\ewido\security suite\guard.sys
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft(R) ASPI Shell>
R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S2 BT848 (Conexant's BtPCI WDM Video Capture) - c:\windows\system32\drivers\bt848.sys <Not Verified; Illusion & Hope.; bt848.sys>
S2 CXTUNER (CxTuner, WDM TvTuner) - c:\windows\system32\drivers\cxtuner.sys (file missing)
S2 CXXBAR (CxXBar, WDM Crossbar) - c:\windows\system32\drivers\cxxbar.sys (file missing)
S2 LXARScan (Lexmark X73 MFP Scanner) - c:\windows\system32\drivers\lxarscan.sys (file missing)
S2 MKEMUSB (Panasonic Digital Palmcorder) - c:\windows\system32\drivers\mkemusb.sys <Not Verified; Matsushita Kotobuki Electronics Industries, Ltd.; Panasonic Digital Palmcorder>
S3 ASPI (Advanced SCSI Programming Interface Driver) - c:\windows\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
S3 BLKWGU(Belkin) (Belkin Wireless G USB Network Adapter(Belkin)) - c:\windows\system32\drivers\blkwgu.sys (file missing)
S3 DCamUSBMke (USB Video Camera for Panasonic Digital Palmcorder) - c:\windows\system32\drivers\mkeusbi.sys <Not Verified; Matsushita Kotobuki Electronics Industries,Ltd.; Panasonic Digital Palmcorder>
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 GT681x (%GrandTechICNameNT%) - c:\windows\system32\drivers\gt681x.sys <Not Verified; ; USB Scanner Driver>
S3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys (file missing)
S3 samhid - c:\windows\system32\drivers\samhid.sys (file missing)
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service>
R2 OneTouch 4.0 Monitor - "c:\program files\visioneer\onetouch 4.0\otservice.exe" <Not Verified; Visioneer Inc; OneTouch 4.0 Component>
R2 PC2AM2P_PROC - c:\program files\pc 2 answering machine pro\pc2am2p_proc.exe <Not Verified; Teley; PC 2 Answering Machine 2.0 Service>

S2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "f:\3ds max\mentalray\satellite\raysat_3dsmax9_32server.exe"
S3 A3filt -
S3 AdobeVersionCue - c:\program files\adobe\adobe version cue\service\versioncue.exe <Not Verified; Adobe Sytems; Adobe Version Cue™>
S3 Tdpsyes -
S4 ewido security suite guard - c:\program files\ewido\security suite\ewidoguard.exe <Not Verified; ewido networks; guard>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-25 15:12:00 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-05-25 15:08:17 422 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0E5E0714-3F7D-45FA-915E-E9337C0041BB}.job
2008-05-25 06:00:00 288 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2008-05-21 10:08:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-25 and 2008-05-25 -----------------------------

2100-02-23 14:35:34 768 --a------ C:\Program Files\x73_lut.dat
2100-02-08 16:03:54 53248 --a------ C:\Program Files\ACMonitor_X73.exe <Not Verified; Silitek Corp.; ACMonitor>
2008-05-25 14:28:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2008-05-25 14:28:19 0 d-------- C:\Program Files\Diskeeper Corporation
2008-05-25 01:38:07 0 d-------- C:\Program Files\Panda Security
2008-05-23 00:01:48 0 d-------- C:\Documents and Settings\Owner\Application Data\Disney Interactive Studios
2008-05-22 23:57:38 0 d-------- C:\Program Files\Disney Interactive Studios
2008-05-04 23:01:12 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-04 16:05:53 96768 --a------ C:\WINDOWS\system32\lagarith.dll <Not Verified; ; Lagarith>
2008-05-04 16:05:53 33280 --a------ C:\WINDOWS\system32\huffyuv.dll <Not Verified; Disappearing Inc.; Huffyuv>
2008-05-04 16:05:27 0 d-------- C:\Program Files\Presentersoft PowerVideoMaker
2008-05-02 22:20:34 0 d-------- C:\Program Files\MSBuild
2008-05-02 22:17:54 0 d-------- C:\Program Files\Microsoft.NET
2008-05-02 22:11:34 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-02 22:10:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-02 20:24:10 0 d-------- C:\Program Files\Bytescout PPT To Video Scout
2008-04-28 14:02:58 0 d-------- C:\Program Files\Common Files\xing shared


-- Find3M Report ---------------------------------------------------------------

2008-05-25 13:59:50 0 d-------- C:\Program Files\SpywareBlaster
2008-05-25 01:38:11 7039 --a------ C:\WINDOWS\mozver.dat
2008-05-24 19:44:49 0 d-------- C:\Program Files\nbpro
2008-05-23 16:34:52 0 d-------- C:\Documents and Settings\Owner\Application Data\Azureus
2008-05-22 23:59:45 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-22 23:57:11 0 d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-05-22 23:38:32 0 d-------- C:\Program Files\IrfanView
2008-05-19 19:32:53 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-05-19 13:48:11 0 d-------- C:\Program Files\Java
2008-05-16 17:11:45 0 d-------- C:\Program Files\Disk Space Inspector
2008-05-16 14:42:32 11912 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-05-05 01:15:33 9436 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-01 13:51:07 0 d-------- C:\Program Files\AIM6
2008-04-28 14:02:58 0 d-------- C:\Program Files\Common Files
2008-04-28 14:02:49 0 d-------- C:\Program Files\Common Files\Real
2008-04-28 14:02:17 0 d-------- C:\Program Files\Real
2008-04-28 14:02:17 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2008-04-23 11:20:29 2542 --a------ C:\WINDOWS\unins000.dat
2008-04-23 09:31:03 691545 --a------ C:\WINDOWS\unins000.exe
2008-04-12 22:23:11 0 d-------- C:\Documents and Settings\Owner\Application Data\TaxCut
2008-04-12 22:22:47 0 d-------- C:\Documents and Settings\Owner\Application Data\pdf995
2008-04-12 20:11:45 249856 --a------ C:\WINDOWS\system32\pdfmona.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-04-12 20:11:45 51716 --a------ C:\WINDOWS\system32\pdf995mon.dll
2008-04-12 20:11:42 0 d-------- C:\Program Files\PDF995
2008-04-03 01:07:35 0 d-------- C:\Program Files\TaxCut07
2008-03-30 16:30:42 0 d-------- C:\Documents and Settings\Owner\Application Data\acccore
2008-03-30 16:17:02 0 d-------- C:\Program Files\Common Files\AOL
2008-03-08 19:36:08 10458 --a------ C:\Program Files\INSTALL.LOG
2008-03-03 02:43:38 796672 --a------ C:\WINDOWS\GPInstall.exe <Not Verified; Qsc; GP-Install>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 05:04 PM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/11/2003 08:02 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [11/03/2003 05:50 PM]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [10/29/2003 10:17 AM]
"LWBKEYBOARD"="C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe" [04/02/2002 02:52 AM]
"LTMSG"="LTMSG.exe" [07/14/2003 06:52 PM C:\WINDOWS\ltmsg.exe]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [08/21/2003 04:15 AM]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [08/21/2003 04:23 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/16/2008 09:48 AM]
"FineReader7NewsReaderPro"="C:\Program Files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe" [12/16/2004 11:38 PM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 01:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"HPWUTOOLBOX"="C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe" [07/23/2005 01:18 AM]
"@"="C:\WINDOWS\Gtwatch.exe" [08/24/2001 11:18 AM]
"Gtwatch"="C:\WINDOWS\gtwatch.exe" [08/24/2001 11:18 AM]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" []
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [12/07/2007 10:01 PM]
"Monitor"="C:\WINDOWS\PixArt\PAC7311\Monitor.exe" [11/03/2006 11:01 AM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 10:22 AM]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [03/12/2004 09:09 PM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [03/12/2004 09:17 PM]
"NvMediaCenter"="NvMCTray.dll" [10/22/2006 12:22 PM C:\WINDOWS\system32\nvmctray.dll]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [04/01/2008 01:21 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 12:22 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"GCS"="C:\Program Files\GrabClipSave\GrabClipSave.exe" [04/14/2003 08:15 AM]
"@"="" []
"Radio365Agent"="C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe" [09/22/2005 05:36 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [06/26/2006 04:13 PM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [09/11/2006 04:40 AM]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [12/07/2007 10:01 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/25/2008 01:21 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [6/7/2004 2:26:35 PM]
wkcalrem.LNK - C:\Program Files\Microsoft Works\WkCalRem.exe [6/20/2007 2:04:51 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [5/15/2003 12:19:50 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [9/16/2003 1:19:24 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^iPodder.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\iPodder.lnk
backup=C:\WINDOWS\pss\iPodder.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MetaCafe.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MetaCafe.lnk
backup=C:\WINDOWS\pss\MetaCafe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeVersionCue]
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
AutoRun\command- L:\CleanerXLSetup.exe

*Newly Created Service* - GTNDIS5



-- End of Deckard's System Scanner: finished at 2008-05-25 16:07:53 ------------
 

Attachments

·
Registered
Joined
·
48 Posts
Discussion Starter · #3 · (Edited)
5 day bump

Please? Any help would be...helpful! Thanx!
It's so amazing to me how you guys can figure out all the crazy problems computers get and resolve them. I'm thankful my problems aren't as severe as many of the others I see here. You are a real help.

I've been using this computer for nearly 7 years and who knows how many things have been attached, detatched, infected, disinfected, binged, purged and who knows what all in that time. I get files from clients all the time, and I have no idea what all I've picked up in all this time. I have 8 hard drives with about 2 terrabytes of files on here. Can't get a new system for fear of not being able to replace the software I've accumulated over all that time...
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hello Berighteous,

I'm not seeing much here. Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs)

My Web Search (Smiley Central)


--------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries: (if they still exist)

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O8 - Extra context menu item: &Search - ?p=ZNfox000



Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Delete this folder if it still exists:

C:\Program Files\MyWebSearch

--------------------------------------------------------------------

See if you can get this online scanner to complete:

Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
        [*]Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.



  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan


Any improvement in system behavior?
 

·
Registered
Joined
·
48 Posts
Discussion Starter · #5 ·
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, June 01, 2008 7:59:09 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/06/2008
Kaspersky Anti-Virus database records: 819797
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
K:\
L:\
O:\
P:\
Q:\
S:\
T:\
U:\
V:\

Scan Statistics:
Total number of scanned objects: 483640
Number of viruses found: 37
Number of infected objects: 63
Number of suspicious objects: 5
Duration of the scan process: 06:38:59

Infected Object Name / Virus Name / Last Action
C:\!KillBox\nvritf.dll Infected: not-a-virus:AdWare.Win32.BHO.ba skipped
C:\Documents and Settings\All Users\Application Data\AVG7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\umogvjl3.default\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\umogvjl3.default\history.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\umogvjl3.default\key3.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\umogvjl3.default\parent.lock Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\umogvjl3.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\umogvjl3.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\AOL OCP\AIM\Storage\data\berighteous1234\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\umogvjl3.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\umogvjl3.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\umogvjl3.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\umogvjl3.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Yahoo\Y!Msgr\merlin.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008060120080602\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_200.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_8f4.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_Owner.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_Owner.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_Owner.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\performance_build_907.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\voice_Owner_0.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\ycp_Owner.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1484\A0317090.dll Infected: not-a-virus:AdWare.Win32.VB.y skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1484\A0317091.exe/keygen.exe Infected: Trojan.Win32.Agent.cro skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1484\A0317091.exe/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.arm skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1484\A0317091.exe/serial.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1484\A0317091.exe/install.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1484\A0317091.exe RAR: infected - 4 skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1488\A0318112.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1488\A0318114.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1488\A0318116.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1488\A0318117.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1488\A0318119.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1488\A0318120.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1488\A0318121.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1488\A0318122.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1488\A0318123.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1488\A0318124.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1488\A0318125.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1488\A0318126.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1488\A0318127.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1488\A0318128.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1488\A0318129.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1488\A0318130.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1488\A0318131.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1488\A0318133.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1488\A0318134.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1488\A0318136.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1488\A0318138.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1488\A0318139.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1488\A0318140.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1488\A0318142.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1488\A0318143.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1488\A0318144.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1488\A0318159.exe Infected: not-a-virus:AdWare.Win32.EZula skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1488\A0318164.exe Object is locked skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1488\A0318165.exe Object is locked skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1497\A0318705.exe/data0006 Infected: Trojan-Downloader.Win32.PurityScan.eu skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1497\A0318705.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP1498\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{E6CE8E71-793E-48BC-9991-91E9B08ADBC1}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\BrwsPtnr.dll Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\mslfip.dll Infected: not-a-virus:AdWare.Win32.ClientMan skipped
C:\WINDOWS\system32\saflsa.dll Infected: Trojan-Clicker.Win32.VB.zc skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\~DF7B49.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\Palm Pilot Stuff\palmsoftware - downloads\vnc-3.3.3r2_x86_win32 - Access any PC off your PC!.zip/vnc_x86_win32/vncviewer/vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
H:\Palm Pilot Stuff\palmsoftware - downloads\vnc-3.3.3r2_x86_win32 - Access any PC off your PC!.zip ZIP: infected - 1 skipped
I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
O:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
P:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\122c60a70f7a9d14edbed22f7c5b9323_ee4b4ca4-353b-44a8-9163-ae90d17b091f Object is locked skipped
P:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6b0ea7bb2c8068cbbb734f4a62a7382e_ee4b4ca4-353b-44a8-9163-ae90d17b091f Object is locked skipped
P:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
P:\Documents and Settings\All Users\Application Data\QuickTime\QuickTime.qtp Object is locked skipped
P:\Documents and Settings\All Users\Start Menu\Programs\Web Search Tools\Frequently Asked Questions.url Object is locked skipped
P:\Documents and Settings\All Users\Start Menu\Programs\Web Search Tools\Home.url Object is locked skipped
P:\Documents and Settings\All Users\Start Menu\Programs\Web Search Tools\Privacy Policy.url Object is locked skipped
P:\Documents and Settings\All Users\Start Menu\Programs\Web Search Tools\Terms of Use.url Object is locked skipped
P:\Documents and Settings\Michael\Desktop\michael's stuff\Sharon\WINDOWS\Application Data\Identities\{D42648E0-3F1C-11D4-AA09-D6D6E035F11F}\Microsoft\Outlook Express\Other Ministries.dbx/[From "Zamekio Jackson" <[email protected]>][Date Fri, 23 Jun 2000 13:19:25 -0400]/UNNAMED/html Infected: Email-Worm.VBS.KakWorm skipped
P:\Documents and Settings\Michael\Desktop\michael's stuff\Sharon\WINDOWS\Application Data\Identities\{D42648E0-3F1C-11D4-AA09-D6D6E035F11F}\Microsoft\Outlook Express\Other Ministries.dbx/[From "Zamekio Jackson" <[email protected]>][Date Fri, 23 Jun 2000 13:19:25 -0400]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
P:\Documents and Settings\Michael\Desktop\michael's stuff\Sharon\WINDOWS\Application Data\Identities\{D42648E0-3F1C-11D4-AA09-D6D6E035F11F}\Microsoft\Outlook Express\Other Ministries.dbx MailMSOutlook5: infected - 2 skipped
P:\Documents and Settings\Michael\Desktop\michael's stuff\Sharon\WINDOWS\sp.dll Object is locked skipped
P:\Documents and Settings\Michael\Local Settings\Application Data\Identities\{EC15BD13-C833-4CA0-A28E-699E6146C845}\Microsoft\Outlook Express\Sent Items.dbx/[From "Michael Packard" <[email protected]>][Date Mon, 15 Mar 2004 20:26:25 -0700]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
P:\Documents and Settings\Michael\Local Settings\Application Data\Identities\{EC15BD13-C833-4CA0-A28E-699E6146C845}\Microsoft\Outlook Express\Sent Items.dbx/[From "Michael Packard" <[email protected]>][Date Mon, 15 Mar 2004 20:26:25 -0700]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
P:\Documents and Settings\Michael\Local Settings\Application Data\Identities\{EC15BD13-C833-4CA0-A28E-699E6146C845}\Microsoft\Outlook Express\Sent Items.dbx/[From "Michael Packard" <[email protected]>][Date Thu, 8 Apr 2004 01:49:10 -0600]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
P:\Documents and Settings\Michael\Local Settings\Application Data\Identities\{EC15BD13-C833-4CA0-A28E-699E6146C845}\Microsoft\Outlook Express\Sent Items.dbx/[From "Michael Packard" <[email protected]>][Date Thu, 8 Apr 2004 01:49:10 -0600]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
P:\Documents and Settings\Michael\Local Settings\Application Data\Identities\{EC15BD13-C833-4CA0-A28E-699E6146C845}\Microsoft\Outlook Express\Sent Items.dbx MailMSOutlook5: suspicious - 4 skipped
P:\Documents and Settings\Wendy\Local Settings\Temp\ImInstaller\IncrediMail\imloader.exe Infected: not-a-virus:Downloader.Win32.ImLoader.b skipped
P:\Documents and Settings\Wendy\Local Settings\Temp\WToolsB.dll Infected: not-a-virus:AdWare.Win32.Wintol.aw skipped
P:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\AH6ZQJ0X\install_iframe[2].jsp Infected: Trojan-Downloader.JS.Agent.kk skipped
P:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\AH6ZQJ0X\install_iframe[4].jsp Infected: Trojan-Downloader.JS.Agent.kk skipped
P:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\SFUDCB6D\CAT8KZP5.htm Infected: Trojan-Downloader.JS.FlingStone skipped
P:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\SFUDCB6D\install_iframe[2].jsp Infected: Trojan-Downloader.JS.Agent.kk skipped
P:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\SFUDCB6D\install_iframe[4].jsp Infected: Trojan-Downloader.JS.Agent.kk skipped
P:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\U3CHE78J\FSC[1].exe Infected: not-a-virus:AdWare.Win32.FreeScratch.b skipped
P:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\U3CHE78J\nCaseInstaller[1].cab/nCaseInstaller.dll Infected: not-a-virus:AdWare.Win32.180Solutions skipped
P:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\U3CHE78J\nCaseInstaller[1].cab/nCASELib.dll Infected: not-a-virus:AdWare.Win32.180Solutions skipped
P:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\U3CHE78J\nCaseInstaller[1].cab CAB: infected - 2 skipped
P:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\W12NS16B\main[1].chm/main.htm Infected: Trojan-Downloader.JS.Miner skipped
P:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\W12NS16B\main[1].chm CHM: infected - 1 skipped
P:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\W12NS16B\main[2].chm/main.htm Infected: Trojan-Downloader.JS.Miner skipped
P:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\W12NS16B\main[2].chm CHM: infected - 1 skipped
P:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\W12NS16B\main[3].chm/main.htm Infected: Trojan-Downloader.JS.Miner skipped
P:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\W12NS16B\main[3].chm CHM: infected - 1 skipped
P:\Program Files\HighCriteria\TotalRecorder\Totalrecorder40_crk\crack.exe Object is locked skipped
P:\Program Files\HighCriteria\TotalRecorder\Totalrecorder40_crk\DrvTrNTl.dll Object is locked skipped
P:\Program Files\HighCriteria\TotalRecorder\Totalrecorder40_crk\DrvTrNTm.dll Object is locked skipped
P:\Program Files\HighCriteria\TotalRecorder\Totalrecorder40_crk\License.txt Object is locked skipped
P:\Program Files\HighCriteria\TotalRecorder\Totalrecorder40_crk\N-GeN.nfo Object is locked skipped
P:\Program Files\HighCriteria\TotalRecorder\Totalrecorder40_crk\OEMSetup.inf Object is locked skipped
P:\Program Files\HighCriteria\TotalRecorder\Totalrecorder40_crk\Readme.txt Object is locked skipped
P:\Program Files\HighCriteria\TotalRecorder\Totalrecorder40_crk\Registration.txt Object is locked skipped
P:\Program Files\HighCriteria\TotalRecorder\Totalrecorder40_crk\setup.exe Object is locked skipped
P:\Program Files\HighCriteria\TotalRecorder\Totalrecorder40_crk\TotalRecorder.cnt Object is locked skipped
P:\Program Files\HighCriteria\TotalRecorder\Totalrecorder40_crk\TotalRecorder.doc Object is locked skipped
P:\Program Files\HighCriteria\TotalRecorder\Totalrecorder40_crk\TotalRecorder.exe Object is locked skipped
P:\Program Files\HighCriteria\TotalRecorder\Totalrecorder40_crk\TotalRecorder.hlp Object is locked skipped
P:\Program Files\HighCriteria\TotalRecorder\Totalrecorder40_crk\TotRecSched.exe Object is locked skipped
P:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
P:\WINDOWS\$NtUninstallQ309521$\dxmasf.dll Object is locked skipped
P:\WINDOWS\$NtUninstallQ309521$\httpod51.dll Object is locked skipped
P:\WINDOWS\$NtUninstallQ309521$\lsasrv.dll Object is locked skipped
P:\WINDOWS\$NtUninstallQ309521$\msdxm.ocx Object is locked skipped
P:\WINDOWS\$NtUninstallQ309521$\sfcfiles.dll Object is locked skipped
P:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.exe Object is locked skipped
P:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.inf Object is locked skipped
P:\WINDOWS\$NtUninstallQ309521$\ssdpapi.dll Object is locked skipped
P:\WINDOWS\$NtUninstallQ309521$\ssdpsrv.dll Object is locked skipped
P:\WINDOWS\$NtUninstallQ309521$\ssinc51.dll Object is locked skipped
P:\WINDOWS\$NtUninstallQ314862$\qmgr.dll Object is locked skipped
P:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.exe Object is locked skipped
P:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.inf Object is locked skipped
P:\WINDOWS\$NtUninstallQ315000$\netsetup.exe Object is locked skipped
P:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.exe Object is locked skipped
P:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.inf Object is locked skipped
P:\WINDOWS\$NtUninstallQ315000$\ssdpapi.dll Object is locked skipped
P:\WINDOWS\$NtUninstallQ315000$\ssdpsrv.dll Object is locked skipped
P:\WINDOWS\$NtUninstallQ315000$\upnp.dll Object is locked skipped
P:\WINDOWS\$NtUninstallQ323172$\reg00003 Object is locked skipped
P:\WINDOWS\$NtUninstallQ323172$\reg00005 Object is locked skipped
P:\WINDOWS\$NtUninstallQ323172$\reg00008 Object is locked skipped
P:\WINDOWS\$NtUninstallQ323172$\reg00009 Object is locked skipped
P:\WINDOWS\$NtUninstallQ323172$\reg00010 Object is locked skipped
P:\WINDOWS\$NtUninstallQ323172$\reg00011 Object is locked skipped
P:\WINDOWS\$NtUninstallQ329048$\reg00001 Object is locked skipped
P:\WINDOWS\$NtUninstallQ329390$\reg00001 Object is locked skipped
P:\WINDOWS\$NtUninstallQ329834$\reg00001 Object is locked skipped
P:\WINDOWS\system32\drivers\etc\hosts Infected: Trojan.Win32.Qhost.ahq skipped
Q:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hi,

Again, not much here.

Delete the following files and folders:

C:\!KillBox
C:\WINDOWS\system32\mslfip.dll
C:\WINDOWS\system32\saflsa.dll
P:\WINDOWS\system32\drivers\etc\hosts

You need to clean the Temp and Temp Internet files on Drive P:

P:\Documents and Settings\Wendy\Local Settings\Temp\ImInstaller\IncrediMail\imloader.exe
P:\Documents and Settings\Wendy\Local Settings\Temp\WToolsB.dll
P:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\AH6ZQJ0X\install_iframe[2].jsp
P:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\AH6ZQJ0X\install_iframe[4].jsp
P:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\SFUDCB6D\CAT8KZP5.htm
P:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\SFUDCB6D\install_iframe[2].jsp
P:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\SFUDCB6D\install_iframe[4].jsp
P:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\U3CHE78J\FSC[1].exe
P:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\U3CHE78J\nCaseInstaller[1].cab
P:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\W12NS16B\main[1].chm
P:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\W12NS16B\main[2].chm
P:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\W12NS16B\main[3].chm
That's all I'm seeing as far as malware. If your issues persist, you may want to discuss them with the folks in the Windows XP Support section of this forum.
 
1 - 7 of 7 Posts
Status
Not open for further replies.
Top