Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Itunes Malware Problem?


  • Please log in to reply
19 replies to this topic

#1 oney

oney

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 31 March 2008 - 08:41 PM

So my iTunes cover art when I try to get it for my Eminem album "The Re-Up" gives me some "www.brokebreaks.com" logo and in the IRC they suggested following the steps in this post and posting a HijackThis log. I also posted logs to all my scans, in case they were of any use.

Ad-Aware SE Log: http://kevozzy.pastebin.com/f344ed638
Spybot S&D Log: http://kevozzy.pastebin.com/f7b735c96
SUPERAntiSpyware Log: http://kevozzy.pastebin.com/f274f48f7
AntiVir Personal Log: http://kevozzy.pastebin.com/f78c5c359
HijackThis Log: http://kevozzy.pastebin.com/f45d5699a

For reference purpose, just so no one gets confused, C: is my master drive with the OS installed, and the H: is a slave drive with just random files and crap saved to it.

Edited by oney, 31 March 2008 - 08:46 PM.


BC AdBot (Login to Remove)

 


#2 katana

katana

    MRU Expert


  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester (UK)
  • Local time:12:30 PM

Posted 12 April 2008 - 05:19 AM

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

If you still require help please can you give an update on your problems
Posted Image

#3 oney

oney
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 18 June 2008 - 10:41 PM

Sorry for the delayed response. Was sent here again from IRC. Latest HiJack This log is below. I'm looking at buying 4GB RAM to speed up my computer and was told to post here first.

HiJackThis Log: http://kevozzy.pastebin.com/f79b37677 (also posted below)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:55 PM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\dlbucoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Orb Networks\Orb\bin\OrbMediaService.exe
C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synergy\synergys.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\program files\microsoft enterprise instrumentation\bin\trace service\tracesessionmanager.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\B & K.OZZYMCE\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\B & K.OZZYMCE\Local Settings\Application Data\Simplify Media\SimplifyPeer.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Orb Networks\Orb\bin\Orb.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\ehome\ehshell.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\X-Chat 2\xchat.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = OzZy Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Orb] C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Simplify Media] "C:\Documents and Settings\B & K.OZZYMCE\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Shortcut to gnotify.lnk = C:\Program Files\Google\Gmail Notifier\gnotify.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbu_device - - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: OrbMediaService - Orb Networks - C:\Program Files\Orb Networks\Orb\bin\OrbMediaService.exe
O23 - Service: SC - Unknown owner - cmd /K C:\DOCUME~1\B&K~1.OZZ\LOCALS~1\Temp\7zS429.tmp\rssvnc.exe (file missing)
O23 - Service: Synergy Server - Unknown owner - C:\Program Files\Synergy\synergys.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 12445 bytes

Edited by oney, 18 June 2008 - 10:50 PM.


#4 katana

katana

    MRU Expert


  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester (UK)
  • Local time:12:30 PM

Posted 19 June 2008 - 06:52 AM

Ermm... It's over two months, what problems are you having now ?
Posted Image

#5 oney

oney
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 19 June 2008 - 10:27 AM

Just running slow, as usual, so I was going to buy more RAM, but Animal, Tiger, sari & Blender in IRC said to post that here first and see what comes up. Also, if you didn't want to do it, Blender said she would. Let me know. :thumbsup:

Thanks.

#6 katana

katana

    MRU Expert


  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester (UK)
  • Local time:12:30 PM

Posted 19 June 2008 - 11:22 AM

It's not a problem, it just helps if I know what I am looking for :blink:


From your Antivir log ----

My Documents/My Install Files/IVT Corporation BlueSoleil V2.3.060728 standard Release + CRACK/Crack/patch.exe
My Documents/My Install Files/IVT Corporation BlueSoleil V2.3.060728 standard Release + CRACK.rar


Anything with the word crack or keygen in it is a bad idea.

http://www.bleepingcomputer.com/forums/ind...st&p=806459

Some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, these sites are infested with a smörgåsbord of malware. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling Windows.

Merely visiting such sites without downloading ANYTHING is one of the worst things a user can do online.

Orange Blossom :thumbsup:



Let's do a couple of scans and see what turns up.


Deckard's System Scanner (DSS)

Please download Deckard's System Scanner (DSS) to your Desktop.
Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply

Posted Image

#7 oney

oney
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 19 June 2008 - 06:13 PM

main.txt

Deckard's System Scanner v20071014.68
Run by B & K on 2008-06-19 19:03:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
86: 2008-06-19 23:03:31 UTC - RP701 - Deckard's System Scanner Restore Point
85: 2008-06-19 15:44:25 UTC - RP700 - System Checkpoint
84: 2008-06-18 13:27:42 UTC - RP699 - System Checkpoint
83: 2008-06-17 12:56:08 UTC - RP698 - System Checkpoint
82: 2008-06-16 11:56:03 UTC - RP697 - System Checkpoint


-- First Restore Point --
1: 2008-04-03 06:27:27 UTC - RP616 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 14.42 GiB (less than 15%) free.


-- HijackThis (run as B & K.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:09:31 PM, on 6/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\dlbucoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Orb Networks\Orb\bin\OrbMediaService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\program files\microsoft enterprise instrumentation\bin\trace service\tracesessionmanager.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\B & K.OZZYMCE\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\B & K.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = OzZy Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Orb] C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Simplify Media] "C:\Documents and Settings\B & K.OZZYMCE\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Shortcut to gnotify.lnk = C:\Program Files\Google\Gmail Notifier\gnotify.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbu_device - - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: OrbMediaService - Orb Networks - C:\Program Files\Orb Networks\Orb\bin\OrbMediaService.exe
O23 - Service: SC - Unknown owner - cmd /K C:\DOCUME~1\B&K~1.OZZ\LOCALS~1\Temp\7zS429.tmp\rssvnc.exe (file missing)
O23 - Service: Synergy Server - Unknown owner - C:\Program Files\Synergy\synergys.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 11301 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BootScreen - c:\windows\\systemroot\system32\drivers\vidstub.sys (file missing)
R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R2 UltraMonUtility (UltraMon Utility Driver) - c:\program files\common files\realtime soft\ultramonmirrordrv\x32\ultramonutility.sys <Not Verified; Realtime Soft; UltraMon>
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
R3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:\windows\system32\drivers\blueletscoaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 tbhsd (Tunebite High-Speed Dubbing) - c:\windows\system32\drivers\tbhsd.sys <Not Verified; RapidSolution Software AG; Tunebite High-Speed Dubbing>
R3 UltraMonMirror - c:\windows\system32\drivers\ultramonmirror.sys <Not Verified; Realtime Soft; UltraMon>
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S3 ASPI (Advanced SCSI Programming Interface Driver) - c:\windows\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 maximir - c:\windows\system32\drivers\maximir.sys (file missing)
S3 maxivista (Maxi_Vista_DriverA) - c:\windows\system32\drivers\maxivista.sys (file missing)
S3 maxivistb (Maxi_Vista_DriverB) - c:\windows\system32\drivers\maxivistb.sys (file missing)
S3 MotDev (Motorola Inc. USB Device) - c:\windows\system32\drivers\motodrv.sys <Not Verified; Motorola Inc; Motorola USB Composite Driver>
S3 MotoSwitchService (MotoSwitch Service) - c:\windows\system32\drivers\motswch.sys <Not Verified; Motorola INC.; Motorola Switching Filter Driver>
S3 ovt519 (PS2 EyeToy SLEH-00031 Webcam) - c:\windows\system32\drivers\ov519vid.sys (file missing)
S3 P2k (Motorola USB Device) - c:\windows\system32\drivers\p2k.sys <Not Verified; Motorola Inc; P2k Driver>
S3 samhid - c:\windows\system32\drivers\samhid.sys
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 SndTDriverV32 - c:\windows\system32\drivers\sndtdriverv32.sys <Not Verified; Windows ® 2000/XP; Windows ® 2000/XP Driver>
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 OrbMediaService - "c:\program files\orb networks\orb\bin\orbmediaservice.exe" <Not Verified; Orb Networks; Orb>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R2 Windows Trace Session Manager - c:\program files\microsoft enterprise instrumentation\bin\trace service\tracesessionmanager.exe

S2 FileZilla Server (FileZilla Server FTP server) - c:\program files\filezilla server\filezilla server.exe
S2 Synergy Server - c:\program files\synergy\synergys.exe
S2 winvnc (VNC Server) - "c:\program files\tightvnc\winvnc.exe" -service <Not Verified; TightVNC Group; TightVNC Win32 Server>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-19 02:08:29 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-06-13 17:15:00 376 --a----c- C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-05-19 and 2008-06-19 -----------------------------

2008-06-17 02:49:33 0 d-------- C:\Program Files\YahELite
2008-06-17 02:16:36 90112 --a------ C:\WINDOWS\system32\YMSG12ENCRYPT.dll <Not Verified; Tainted Death; YMSG12ENCRYPT Dynamic Link Library>
2008-06-17 02:16:35 139264 --a------ C:\WINDOWS\system32\ywcvwr.dll <Not Verified; Yahoo! Inc.; Yahoo! Webcam>
2008-06-17 02:16:35 200704 --a------ C:\WINDOWS\system32\yacsui.dll <Not Verified; ; Yahoo! Audio Conferencing UI>
2008-06-17 02:16:35 274432 --a------ C:\WINDOWS\system32\yacscom.dll <Not Verified; Yahoo! Inc.; Yahoo! Audio Conferencing Control>
2008-06-17 02:16:31 0 d-------- C:\Program Files\Dream
2008-06-10 21:25:49 0 d-------- C:\WINDOWS\Driver Cache
2008-05-29 13:05:24 0 d--h----- C:\$AVG8.VAULT$
2008-05-26 10:14:44 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-26 10:14:43 0 d-------- C:\Documents and Settings\B & K.OZZYMCE\Application Data\AVGTOOLBAR
2008-05-26 10:14:34 0 d-------- C:\Program Files\AVG
2008-05-26 10:14:34 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-05-22 14:14:05 0 d-------- C:\Program Files\winpwn


-- Find3M Report ---------------------------------------------------------------

2008-06-19 18:59:10 0 d-------- C:\Documents and Settings\B & K.OZZYMCE\Application Data\Skype
2008-06-19 16:06:58 0 d-------- C:\Documents and Settings\B & K.OZZYMCE\Application Data\skypePM
2008-06-19 02:20:55 0 d-------- C:\Documents and Settings\B & K.OZZYMCE\Application Data\X-Chat 2
2008-06-18 11:02:56 0 d-------- C:\Documents and Settings\B & K.OZZYMCE\Application Data\Azureus
2008-06-18 04:37:32 0 d-------- C:\Program Files\Azureus
2008-06-17 15:28:01 0 d-------- C:\Documents and Settings\B & K.OZZYMCE\Application Data\Mozilla
2008-06-13 16:19:26 0 d-------- C:\Documents and Settings\B & K.OZZYMCE\Application Data\MiniLyrics
2008-06-11 23:38:40 0 d-------- C:\Documents and Settings\B & K.OZZYMCE\Application Data\Adobe
2008-06-01 22:12:56 0 d-------- C:\Program Files\Last.fm
2008-05-24 10:42:43 0 d-------- C:\Documents and Settings\B & K.OZZYMCE\Application Data\Free Download Manager
2008-05-22 02:22:51 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-21 11:29:43 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-18 00:12:00 0 d-------- C:\Documents and Settings\B & K.OZZYMCE\Application Data\AdobeUM
2008-05-14 17:13:37 0 d-------- C:\Program Files\Bus Driver
2008-05-12 15:17:31 0 d-------- C:\Program Files\Dl_cats
2008-05-09 13:01:56 0 d-------- C:\Documents and Settings\B & K.OZZYMCE\Application Data\Aim
2008-05-07 23:28:10 0 d-------- C:\Program Files\Orb Networks
2008-05-07 23:27:56 0 d-------- C:\Program Files\Winamp Remote
2008-04-27 11:21:00 5968 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-09 09:46:40 4212 ---h---c- C:\WINDOWS\system32\zllictbl.dat
2008-03-26 16:06:44 375691 --ahs--c- C:\WINDOWS\system32\6D17F5EF


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
05/26/2008 10:14 AM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [05/26/2008 10:14 AM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [04/14/2005 10:05 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [12/04/2005 05:39 PM]
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [11/21/2006 06:08 PM]
"UltraMon"="C:\Program Files\UltraMon\UltraMon.exe" [04/01/2007 06:47 AM]
"WinVNC"="C:\Program Files\TightVNC\WinVNC.exe" [05/07/2007 07:28 PM]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [09/03/2002 06:38 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/05/2007 07:03 PM]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/10/2004 05:04 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/13/2008 11:11 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/26/2008 10:14 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/01/2008 05:22 PM]
"Orb"="C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" [03/31/2008 09:54 PM]
"AIM"="C:\Program Files\AIM\aim.exe" [08/01/2006 04:35 PM]
"Simplify Media"="C:\Documents and Settings\B & K.OZZYMCE\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe" [05/13/2008 02:30 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 07:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\B & K.OZZYMCE\Start Menu\Programs\Startup\
Shortcut to gnotify.lnk - C:\Program Files\Google\Gmail Notifier\gnotify.exe [7/15/2005 5:48:33 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe -autorun
"AIM"=C:\Program Files\AIM\aim.exe -cnetwait.odl
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"Aim6"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DwlClient"=C:\Program Files\Common Files\Dell\EUSW\Support.exe
"iconcache"=c:\windows\vcp_temp\iconcache\icon.bat
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe"
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe
"DLBUCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##OZZY#CD DRIVE (D) ON OZZY]
AutoRun\command- N:\install.EXE




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8073 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-19 19:10:37 ------------

extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
CPU 1: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 1022.07 MiB / 550.09 MiB
Pagefile Memory (total/avail): 2459.45 MiB / 1916.61 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1919.76 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 144.31 GiB total, 14.42 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is CDROM (No Media)
H: is Fixed (NTFS) - 232.88 GiB total, 34.6 GiB free.

\\.\PHYSICALDRIVE0 - ST3160023AS - 149.01 GiB - 3 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 (bootable) - Installable File System - 144.31 GiB - C:
\PARTITION2 - Unknown - 4.64 GiB

\\.\PHYSICALDRIVE1 - ST3250823AS - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - H:

\\.\PHYSICALDRIVE2 - Disk drive



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Firewall v7.0.470.000 (Check Point, LTD.) Disabled
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\MaxiVista MirrorPro Server\\MaxiVistaB.exe"="C:\\Program Files\\MaxiVista MirrorPro Server\\MaxiVistaB.exe:*:Enabled:MaxiVista Server B"
"C:\\Program Files\\MaxiVista MirrorPro Server\\MaxiVistaA.exe"="C:\\Program Files\\MaxiVista MirrorPro Server\\MaxiVistaA.exe:*:Enabled:MaxiVista Server A"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\TightVNC\\vncviewer.exe"="C:\\Program Files\\TightVNC\\vncviewer.exe:*:Enabled:vncviewer"
"C:\\Program Files\\Miranda IM\\miranda32.exe"="C:\\Program Files\\Miranda IM\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Ruckus Player\\Ruckus.exe"="C:\\Program Files\\Ruckus Player\\Ruckus.exe:*:Enabled:Ruckus"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Otsego\\Otsego.exe"="C:\\Program Files\\Otsego\\Otsego.exe:*:Enabled:Otsego"
"C:\\Program Files\\X-Chat 2\\xchat.exe"="C:\\Program Files\\X-Chat 2\\xchat.exe:*:Enabled:X-Chat IRC Client"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\WINDOWS\\system32\\dlbucoms.exe"="C:\\WINDOWS\\system32\\dlbucoms.exe:*:Enabled:Photo AIO Printer 942 Server"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlbupswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlbupswx.exe:*:Enabled:Photo AIO Printer 942 Printer Status"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\B & K.OZZYMCE\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OZZYMCE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\B & K.OZZYMCE
LOGONSERVER=\\OZZYMCE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";C:\Program Files\QuickTime\QTSystem\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";C:\Program Files\QuickTime\QTSystem\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";C:\Program Files\QuickTime\QTSystem\;C:\Program Files\RingmiTone\libs\;C:\Program Files\RingmiTone\iPhone\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\B&K~1.OZZ\LOCALS~1\Temp
TMP=C:\DOCUME~1\B&K~1.OZZ\LOCALS~1\Temp
tvdumpflags=8
ULTRAMON_LANGDIR=C:\Program Files\UltraMon\Resources\en
USERDOMAIN=OZZYMCE
USERNAME=B & K
USERPROFILE=C:\Documents and Settings\B & K.OZZYMCE
windir=C:\WINDOWS
XCHAT_WARNING_IGNORE=true
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

B & K.OZZYMCE (admin)
ASPNET
Administrator.OZZYMCE (admin)


-- Add/Remove Programs ---------------------------------------------------------



-- Application Event Log -------------------------------------------------------

Event Record #/Type8330 / Error
Event Submitted/Written: 06/19/2008 07:01:06 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16674, faulting module vcam.ax, version 0.0.0.0, fault address 0x00003ab5.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type8329 / Error
Event Submitted/Written: 06/19/2008 06:50:08 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16674, faulting module vcam.ax, version 0.0.0.0, fault address 0x00003ab5.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type8325 / Error
Event Submitted/Written: 06/19/2008 02:08:28 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 80072ee2, P2 endsearch, P3 search, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Event Record #/Type8324 / Error
Event Submitted/Written: 06/19/2008 02:05:02 AM
Event ID/Source: 0 / Media Center Scheduler
Event Description:
filewatch_update_metadata_fail

Event Record #/Type8323 / Error
Event Submitted/Written: 06/19/2008 00:38:03 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.9.0.3071, faulting module vcam.ax, version 0.0.0.0, fault address 0x00003ab5.
Processing media-specific event for [firefox.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type15547 / Warning
Event Submitted/Written: 06/19/2008 11:21:30 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type15537 / Warning
Event Submitted/Written: 06/18/2008 07:07:32 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type15534 / Warning
Event Submitted/Written: 06/17/2008 11:50:37 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type15532 / Warning
Event Submitted/Written: 06/16/2008 02:52:11 AM
Event ID/Source: 29702 / ati2mtag
Event Description:
Invalid pixel format

Event Record #/Type15530 / Warning
Event Submitted/Written: 06/16/2008 02:52:11 AM
Event ID/Source: 29702 / ati2mtag
Event Description:
Invalid pixel format



-- End of Deckard's System Scanner: finished at 2008-06-19 19:10:37 ------------

#8 katana

katana

    MRU Expert


  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester (UK)
  • Local time:12:30 PM

Posted 20 June 2008 - 07:17 AM

There is no obvious malware showing, when is this slow down happening, at boot time or during running ?

You seem to have several Instant message and filesharing programs, have you tried stopping them ?
Did you install VNC ?


Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Installed Programs

Please could you give me a list of the programs that are installed.
  • Start HijackThis
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.

Edited by katana, 20 June 2008 - 07:18 AM.

Posted Image

#9 oney

oney
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 20 June 2008 - 01:05 PM

Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.18
Database version: 871

1:43:09 PM 6/20/2008
mbam-log-6-20-2008 (13-43-04).txt

Scan type: Full Scan (C:\|H:\|)
Objects scanned: 269545
Time elapsed: 2 hour(s), 50 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\explorer.backup (Heuristics.Reserved.Word.Exploit) -> No action taken.

HijackThis Installed Programs

Ad-Aware SE Personal
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Setup
Adobe Shockwave Player 11
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM 6
AIM MusicLink 2.1.0.5
Alpha Galaxy 1024 Screensaver
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Audio Recorder for FREE v5.6
Avanquest update
AVG Free 8.0
Azureus
BlueSoleil
Bonjour Core for Windows
BuddyList Ops 1.0.0.1
Bus Driver 1.0
ClearType Tuning Control Panel Applet
Colorizer 1.0.0.1
Creative MediaSource
Dell CinePlayer
Dell Media Experience
Dell Media Experience
Dell Resource CD
Dell Support
DellConnect
DivX
DivX Web Player
DVD Flick
Enterprise Instrumentation
Fake Webcam 3.9.0
ffdshow [rev 1463] [2007-09-05]
FileZilla Client 3.0.4.1
Flash&Backup
FLV Player
Fraps (remove only)
Free Download Manager 2.5
Funspot
Game xStream
GemMaster Mystic
GGE909 PC Recoil Pad
GiPo@MoveOnBoot 1.9.5
Google Gmail Notifier
GTA San Andreas
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
iArt 3
iLiberty+ 1.2.0 Build 65
Image Resizer Powertoy for Windows XP
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Connections Drivers
iTunes
J2SE Runtime Environment 5.0 Update 7
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ SE Runtime Environment 6 Update 1
Karen's Alarm Clock
KMS Games Pack 1 v1.2.0
Kodak Share for Media Center
Last.fm 1.5.1.29527
LimeWire PRO 4.13.0
LogonStudio
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Malwarebytes' Anti-Malware
MCE Sleep Timer V2
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
middle_man
Midnight Run Screensaver
Minilyrics(remove only)
mIRC
Motorola Driver Installation
Motorola Phone Tools
Motorola USB Drivers v2.9
Mozilla ActiveX Control v1.7.12
Mozilla Firefox (3.0)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
No-IP.com DUC (remove only)
NoLimits Coasters 1.6 (remove only)
Not so deep
Orb
oRipa Yahoo Webcam Recorder1.2.2
Otto
PDF Settings
Picasa 2
PowerDVD 5.5
PowerQuest PartitionMagic 8.0
PS2 EyeToy SLEH-00031 Webcam
QuickTime
Rainy Screensaver 2.2.15
ReadNews
Remote Support System
Roxio Easy Media Creator 7 Basic DVD Edition
San Andreas Mod Installer
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939373)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942830)
Security Update for Windows XP (KB942831)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
SHOUTcast DNAS (remove only)
SHOUTcast Source DSP 1.9.0 (remove only)
Simplify Media
Skype™ 3.6
Sonic Encoders
Sound Blaster Live! 24-bit
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SUPERAntiSpyware Free Edition
Synergy
Thoosje Quick Xp Optimizer Installer V2
Thoosje Sidebar V2.3
Thoosje's Vista Sidebar Skin Installer 3.0
TightVNC 1.3.9
ToneThis Build 18
Transformers
UltraMon
Update for Office 2007 (KB932080)
Update for Outlook 2007 Junk Email Filter (KB932338)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Viewpoint Media Player
Virtual Desktop Manager Powertoy for Windows XP
Winamp
Windows Communication Foundation
Windows Defender
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Media Center Edition Screen Saver Screen Saver
winpwn 1.0.0.3 RC1
WinRAR archiver
WinSCP 4.0.5
X-Chat 2.8.0-1
Yahoo! Messenger
ZoneAlarm

To answer your questions, I've stopped what I'm not using, but I do use a lot of things at once, which is why I'm hoping upgrading my RAM will help. As for when it's slow, that answer is both. Complete boot from completely off & shut down to finished loading everything on startup and able to use is between 4 and 5 minutes, (literally), and it runs slow all the time. I even have Windows Classic theme and no wallpaper to help speed it up for now. I did install TightVNC so I can control the family computer downstairs from up in my home office and also check up on it while people are using it.

I'll be out for the weekend but I'll check back probably Sunday night.

Edited by oney, 20 June 2008 - 01:06 PM.


#10 katana

katana

    MRU Expert


  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester (UK)
  • Local time:12:30 PM

Posted 22 June 2008 - 05:38 AM

Well, looking at your logs I can't see any malware problems.
There are many reasons why your machine could be slowing down,

One thing you do need to look at is either getting another external hard drive, or deleting some of your files.
System Drive C: has 14.42 GiB (less than 15%) free. <<< From the DSS log

When Windows is running it "prefers" to have at least 15% free disc space to work with. Less than this can cause significant slowdown.

There is some excellent information from miekiemoes about slow computers here
http://users.telenet.be/bluepatchy/miekiem...owcomputer.html
( have a look what is mentioned about Zonealarm )

Given that you are looking to do some upgrading ( more Ram) then I suggest that your safest option in this situation is to backup all the data you want to keep
(a good idea whenever you open your machine !! )

Then, do a reformat and reinstall (Many experts recommend that this be done every once in a while even if no problems are showing)

This will give you a baseline to decide if your system needs any upgrades.
If after the reinstall your machine is running fine, you know that it was just due to excess data/wear and tear
It is the cheapest option, as you may not actually need any more ram. :wacko:

Also, have a look at the programs you use,
eg. if you have installed several IM programs over time, then, rather than reinstalling them why don't you look for an alternative that covers them all, something along the lines of Trillian.

P2P programs --- I don't recommend the use of any filesharing software :blink:

P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P programme.
http://www.infoworld.com/article/07/09/06/...ID-theft_1.html

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.


Let me know what you want to do :thumbsup:

Edited by katana, 22 June 2008 - 05:38 AM.

Posted Image

#11 oney

oney
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 22 June 2008 - 09:17 AM

The 15% free space rule I know about, but sometimes it's hard to keep up on that. :-P I have a lot of stuff.

As for reformatting and reinstalling, I'm trying to avoid that at all costs. On my C: drive I have a lot of website files, (I run a small web developing company), and this is the computer that holds all the original files that are uploaded to the web server. A lot of the programs I have on my computer I have specifically configured, and it would take me ages to reconfigure and set the computer back up the way I like/need it. The other thing is I have a fairly large hard drive that's quite filled with a lot of things I would need to back up, and it would be very difficult and take a long time to do.

Regarding my IM programs, I mostly only use AOL Instant Messenger. I run v5.9.6089 with middle_man from Krunch Software. I have the others installed because occasionally I need to use one or the other for something that only that messenger offers. The problem I've had with using programs like Trillian or MirandaIM is that they never have all the features of the original that I need, (such as Yahoo! Messenger's great photo-sharing). MirandaIM was my favorite because it's simple and to the point. 99% of the time, though, I only have AOL Instant Messenger running.

#12 katana

katana

    MRU Expert


  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester (UK)
  • Local time:12:30 PM

Posted 22 June 2008 - 10:14 AM

Well, I'm not sure what else to suggest.

Strictly speaking, if you are planning to install more ram then you should do a backup anyway.
It shouldn't cause problems, but let's be honest, computers are a law unto themselves :blink:

If speed is what you need, then I would use this as an opportunity to start afresh.

1) Reformat
2) Partition your drive with a smaller section for the OS + programs eg. 20Gb max
3) Install Windows and any security programs
4) Install all windows updates
5) Install and configure the programs you use
6) Make a disc image of the OS drive with something like Acronis True Image.
7) Make sure you save all your files/folders on the second partition.

It may seem like a lot of effort for you, but it will be worth it in the long run.
There is no malware showing in your logs, so it is either a software problem or just accumulated junk.
You could spend days trying different solutions to track down the culprit and still get nowhere .

My solution gives you
1) A system that is 100% free of any malware/clutter/unwanted programs.
2) A smaller OS drive means that there will always be less clutter to search through, hence a faster machine
3) A virtually 100% recovery solution, in case of future problems/slowdown ( if you are running a company from this machine, then this alone makes it worthwhile )

Also, please note that most "free" programs are only free for personal/home use.
Using them on a machine that is for a small web developing company may be in breach of their terms. :thumbsup:

=============================================================

You can try the following, but I doubt it will make a dramatic impact

Download Winpatrol It is an excellent startup manager and then some !!

Install Winpatrol, and when running click on the Startup Programs tab
The following items can safely be disabled.

[ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
[WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
[LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
[iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
[Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[Orb] C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
[AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
[Simplify Media] "C:\Documents and Settings\B & K.OZZYMCE\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe"


Just click on each item and then click Disable

Reboot your computer and see if that has helped the boot/running speed.


FYI ......

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6u6
http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The Java Runtime Environment (JRE) 6 update 6 allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check for any item with Java Runtime Environment (JRE or J2SE) in the name.J2SE Runtime Environment 5.0 Update 7
Javaâ„¢ 6 Update 2
Javaâ„¢ 6 Update 3
Javaâ„¢ 6 Update 5
Javaâ„¢ SE Runtime Environment 6 Update 1
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.

Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.

Edited by katana, 22 June 2008 - 04:16 PM.

Posted Image

#13 oney

oney
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 22 June 2008 - 04:39 PM

Your solution is the best, I do agree, but it would be something that I would have to take quite a bit of time aside to do. Until then, though, would the RAM upgrade make it fast with all the software and accumulated junk?

As for using free programs, the computer legally falls into the category of personal use. The majority of time spent on it is for personal use, it was purchased with personal funds, and has never and will never be used as a business asset or for a tax write-off. I use it more because it's more simple to work using this from home then to waste the gas driving into my office in the city, which the computers at our office are fully legitimately licensed. As for removing the start-up programs, I would prefer to allow those to start up as well.

Lastly, the Java update went successfully, so now I'm on the latest version. :-)

Thanks again for all the speedy responses, and let me know these last few questions as I lead to my final decision.

#14 katana

katana

    MRU Expert


  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester (UK)
  • Local time:12:30 PM

Posted 22 June 2008 - 04:57 PM

More ram may help, but I doubt if it will make the difference that you want/hope..
That's why I suggested that you stop those programs from startup, if you boot with just the OS running and it is still slow then ram isn't going to help much.

I will ask if one of the tech folks can have a look at this thread, my area is malware so they may have some suggestions that would help.


Regarding the comment on free software, I wasn't making any judgement, I was just pointing out the info in case you were unaware :thumbsup:
Posted Image

#15 oney

oney
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 22 June 2008 - 05:07 PM

Haha it's fine, I was just assuring you that I wasn't breaking any licensing agreements. :-P If you could have someone else have a look, that would be great. I was hoping more RAM would help deal with all the cluttered services that are running, (if I go into task manager, the list is quite lengthy). Here is a screenshot of my task manager. :-O

Posted Image

Whatever the fastest and *least likely to lose any data* would be the best way for me to take. Thanks again and again and again. :-P




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users