1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer runs loud and slow

Discussion in 'Virus & Other Malware Removal' started by angc99, Jan 17, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. angc99

    angc99 Thread Starter

    Joined:
    Jan 17, 2007
    Messages:
    7
    Hello,
    The last several days my computer has been running so loud and slow, especially AOL (it's usually a few seconds behind when I am typing). I've run scan disk, defrag, 2 types of spyware, 2 virus scans, everything I could think of, and it all comes up clean. I've removed several things from my computer and put them on disk to free up space, though it's always said I have plenty of space. I thought the problem might have been my aol (I know I know, but I can't help it, I am used to it!) and reinstalled it but that didn't help either. I pretty much only know the basics of computers and at this point I am out of options. I did the hijack this and I am putting my log below, if anyone has any suggestions they would be greatly appreciated! Oh, I have a dell deminsion 8400 and windows XP.

    Logfile of HijackThis v1.99.1
    Scan saved at 6:53:25 PM, on 1/17/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\America Online 9.0\waol.exe
    C:\PROGRA~1\COMMON~1\AOL\116907~1\EE\AOLHOS~1.EXE
    C:\PROGRA~1\COMMON~1\AOL\116907~1\EE\AOLServiceHost.exe
    C:\Program Files\America Online 9.0\shellmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.138.64.143:8000
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {21384D29-1240-2d4f-A15C-17E42823D523} - C:\WINDOWS\system32\ipv6monl.dll
    O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
    O2 - BHO: MyPointsToolbarHelper Class - {5C2073DD-2ED6-4FF9-80D1-543F720043A9} - C:\Program Files\MyPoints Visual Search\snapbar1.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
    O3 - Toolbar: MyPoints Visual Search - {E92BEFBA-E79D-4F41-9733-68DA49C4492B} - C:\Program Files\MyPoints Visual Search\snapbar1.dll
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1169072431\EE\AOLHostManager.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\RunOnce: [AOLToolbarDirRemoval] cmd.exe /C rd "C:\Program Files\AOL Toolbar"
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.0.6.4.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153704548921
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://apollomortgagegroup.com/aurora/msrdp.cab
    O16 - DPF: {93EFDAB8-8800-4896-B428-76F943140E1B} - http://www.consumerinput.com.edgesuite.net/panel/maple/dcainst.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
     
  2. kiwiguy

    kiwiguy

    Joined:
    Aug 17, 2003
    Messages:
    17,584
    We will have to wait for a "qualified" malware expert for the log, but can we assume this is a laptop (you do not mention).

    The typing lag suggests that the CPU is running at 100%, which would account for the "loud" fan.

    Open Task Manager and look at processes, click on the "CPU" at the top of the column and it will order/reverse order with each click to show the high % use for the offending application. Let us know what it is, and if the CPU is indeed at 100%
     
  3. angc99

    angc99 Thread Starter

    Joined:
    Jan 17, 2007
    Messages:
    7
    I'm sorry, i should have clarified, I am using a desk top. I opened the task manager and system idle process is running at 99% and other processes (taksmgr, Waol, Iexplorer) keep switching running at the last 01.
     
  4. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,322
    MrTRiX

    I have removed your post. Please see the forum rules regarding replying to security related threads:

    http://www.techguy.org/rules.html
    Please refrain from replying to security related matters on this forum until you have presented evidence to one of the mods or admins here that proves you to be qualified to do so. If you are not yet qualified and interested in being trained, we will be glad to help you get enrolled at one of the free online training facilities. Just pm me or one of the other mods that work Security and we'll point you in the right direction.

    Thank you for your cooperation :),

    Mark
     
  5. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,322
    Hi angc99

    Welcome to TSG! :)

    Please open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list here.

    Also do this:

    * Download the free version of AVG Anti-Spyware 7.5 here.
    • Click on the "Download Now" button and save the setup file to your desktop.
    • Doubleclick on the avgas-setup file to begin the installation.
    • When the installation is complete, open AVG Anti-Spyware and update the definition files.
    • On the main screen click on the "Update now" link and the update should begin immediately.
      • If the update does not begin, select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • When the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    • Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    • If you cannot download the updates, update manuallly according to the directions here.
    • If you do the manual update, look under "Full database" and click the "Download now" button.
    • DO NOT run a scan yet. You will do that later in safe mode.

    * Click here for info on how to boot to safe mode if you don't already know how.


    * Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


    * Restart your computer into safe mode now. Perform the following steps in safe mode:


    * Run AVG Anti-Spyware:
    • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • It will then begin the scanning process, be patient it may take a while for the scan to complete.
    • When the scan is complete, you must select an action.
    • Select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen
    • Save the report as a text file and save it to your desktop.
    • Close AVG Anti-Spyware.

    * Restart back into Windows normally now.


    * Come back here and post the following logs:
    A new HijackThis log
    The log from the AVG Anti-Spyware scan
    The Uninstall list
     
  6. cmw2010

    cmw2010

    Joined:
    Dec 3, 2006
    Messages:
    327
    When you say your pc runs loud do you mean the fans sound like a jet taking off? If so you probably need to replace the heatsink. The Dell 8400 has a huge heatsink that has copper tubes running up through it. They are notorious for going bad. The fans increase to incredible speeds to make up for it. If I can find the part number again I will post it back here for you.
     
  7. cmw2010

    cmw2010

    Joined:
    Dec 3, 2006
    Messages:
    327
    The Dell heatsink part number is W4254.
     
  8. angc99

    angc99 Thread Starter

    Joined:
    Jan 17, 2007
    Messages:
    7
    Flrman1
    Thank you for the tips. I ran the scan and made new logs, not that I can make sense of any of it :p
    Here is the new hijack list:
    Logfile of HijackThis v1.99.1
    Scan saved at 1:37:10 AM, on 1/18/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\AOL\1169072431\ee\AOLSoftware.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\America Online 9.0\waol.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\America Online 9.0\shellmon.exe
    C:\Program Files\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.138.64.143:8000
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {21384D29-1240-2d4f-A15C-17E42823D523} - C:\WINDOWS\system32\ipv6monl.dll (file missing)
    O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
    O2 - BHO: MyPointsToolbarHelper Class - {5C2073DD-2ED6-4FF9-80D1-543F720043A9} - C:\Program Files\MyPoints Visual Search\snapbar1.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
    O3 - Toolbar: MyPoints Visual Search - {E92BEFBA-E79D-4F41-9733-68DA49C4492B} - C:\Program Files\MyPoints Visual Search\snapbar1.dll
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1169072431\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.0.6.4.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153704548921
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://apollomortgagegroup.com/aurora/msrdp.cab
    O16 - DPF: {93EFDAB8-8800-4896-B428-76F943140E1B} - http://www.consumerinput.com.edgesuite.net/panel/maple/dcainst.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


    The Uninstall list:
    5 Spots II
    Acoustica CD/DVD Label Maker
    Acoustica MP3 CD Burner
    Ad-Aware SE Personal
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player 9 ActiveX
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Reader 7.0.9
    Adobe Shockwave Player
    Adobe Stock Photos 1.0
    AI RoboForm (All Users)
    Aloha Solitaire
    Aloha Tripeaks
    AOL Coach Version 2.0(Build:20041026.5 en)
    AOL Deskbar
    AOL Spyware Protection
    AOL Uninstaller (Choose which Products to Remove)
    AOL You've Got Pictures Screensaver
    Arafasoft Slide Show Creator 1.0
    AT&T Self Support Tool
    AT&T Yahoo! Applications
    ATI - Software Uninstall Utility
    ATI Control Panel
    ATI Display Driver
    AVG Anti-Spyware 7.5
    Bewitched
    Big Fish Games Toolbar
    bioVirtual 3DMeNow Professional 2
    Broadcom Advanced Control Suite 2
    BroadJump Client Foundation
    Cake Mania
    Carrie the Caregiver (remove only)
    Charm Tale
    CleanUp!
    CloneCD
    Corel Paint Shop Pro Photo XI
    Corel Paint Shop Pro X
    Corel Snapfire
    Cute Knight
    dBpowerAMP Music Converter
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Dell Media Experience
    Dell ResourceCD
    Dell Support 3.1
    Desktop Architect
    Diner Dash 2
    DropBox
    FaceOnBody
    Fish Tycoon
    Font Fitting Room Deluxe
    Font Xplorer 1.2.2
    GameHouse Sudoku
    Granny In Paradise
    Great Escapes Solitaire
    HijackThis 1.99.1
    Hotfix for Windows XP (KB896344)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Intel(R) 537EP V9x DF PCI Modem
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 8
    Jasc Animation Shop 3
    Jasc Paint Shop Photo Album
    Keyboard Explorer version 1.1.3
    Lexmark X1100 Series
    LimeWire PRO 4.10.0
    Logitech Desktop Messenger
    Logitech Print Service
    Logitech QuickCam Software
    Logitech® Camera Driver
    MagicFrames 2.03
    Medical Drug Reference 4.4
    Memory Washer 4.6.5
    Microsoft ActiveX Control Pad
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Connection Manager
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money 2004
    Microsoft Money 2004 System Pack
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Basic Edition 2003
    Microsoft Plus! Digital Media Edition
    Microsoft Plus! for Windows XP
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Modem Event Monitor
    Modem On Hold
    MSXML 4.0 SP2 (KB927978)
    Musicmatch® Jukebox
    MyPoints Visual Search
    Mystery Case Files Ravenhurst
    Mystic Inn
    Net Detective
    Panda ActiveScan
    Pando
    PC Doc Pro 3.5
    Phlinx To Go
    Poppit To Go
    PowerDVD 5.1
    Pulsar 1.0
    Pure Networks Port Magic
    QuickTime
    RapidCheck v0.4
    RealPlayer Basic
    Recolored 1.0.1
    Rhapsody Player Engine
    Room Arranger (remove only)
    Sandlot Games Client Services
    Scrapbook Factory Deluxe
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 8 (KB917734)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB926247)
    Security Update for Windows XP (KB926255)
    Silverwolf's Cooking Converter
    Slingo Quest
    Sonic DLA
    Sonic MyDVD
    Sonic RecordNow!
    Sonic Update Manager
    SoundMAX
    SpongeBob SquarePants Diner Dash (remove only)
    Spy Sweeper
    Spybot - Search & Destroy 1.4
    StyleXP (remove only)
    SuperCleaner
    Talismania
    Tri-Peaks Solitaire To Go
    Ulead GIF Animator 5 ESD
    Uninstall DreamSuite
    Unlocker 1.8.3
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Viewpoint Media Player
    Virble
    WebCyberCoach 3.2 Dell
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Service Pack 2
    WinRAR archiver
    WinZip
    World Class Solitaire
    Xara3D6
    Yahoo! Photos Easy Upload Tool
    Yahoo! Photos Print-at-Home Tool
    YPOPs! 0.8.3

    and the report
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 1:25:42 AM 1/18/2007

    + Scan result:



    C:\System Volume Information\_restore{1E9C0D1D-B51A-46B8-81DE-0BF798C93AA5}\RP306\A0064419.exe -> Adware.Cinmus : Cleaned with backup (quarantined).
    C:\Documents and Settings\AngelaC\My Documents\crack.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\ws25.exe -> Dropper.Delf.acl : Cleaned with backup (quarantined).
    C:\Documents and Settings\AngelaC\My Documents\temp folder\Flaming[1].Pear.Flexify.v2.02.Plugin.Incl.Keymaker.rar/e-fpfl22.zip/keygen.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup (quarantined).
    C:\baiod.exe -> Hijacker.Costrat.ae : Cleaned with backup (quarantined).
    C:\WINDOWS\browser.exe -> Hijacker.Small : Cleaned with backup (quarantined).
    C:\Documents and Settings\AngelaC\My Documents\FaceOnBody_v.2.2.1\Crack.eXe -> Logger.Bancos.kq : Cleaned with backup (quarantined).
    C:\Documents and Settings\AngelaC\My Documents\winrar files\FaceOnBody_v.2.2.1.zip/Crack.eXe -> Logger.Bancos.kq : Cleaned with backup (quarantined).
    C:\Documents and Settings\AngelaC\My Documents\winrar files\FaceOnBody_v.2.2.1.zip/FaceOnBody_v.2.2.1/Crack.eXe -> Logger.Bancos.kq : Cleaned with backup (quarantined).
    C:\Program Files\FaceOnBody\Crack.eXe -> Logger.Bancos.kq : Cleaned with backup (quarantined).
    C:\Documents and Settings\AngelaC\My Documents\GamehouseUniversalPatchv.1.6.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\AngelaC\My Documents\My Received Files\psp7\FO-PSP7.zip/Psp animation psp 3.02.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\AngelaC\My Documents\My Received Files\psp7\FO-PSP7\Psp animation psp 3.02.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\AngelaC\My Documents\My Received Files\psp7\Psp animation psp 3.02.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\AngelaC\My Documents\temp folder\Gamehouse Universal Patch v.1.6.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\AngelaC\My Documents\temp folder\GamehouseUniversalPatchv.1.6.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\AngelaC\Cookies\angelac@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\AngelaC\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Scott\Cookies\scott@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\AngelaC\Cookies\angelac@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Scott\Cookies\scott@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\AngelaC\Cookies\angelac@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\AngelaC\Local Settings\Temp\Cookies\angelac@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Scott\Cookies\scott@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Scott\Cookies\scott@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\AngelaC\Cookies\angelac@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Scott\Cookies\scott@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\AngelaC\Cookies\angelac@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\Scott\Cookies\scott@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\AngelaC\Cookies\angelac@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\Scott\Cookies\scott@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\Scott\Cookies\scott@overture[1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\AngelaC\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.
    C:\Documents and Settings\Scott\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned.
    C:\Documents and Settings\AngelaC\Cookies\angelac@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\Documents and Settings\Scott\Cookies\scott@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\Documents and Settings\Scott\Cookies\scott@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
    C:\Documents and Settings\AngelaC\Cookies\angelac@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Documents and Settings\Scott\Cookies\scott@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Documents and Settings\Scott\Cookies\[email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned.
    C:\Documents and Settings\AngelaC\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Scott\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\AngelaC\My Documents\brdmo301-2006-08-14\crack\Patch.exe -> Trojan.Agent.vw : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\ipv6monl.dll -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1E9C0D1D-B51A-46B8-81DE-0BF798C93AA5}\RP338\A0071239.com -> Worm.Warezov.fh : Cleaned with backup (quarantined).


    ::Report end
     
  9. angc99

    angc99 Thread Starter

    Joined:
    Jan 17, 2007
    Messages:
    7
    after running that spyware check in safe mode last night my computer seems to be running a bit better, still a little slow but not loud anymore :) I'm hoping those things that showed up on the check were the problem! Thanks for the tip!
     
  10. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,322
    * Go to Add/Remove Programs and uninstall these:

    BroadJump Client Foundation
    J2SE Runtime Environment 5.0 Update 8
    Viewpoint Media Player



    * Click here to download ATF Cleaner by Atribune and save it to your desktop.


    * Click Here and download Killbox and save it to your desktop.


    * Click here for info on how to boot to safe mode if you don't already know how.


    * Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


    * Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

    O2 - BHO: (no name) - {21384D29-1240-2d4f-A15C-17E42823D523} - C:\WINDOWS\system32\ipv6monl.dll (file missing)

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)



    * Restart your computer into safe mode now. Perform the following steps in safe mode:


    * Double-click on Killbox.exe to run it.
    • Put a tick by Standard File Kill.
    • In the "Full Path of File to Delete" box, copy and paste the following line:

      c:\secure32.html

      c:\Windows\secure32.html


    • Click on the button that has the red circle with the X in the middle after you enter each file.
    • It will ask for confimation to delete the file.
    • Click Yes.
    • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
    • Killbox may tell you that one or more files do not exist.
    • If that happens, just continue on with all the files. Be sure you don't miss any.
    • Exit the Killbox.

    * Run ATF Cleaner:
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
      • If you use Firefox:
        • Click Firefox at the top and choose: Select All
        • Click the Empty Selected button.
        • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
      • If you use Opera:
        • Click Opera at the top and choose: Select All
        • Click the Empty Selected button.
          [*]NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.


    * Restart back into Windows normally now.


    * Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.



    * Run ActiveScan online virus scan here

    When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop.

    Note: You have to use Internet Explorer to do the online scan.

    Post a new HiJackThis log along with the results from ActiveScan
     
  11. angc99

    angc99 Thread Starter

    Joined:
    Jan 17, 2007
    Messages:
    7
    ok, I did all the things suggested (went to hijackthis and deleted those few things, and downloaded the other 2 things and did them in safe mode). now I am on my laptop because when I restarted my computer in regular mode, it won't start. It is on the black load screen that says Windows XP and has been for quite some time. I have no idea what to do now, help!
     
  12. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,322
    Try restarting it again. If it won't restart normally, try safe mode again. I have no idea what happened. Nothing I asked you to do would have done that.
     
  13. Iceworx

    Iceworx

    Joined:
    Jan 19, 2007
    Messages:
    246
    boot from a system cd and do a system repair.
    problem solved.

    Or maybe the malware is just a coinsidence.
    because, you also said the computer runs loud, how loud ? Loud to the point where you feel as if a fan is actually hitting something, or loud as in all fans are on to the max.

    I personally had a similar problem where my fan actually fell out of its holder and it would hit the heatsink, making a pretty loud noise, overheating the pc. I just replaced the fan and my problems were solved, but i doubt you have something similar since you havent said your computer reboots at random whilst the problems happen.

    Try doing the system repair function, see what happens.
     
  14. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,322
    It is way too early to be suggestiong a repair install of XP.

    I'm moving this thread to the Security forum.
     
  15. angc99

    angc99 Thread Starter

    Joined:
    Jan 17, 2007
    Messages:
    7
    I haven't gotten any replies, I'm not sure what's going on with my computer. Do I have a virus or something? Not sure why it was moved to the security forum. My computer will only boot up in safe mode after following those instructions, any advice from anyone?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/536143