Solved Desktop Freezes In XP

Desktop, windows, and URL's freezes up

Hello Geri, Had to post below this one because my e-mail froze again.
I went into my files and clicked "show hidden files/folders and also unchecked hide protected operating system files. The only one I saw close to it was the one I sent you so I put the check marks back. When I searched before, I also checked to look in hidden files.....it looks like it may be in the note pad notes but I sure could not find it......here are the notes from cmd: Volume in drive C has no label.
Volume Serial Number is B89D-5F83

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/23/2001 11:00 AM 12,800 svchost.exe
1 File(s) 12,800 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

08/04/2004 12:56 AM 14,336 svchost.exe
1 File(s) 14,336 bytes

Directory of C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e

04/13/2008 08:12 PM 14,336 svchost.exe
1 File(s) 14,336 bytes

Directory of C:\WINDOWS\system32

03/27/2008 05:35 AM 14,336 svchost.exe
1 File(s) 14,336 bytes

 

Hi
OK please do this.

Copy and paste this in a command window.

Code:

@echo off
copy C:\WINDOWS\ServicePackFiles\i386\svchost.exe C:\WINDOWS\system32\dllcache
if exist C:\WINDOWS\system32\dllcache\svchost.exe ren C:\WINDOWS\system32\svchost.exe svchost.exe.old& echo svchost renamed>>done.txt
start notepad done.txt
exit
cls

Post done.txt

Thanks
Geri

 

Desk top and Web sites hanging up...freezing

Hello Geri, Good thing I have a laptop too....had to keep going between the two....whenever I tried to answer the thread or save the note pad on my tower pc, it all lockes up. I copied the new quote in the cmd window and it said, "svchost renamed." Now I have to go reboot the tower.
Thank you, Snookie

 

Hi
OK did I tell you to reboot?

Please do not do things unless told to do so.
Geri

 

Desk top and Web sites hanging up...freezing

Hello Geri, I understand but had to reboot because I had to send you the previous post from my laptop, not the pc that I am having trouble with,because the tower pc froze up....keep having that problem when I try to open the e-mails In outlook express..everything hangs up and or the desktop won't work.
Thanks, snookie

 

Hi
OK.
I need another Kaspersky scan.

Thanks
Geri

 

Desk top and Web sites hanging up...freezing

ok Geri, will do...thank you. Snookie

 

Desktop, windows, and URL's freezes up

Hello Geri, Here Is the new Kaspersky scan results.....pretty hard to do....outlook express kept freezing up and other windows hanging up....KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, September 7, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, September 07, 2008 16:13:46
Records in database: 1200548


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\

Scan statistics
Files scanned 95624
Threat name 4
Infected objects 10
Suspicious objects 0
Duration of the scan 03:21:21

File name Threat name Threats count
C:\Documents and Settings\Bev\Application Data\Sun\Java\Deployment\cache\6.0\22\74018dd6-582c1601 Infected: Trojan-Downloader.Java.OpenStream.ac 1

C:\Documents and Settings\Bev\Application Data\Sun\Java\Deployment\cache\6.0\25\1d9a4d9-23137fd6 Infected: Trojan-Downloader.Java.OpenStream.ac 1

C:\Documents and Settings\Bev\Application Data\Sun\Java\Deployment\cache\6.0\30\2324b7de-28adcf5b Infected: Trojan-Downloader.Java.OpenStream.ac 1

C:\Documents and Settings\Bev\Application Data\Sun\Java\Deployment\cache\6.0\35\362cfe3-6c9898c2 Infected: Trojan-Downloader.Java.OpenStream.ac 1

C:\Documents and Settings\Bev\Application Data\Sun\Java\Deployment\cache\6.0\43\65cc22eb-26128229 Infected: Trojan-Downloader.Java.OpenStream.ac 1

C:\Documents and Settings\Bev\Application Data\Sun\Java\Deployment\cache\6.0\47\58535aaf-717c19a7 Infected: Trojan-Downloader.Java.OpenStream.ac 1

C:\Program Files\Windows Live\Messenger\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.cv 1

C:\Program Files\Windows Live\Messenger\riched20.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.cj 1

C:\QooBox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.cv 1

C:\WINDOWS\system32\svchost.exe.old Infected: Trojan-Downloader.Win32.Agent.adrd 1

The selected area was scanned.

 

Hi
Please follow these instructions carefully.

1. Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
2. On the general tab, at the bottom it has "temporary internet files "
3. Click the settings button. Then the Delete files button.
4. There are two options in the window to clear the cache - Leave both Checked
   • 
     Applications and Applets
     Trace and Log files
5. Click OK
   Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
6. Click OK to leave the Java Control Panel.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Code:

File::
C:\WINDOWS\system32\svchost.exe.old 

Please Open MBAM click on the Update Button at the top then update MBAM.
Please run it again using the instructions I gave you before.

Then run and post a new Kaspersky scan.

Thanks
Geri

 

Desktop, windows, and URL's freezes up

Hello Geri, Here Is the HijackThis Log and the log from Combofix... Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:24 PM, on 9/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe
C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\efax\Dllcmd32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.rr.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.rr.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe "
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe "
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe "
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe "
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe "
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe "
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Bev\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4D991907-376B-4930-9090-8876B7E54087} (Application Class) - http://software.musicnow.com/musicnow/phoenix/4.0.0.34/MusicNow.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://eshare.hpphoto.com/Download/HPeServicesLocalPrint.CAB
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner/PestScan/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1199481796078
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1199481784796
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A9DD5FE2-5567-4983-971F-C792375025A6} (PhoenixBody Class) - http://software.musicnow.com/musicnow/phoenix/5.0.0.23/MusicNow.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Movielink Core Service - Unknown owner - C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE (file missing)
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O24 - Desktop Component 0: (no name) - http://www.newspaperlinks.com/common/images/toplogo_voy2.gif
O24 - Desktop Component 1: (no name) - http://www.soxprospects.com/images/bar9.jpg

ComboFix 08-09-05.04 - Bev 2008-09-07 21:15:10.2 - NTFSx86
Running from: C:\Documents and Settings\Bev\Desktop\DESKTOP ITEMS\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bev\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\svchost.exe.old
C:\WINDOWS\system32\SZComp5.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-08 to 2008-09-08 )))))))))))))))))))))))))))))))
.

2008-09-05 09:47 . 2008-09-05 09:47 200 --a------ C:\WINDOWS\system32\drivers\kgpcpy.cfg
2008-09-02 10:13 . 2008-09-02 10:14 <DIR> d-------- C:\Program Files\Windows Defender
2008-08-30 11:19 . 2008-08-30 11:19 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-30 11:19 . 2008-08-30 11:19 <DIR> d-------- C:\Documents and Settings\Bev\Application Data\Malwarebytes
2008-08-30 11:19 . 2008-08-30 11:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-30 11:19 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-30 11:19 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-29 16:02 . 2008-08-31 15:27 <DIR> d-------- C:\rsit
2008-08-29 10:45 . 2008-08-29 10:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-25 15:36 . 2008-08-25 15:36 17,408 -ra------ C:\WINDOWS\system32\SZIO5.dll
2008-08-25 15:35 . 2008-08-25 15:35 262,144 -ra------ C:\WINDOWS\system32\SZBase5.dll
2008-08-21 14:39 . 2008-08-21 14:39 364,544 -ra------ C:\WINDOWS\system32\IS3DBA5.dll
2008-08-21 14:39 . 2008-08-21 14:39 126,976 -ra------ C:\WINDOWS\system32\IS3HTUI5.dll
2008-08-21 14:38 . 2008-08-21 14:38 372,736 -ra------ C:\WINDOWS\system32\IS3UI5.dll
2008-08-21 14:38 . 2008-08-21 14:38 61,440 -ra------ C:\WINDOWS\system32\IS3Hks5.dll
2008-08-21 14:38 . 2008-08-21 14:38 23,040 -ra------ C:\WINDOWS\system32\IS3XDat5.dll
2008-08-21 14:37 . 2008-08-21 14:37 212,992 -ra------ C:\WINDOWS\system32\IS3Win325.dll
2008-08-21 14:37 . 2008-08-21 14:37 94,208 -ra------ C:\WINDOWS\system32\IS3Inet5.dll
2008-08-21 14:37 . 2008-08-21 14:37 90,112 -ra------ C:\WINDOWS\system32\IS3Svc5.dll
2008-08-21 14:34 . 2008-08-21 14:34 708,608 -ra------ C:\WINDOWS\system32\IS3Base5.dll
2008-08-13 20:42 . 2008-08-13 20:42 268 --ah----- C:\sqmdata02.sqm
2008-08-13 20:42 . 2008-08-13 20:42 244 --ah----- C:\sqmnoopt02.sqm
2008-08-12 19:09 . 2008-08-12 19:09 244 --ah----- C:\sqmnoopt01.sqm
2008-08-12 19:09 . 2008-08-12 19:09 232 --ah----- C:\sqmdata01.sqm
2008-08-11 13:22 . 2008-08-11 13:22 39,680 -ra------ C:\WINDOWS\system32\drivers\SZKG.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-08 01:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-09-05 16:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\SITEguard
2008-09-05 13:33 --------- d-----w C:\Program Files\lg_fwupdate
2008-09-05 13:13 --------- d-----w C:\Program Files\STOPzilla!
2008-09-04 22:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-03 15:50 --------- d-----w C:\Program Files\Java
2008-09-01 16:41 --------- d-----w C:\Program Files\Norton SystemWorks Basic Edition
2008-09-01 00:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-31 16:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-29 13:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-29 13:13 --------- d-----w C:\Program Files\Oberon Media
2008-08-14 01:12 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-14 01:02 --------- d-----w C:\Program Files\Windows Live
2008-07-30 21:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 21:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 21:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-07-15 00:19 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-15 00:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-09 21:46 --------- d-----w C:\Program Files\CarMD
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-17 18:12 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-13 18:45 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll
2008-06-13 18:45 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll
2001-08-23 15:00 94,784 -csh--w C:\WINDOWS\twain.dll
2004-08-04 04:56 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 04:56 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 04:56 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 04:56 343,040 --sh--w C:\WINDOWS\system32\msvcrt.dll
2007-12-04 18:38 550,912 --sha-w C:\WINDOWS\system32\oleaut32.dll
2004-08-04 04:56 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-04 04:56 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe
.

((((((((((((((((((((((((((((( snapshot@2008-09-01_22.21.06.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 04:56:58 14,336 -c--a-w C:\WINDOWS\system32\dllcache\svchost.exe
- 2008-03-27 09:35:04 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
+ 2004-08-04 04:56:58 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM "= "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft IntelliType Pro "= "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe" [2000-01-13 31232]
"QOELOADER "= "C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe" [2006-04-11 6656]
"SMSystemAnalyzer "= "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [2007-01-26 567400]
"UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"LanguageShortcut "= "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"LGODDFU "= "C:\Program Files\lg_fwupdate\fwupdate.exe" [2008-01-11 249856]
"Adobe Photo Downloader "= "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 51048]
"osCheck "= "C:\Program Files\Norton AntiVirus\osCheck.exe" [2008-02-07 718704]
"NSWosCheck "= "C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe" [2007-09-18 25472]
"AlcxMonitor "= "ALCXMNTR.EXE" [2004-09-07 C:\WINDOWS\ALCXMNTR.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Live Menu.lnk - C:\Program Files\Common Files\efax\Dllcmd32.exe [2006-04-11 18432]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-06-29 24633]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Messenger\\msmsgs.exe "=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe "=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP "= 67:UDPHCP Discovery Service

R0 szkg5;szkg5;C:\WINDOWS\system32\drivers\szkg.sys [2008-08-11 39680]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 149864]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 40832]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 23888]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 21:20:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-09-07 21:25:23
ComboFix-quarantined-files.txt 2008-09-08 01:24:16
ComboFix2.txt 2008-09-02 02:23:35

Pre-Run: 40,377,786,368 bytes free
Post-Run: 40,481,091,584 bytes free

150 --- E O F --- 2008-09-04 21:08:33

--
End of file - 10527 bytes
Kaspersky scan later...thank you, snookie

 

Desktop, windows, and URL's freezes up

Geri, here is the MBAM scan which came out clean.Malwarebytes' Anti-Malware 1.26
Database version: 1126
Windows 5.1.2600 Service Pack 2

9/7/2008 10:30:30 PM
mbam-log-2008-09-07 (22-30-30).txt

Scan type: Quick Scan
Objects scanned: 45516
Time elapsed: 11 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

Hi
Can I get another Kaspersy scan.

Thanks
Geri

 

Desk top and Web sites hanging up...freezing

Hello Geri, Yes....it is scanning now....takes about 31/2 hrs. that's why I sent the others on ahead. I will send it right out to you.
Thanks,snookie

 

Desktop, windows, and URL's freezes up

Hello Geri, Here is the Kaspersky scan. I believe I may get more Infections because I have to shut off the antivirus program while running the scan. Thanks Geri,Snookie
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, September 8, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, September 08, 2008 02:25:21
Records in database: 1201278
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 91774
Threat name: 4
Infected objects: 10
Suspicious objects: 0
Duration of the scan: 03:12:47


File name / Threat name / Threats count
C:\Documents and Settings\Bev\Application Data\Sun\Java\Deployment\cache\6.0\22\74018dd6-582c1601 Infected: Trojan-Downloader.Java.OpenStream.ac 1
C:\Documents and Settings\Bev\Application Data\Sun\Java\Deployment\cache\6.0\25\1d9a4d9-23137fd6 Infected: Trojan-Downloader.Java.OpenStream.ac 1
C:\Documents and Settings\Bev\Application Data\Sun\Java\Deployment\cache\6.0\30\2324b7de-28adcf5b Infected: Trojan-Downloader.Java.OpenStream.ac 1
C:\Documents and Settings\Bev\Application Data\Sun\Java\Deployment\cache\6.0\35\362cfe3-6c9898c2 Infected: Trojan-Downloader.Java.OpenStream.ac 1
C:\Documents and Settings\Bev\Application Data\Sun\Java\Deployment\cache\6.0\43\65cc22eb-26128229 Infected: Trojan-Downloader.Java.OpenStream.ac 1
C:\Documents and Settings\Bev\Application Data\Sun\Java\Deployment\cache\6.0\47\58535aaf-717c19a7 Infected: Trojan-Downloader.Java.OpenStream.ac 1
C:\Program Files\Windows Live\Messenger\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.cv 1
C:\Program Files\Windows Live\Messenger\riched20.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.cj 1
C:\QooBox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.cv 1
C:\QooBox\Quarantine\C\WINDOWS\system32\svchost.exe.old.vir Infected: Trojan-Downloader.Win32.Agent.adrd 1

The selected area was scanned.

 

Hi

Please do this.

Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Code:

File::
C:\Documents and Settings\Bev\Application Data\Sun\Java\Deployment\cache\6.0\22\74018dd6-582c1601
C:\Documents and Settings\Bev\Application Data\Sun\Java\Deployment\cache\6.0\25\1d9a4d9-23137fd6 
C:\Documents and Settings\Bev\Application Data\Sun\Java\Deployment\cache\6.0\30\2324b7de-28adcf5b
C:\Documents and Settings\Bev\Application Data\Sun\Java\Deployment\cache\6.0\35\362cfe3-6c9898c2
C:\Documents and Settings\Bev\Application Data\Sun\Java\Deployment\cache\6.0\43\65cc22eb-26128229
C:\Documents and Settings\Bev\Application Data\Sun\Java\Deployment\cache\6.0\47\58535aaf-717c19a7 

Click Start>Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created. This action will also reset the System Restore points, removing any infected files there as well.


Your Windows Live Messenger is infected, I would remove it in Add or Remove Programs and redownload it.

Here is a link to download Windows Live Messenger
http://www.windowslive.com/explore/...6136A06-5E5C-4079-879B-16EB445414DC&WT.srch=1

After doing the above, please post a new Kaspersky scan.

Thanks
Geri

 

Desktop and urls in web sites freeze up

Geri, here are the two new scans:
ComboFix 08-09-05.10 - Bev 2008-09-09 8:59:19.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.300 [GMT -4:00]
Running from: C:\Documents and Settings\Bev\Desktop\DESKTOP ITEMS\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bev\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Bev\Application Data\Sun\Java\Deployment\cache\6.0\22\74018dd6-582c1601
C:\Documents and Settings\Bev\Application Data\Sun\Java\Deployment\cache\6.0\25\1d9a4d9-23137fd6
C:\Documents and Settings\Bev\Application Data\Sun\Java\Deployment\cache\6.0\30\2324b7de-28adcf5b
C:\Documents and Settings\Bev\Application Data\Sun\Java\Deployment\cache\6.0\35\362cfe3-6c9898c2
C:\Documents and Settings\Bev\Application Data\Sun\Java\Deployment\cache\6.0\43\65cc22eb-26128229

.
((((((((((((((((((((((((( Files Created from 2008-08-09 to 2008-09-09 )))))))))))))))))))))))))))))))
.

2008-09-02 10:13 . 2008-09-02 10:14 <DIR> d-------- C:\Program Files\Windows Defender
2008-08-30 11:19 . 2008-09-07 22:16 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-30 11:19 . 2008-08-30 11:19 <DIR> d-------- C:\Documents and Settings\Bev\Application Data\Malwarebytes
2008-08-30 11:19 . 2008-08-30 11:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-30 11:19 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-30 11:19 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-29 16:02 . 2008-08-31 15:27 <DIR> d-------- C:\rsit
2008-08-29 10:45 . 2008-08-29 10:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-25 15:36 . 2008-08-25 15:36 17,408 -ra------ C:\WINDOWS\system32\SZIO5.dll
2008-08-25 15:35 . 2008-08-25 15:35 262,144 -ra------ C:\WINDOWS\system32\SZBase5.dll
2008-08-21 14:39 . 2008-08-21 14:39 364,544 -ra------ C:\WINDOWS\system32\IS3DBA5.dll
2008-08-21 14:39 . 2008-08-21 14:39 126,976 -ra------ C:\WINDOWS\system32\IS3HTUI5.dll
2008-08-21 14:38 . 2008-08-21 14:38 372,736 -ra------ C:\WINDOWS\system32\IS3UI5.dll
2008-08-21 14:38 . 2008-08-21 14:38 61,440 -ra------ C:\WINDOWS\system32\IS3Hks5.dll
2008-08-21 14:38 . 2008-08-21 14:38 23,040 -ra------ C:\WINDOWS\system32\IS3XDat5.dll
2008-08-21 14:37 . 2008-08-21 14:37 212,992 -ra------ C:\WINDOWS\system32\IS3Win325.dll
2008-08-21 14:37 . 2008-08-21 14:37 94,208 -ra------ C:\WINDOWS\system32\IS3Inet5.dll
2008-08-21 14:37 . 2008-08-21 14:37 90,112 -ra------ C:\WINDOWS\system32\IS3Svc5.dll
2008-08-21 14:34 . 2008-08-21 14:34 708,608 -ra------ C:\WINDOWS\system32\IS3Base5.dll
2008-08-13 20:42 . 2008-08-13 20:42 268 --ah----- C:\sqmdata02.sqm
2008-08-13 20:42 . 2008-08-13 20:42 244 --ah----- C:\sqmnoopt02.sqm
2008-08-12 19:09 . 2008-08-12 19:09 244 --ah----- C:\sqmnoopt01.sqm
2008-08-12 19:09 . 2008-08-12 19:09 232 --ah----- C:\sqmdata01.sqm
2008-08-11 13:22 . 2008-08-11 13:22 39,680 -ra------ C:\WINDOWS\system32\drivers\SZKG.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-09 12:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-09-08 17:43 --------- d-----w C:\Program Files\Norton SystemWorks Basic Edition
2008-09-08 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\SITEguard
2008-09-08 01:38 --------- d-----w C:\Program Files\lg_fwupdate
2008-09-05 13:13 --------- d-----w C:\Program Files\STOPzilla!
2008-09-04 22:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-03 15:50 --------- d-----w C:\Program Files\Java
2008-09-01 00:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-31 16:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-29 13:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-29 13:13 --------- d-----w C:\Program Files\Oberon Media
2008-08-14 01:12 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-14 01:02 --------- d-----w C:\Program Files\Windows Live
2008-07-30 21:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 21:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 21:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-07-15 00:19 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-15 00:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-09 21:46 --------- d-----w C:\Program Files\CarMD
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-17 18:12 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-13 18:45 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll
2008-06-13 18:45 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll
2001-08-23 15:00 94,784 -csh--w C:\WINDOWS\twain.dll
2004-08-04 04:56 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 04:56 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 04:56 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 04:56 343,040 --sh--w C:\WINDOWS\system32\msvcrt.dll
2007-12-04 18:38 550,912 --sha-w C:\WINDOWS\system32\oleaut32.dll
2004-08-04 04:56 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-04 04:56 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe
.

((((((((((((((((((((((((((((( snapshot@2008-09-01_22.21.06.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 04:56:58 14,336 -c--a-w C:\WINDOWS\system32\dllcache\svchost.exe
- 2008-03-27 09:35:04 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
+ 2004-08-04 04:56:58 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM "= "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft IntelliType Pro "= "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe" [2000-01-13 31232]
"QOELOADER "= "C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe" [2006-04-11 6656]
"SMSystemAnalyzer "= "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [2007-01-26 567400]
"UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"LanguageShortcut "= "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"LGODDFU "= "C:\Program Files\lg_fwupdate\fwupdate.exe" [2008-01-11 249856]
"Adobe Photo Downloader "= "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 51048]
"osCheck "= "C:\Program Files\Norton AntiVirus\osCheck.exe" [2008-02-07 718704]
"NSWosCheck "= "C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe" [2007-09-18 25472]
"AlcxMonitor "= "ALCXMNTR.EXE" [2004-09-07 C:\WINDOWS\ALCXMNTR.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Live Menu.lnk - C:\Program Files\Common Files\efax\Dllcmd32.exe [2006-04-11 18432]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-06-29 24633]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Messenger\\msmsgs.exe "=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe "=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP "= 67:UDPHCP Discovery Service

R0 szkg5;szkg5;C:\WINDOWS\system32\drivers\szkg.sys [2008-08-11 39680]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 149864]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 40832]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-09 09:03:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-09-09 9:08:55
ComboFix-quarantined-files.txt 2008-09-09 13:07:48
ComboFix2.txt 2008-09-08 01:25:25
ComboFix3.txt 2008-09-02 02:23:35

Pre-Run: 40,555,020,288 bytes free
Post-Run: 40,544,276,480 bytes free

155 --- E O F --- 2008-09-04 21:08:33
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:05 AM, on 9/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe
C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\efax\Dllcmd32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\STOPzilla!\SZBlkLst.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.rr.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe "
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe "
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe "
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe "
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe "
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe "
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Bev\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4D991907-376B-4930-9090-8876B7E54087} (Application Class) - http://software.musicnow.com/musicnow/phoenix/4.0.0.34/MusicNow.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://eshare.hpphoto.com/Download/HPeServicesLocalPrint.CAB
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner/PestScan/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1199481796078
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1199481784796
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A9DD5FE2-5567-4983-971F-C792375025A6} (PhoenixBody Class) - http://software.musicnow.com/musicnow/phoenix/5.0.0.23/MusicNow.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Movielink Core Service - Unknown owner - C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE (file missing)
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O24 - Desktop Component 0: (no name) - http://www.newspaperlinks.com/common/images/toplogo_voy2.gif
O24 - Desktop Component 1: (no name) - http://www.soxprospects.com/images/bar9.jpg

--
End of file - 10501 bytes

 

Desktop and urls in web sites freeze up

Hello Geri, Ran the Kaspersky scan. We did remove the windows live messenger from the add/remove prog. about a month ago because we were having trouble with the computer then and thought it may be that. I went into search all files and folders, includeing hidden before this scan today and no files came up it...maybe its not under that title. Would it be under something else? After we removed that program our computer just about crashed.The following is the scan results. Thank you, Snookie
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, September 9, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, September 09, 2008 13:08:21
Records in database: 1203438


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\

Scan statistics
Files scanned 91757
Threat name 4
Infected objects 5
Suspicious objects 0
Duration of the scan 03:00:17

File name Threat name Threats count
C:\Documents and Settings\Bev\Application Data\Sun\Java\Deployment\cache\6.0\47\58535aaf-717c19a7 Infected: Trojan-Downloader.Java.OpenStream.ac 1

C:\Program Files\Windows Live\Messenger\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.cv 1

C:\Program Files\Windows Live\Messenger\riched20.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.cj 1

C:\RECYCLER\NPROTECT\00000089.VIR Infected: not-a-virus:AdTool.Win32.MyWebSearch.cv 1

C:\RECYCLER\NPROTECT\00000104.VIR Infected: Trojan-Downloader.Win32.Agent.adrd 1

The selected area was scanned.

 

Hi
OK please do this.

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  Code:

  C:\Documents and Settings\Bev\Application Data\Sun\Java\Deployment\cache\6.0\47\58535aaf-717c19a7
  C:\Program Files\Windows Live\Messenger\msimg32.dll 
  C:\Program Files\Windows Live\Messenger\riched20.dll 
  C:\RECYCLER\NPROTECT
  
  

• Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move " window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Now run ATF Cleaner again and then one more Kasperksy scan.

Thanks
Geri

 

Desktop and urls in web sites freeze up

Thanks Geri, Here Is the results of the scan run after installing OTMoveIt2:Ran ATF and will send new Kasperksy scan.
C:\Documents and Settings\Bev\Application Data\Sun\Java\Deployment\cache\6.0\47\58535aaf-717c19a7 moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\Windows Live\Messenger\msimg32.dll
C:\Program Files\Windows Live\Messenger\msimg32.dll NOT unregistered.
C:\Program Files\Windows Live\Messenger\msimg32.dll moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\Windows Live\Messenger\riched20.dll
C:\Program Files\Windows Live\Messenger\riched20.dll NOT unregistered.
C:\Program Files\Windows Live\Messenger\riched20.dll moved successfully.
Folder move failed. C:\RECYCLER\NPROTECT scheduled to be moved on reboot.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09092008_235300

Files moved on Reboot...
Folder move failed. C:\RECYCLER\NPROTECT scheduled to be moved on reboot.

 

Hi
If you get this before the Kaspersky scan please do it first.

If not then that's OK, we'll do it after the scan.

1.Restart the computer in Safe Mode.
2 On the Windows taskbar, click Start > Run.
3 In the Open box, type cmd
4 Click OK.
5 At the command prompt, type the following commands (press Enter after each command):
c:
cd\
cd recycler\nprotect
del *.*
cd ..
rd nprotect
6 Repeat step 5 for each drive on the computer.
7 When you are finished, type exit
8 Press Enter.
9 Restart the computer.

Geri