Totally Screwed Up PC

Question

CVF 0 Newbie Poster

16 Years Ago

If anyone could help, I would be very grateful. About a week ago I was attempting to install a program which needed net framework 1.1. which is not installed. I had net framework 2.0 but it was corrupted. A used windows install clean up utility to delete framework 2 and reinstalled 2 and installed net framework 3. I still cannot install the 1.1, which is not my main concern unless it is causing the problems I'm having. Anyway I no longer can save items to desktop with righ tclick or from another program. System restore no longer works, but gives me an error message when I attempt a retore. Also, my PC has slowed approx 75-90%, especially loading web pages, etc. A ping showed that I am receiving good signal strength.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:25:49 PM, on 7/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\My Downloads\Buffer Zone\CLNTSVC.EXE
C:\My Downloads\Buffer Zone\BZDCOMLAUNCH.EXE
C:\My Downloads\Buffer Zone\BZRPCSS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program
Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero8\Nero
BackItUp\NBService.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Common Files\New
Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\spupdsvc.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\medctrro.exe
C:\WINDOWS\system32\cryptainersrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\My Downloads\WinPatrol\winpatrol.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Siber Systems\AI
RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Software by Design\Calendar.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Uniblue\SpeedUpMyPC
3\SpeedUpMyPC.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program
Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Trend
Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Owner\Local
Settings\Temporary Internet
Files\Content.IE5\PIJPN5S7\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page = http://www.cox.com/HR/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Local Page =
R3 - URLSearchHook: _URLHandler -
{23A6F4C1-32EA-40AF-B42B-E0A99E2A74A6} -
C:\PROGRA~1\Romeo\ROMEOS~1.DLL
R3 - URLSearchHook: (no name) -
{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper -
{22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program
Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: flashget urlcatch -
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program
Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection -
{53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: NCO 2.0 IE BHO -
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program
Files\Common Files\Symantec
Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention -
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) -
{724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program
Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class -
{F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program
Files\FlashGet\getflash.dll
O3 - Toolbar: &RoboForm -
{724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program
Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Clipmarks -
{1205D44C-FFD2-44E5-AA1D-929DCA37EB7A} - C:\Program
Files\Clipmarks\clipmarks.dll
O3 - Toolbar: eBay Toolbar -
{92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program
Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: FlashGet -
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program
Files\FlashGet\fgiebar.dll
O3 - Toolbar: Show Norton Toolbar -
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program
Files\Common Files\Symantec
Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber
Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Calendar 2000.lnk = C:\Program
Files\Software by Design\Calendar.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program
Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Thomas Kinkade Screen Saver.lnk
= C:\Program Files\WillowRd\WillowRd.exe
O8 - Extra context menu item: &AOL Toolbar search -
res://C:\Program Files\AOL
Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Download All with
FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with
FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &eBay Search -
res://C:\Program Files\eBay\eBay
Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &ieSpell Options -
res://C:\Program
Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling -
res://C:\Program
Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu -
file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft
Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms -
file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Lookup on Merriam
Webster - file://C:\Program Files\ieSpell\Merriam
Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia -
file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: RoboForm Toolbar -
file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms -
file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell -
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program
Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell -
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program
Files\ieSpell\iespell.dll
O9 - Extra button: (no name) -
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program
Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options -
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program
Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile
Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
- C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Fill Forms -
{320AF880-6646-11D3-ABEE-C5DBF3571F46} -
file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms -
{320AF880-6646-11D3-ABEE-C5DBF3571F46} -
file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save -
{320AF880-6646-11D3-ABEE-C5DBF3571F49} -
file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms -
{320AF880-6646-11D3-ABEE-C5DBF3571F49} -
file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm -
{724d43aa-0d85-11d4-9908-00400523e39a} -
file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar -
{724d43aa-0d85-11d4-9908-00400523e39a} -
file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello -
{B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program
Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello -
{B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program
Files\Hello\PicasaCapture.dll
O9 - Extra button: FlashGet -
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program
Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet -
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program
Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search &&
Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O15 - Trusted Zone: http://*.realtytools.com
O15 - Trusted Zone: http://*.toolkitcma.com
O15 - Trusted Zone: http://*.toolkitcma2.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
http://a1540.g.akamai.net/7/1540/52/20060912/qtinsta
ll.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3}
(StagingUI Object) -
http://zone.msn.com/binFrameWork/v10/StagingUI.cab55
579.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533}
(Microsoft Data Collection Control) -
https://support.microsoft.com/OAS/ActiveX/MSDcode.ca
b
O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8}
(FileCruiser Class) -
http://rein.mlxchange.com/Control/FileCruiser.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
(CKAVWebScan Object) -
http://www.kaspersky.com/kos/english/kavwebscan_unic
ode.cab
O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C}
(Specfile Control) -
http://rein.mlxchange.com/Control/Specfile.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -
http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.c
ab
O16 - DPF: {2202D225-22C1-4B8C-A4B8-6A7E7B7E1524}
(ICWMInstallObj Class) -
https://homegain.on.intercall.com/confmgr/installs/I
CWMInstall.cab
O16 - DPF: {2564B8E6-7D84-11D4-A689-30475BC10000}
(Tkweb Control) -
http://www.toolkitcma.com/tkweb/tkweb.cab
O16 - DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24}
(SISCtrl Class) -
http://rein.mlxchange.com/Control/SISC.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F}
(MALPlaybackCtrl Class) -
http://musicstore.connect.com/XSL/mb_us//html/active
xplayer/SMALStreaming.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8}
(ControlInstaller Class) -
http://www.symantec.com/techsupp/asa/ctrl/SymAData.c
ab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8}
(MSN Games – Buddy Invite) -
http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579
.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0}
(Snapfish Activia) -
http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345}
(Symantec SmartIssue) -
http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.ca
b
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345}
(Symantec Script Runner Class) -
http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.ca
b
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E}
(Interealty MultiSelect) -
http://rein.mlxchange.com/Control/MultiSelectComboBo
x.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3}
(ZonePAChat Object) -
http://zone.msn.com/binframework/v10/ZPAChat.cab5557
9.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D}
(Autodesk MapGuide ActiveX Control) -
http://www.onlinegis.net/download/MgViewer6.0CAB/mga
xctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Contr
ols/en/x86/client/wuweb_site.cab?1149461505302
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
(DivXBrowserPlugin Object) -
http://download.divx.com/player/DivXBrowserPlugin.ca
b
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE}
(MLS Client Utils) -
http://rein.mlxchange.com/3.0.06.67/Control/MLSClien
tUtils.cab
O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F}
(LiteGridCtl Class) -
http://rein.mlxchange.com/Control/LiteGrid.cab
O16 - DPF: {7A7537FC-5988-11D3-8B33-00104B9E5A4A}
(IRCWwwPrint Class) -
http://rein.mlxchange.com/Control/IRCWebPrint.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E}
(WebSDev Control) -
http://tw.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E}
(GeacRevw Control) -
http://rein.mlxchange.com/4.2.06.26/Control/IRCSharc
.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5}
(BL_Camera) -
http://doppadon.viewnetcam.com:50000/bl_camera.cab
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1}
(Zenturi Active Programs Control) -
http://www.programchecker.com/dll/nixon.cab
O16 - DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA}
(Cerebus Class) -
http://rein.mlxchange.com/Control/WebDog.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525}
(IWinAmpActiveX Class) -
http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_e
n_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592}
(MSN Games - Installer) -
http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab
56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs
/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}
(MSN Games – Game Communicator) -
http://zone.msn.com/binframework/v10/StProxy.cab5557
9.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941}
(Driver Agent ActiveX Control) -
http://driveragent.com/files/driveragent.cab
O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8}
(DropList Class) -
http://rein.mlxchange.com/Control/AspCustomCtrls.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4}
(ChessControl Class) -
http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab569
61.cab
O18 - Protocol: skype4com -
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: IE Component Categories
cache daemon -
{553858A7-4922-4e7e-B1C1-97140C1C16EF} -
C:\WINDOWS\system32\ieframe.dll
O23 - Service: AOL TopSpeed Monitor (AOL
TopSpeedMonitor) - Unknown owner - C:\Program
Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
(file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies
Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -
C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler -
Symantec Corporation - C:\Program
Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Brother Popup Suspend service for
Resource manager (brmfrmps) - Brother Industries,
Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service)
- brother Industries Ltd -
C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: BufferZone Service (BufferZoneSvc) -
Unknown owner - C:\My Downloads\Buffer
Zone\CLNTSVC.EXE
O23 - Service: BufferZone DCOM Helper (BZDcomLaunch)
- Unknown owner - C:\My Downloads\Buffer
Zone\BZDCOMLAUNCH.EXE
O23 - Service: BufferZone RPC Helper (BZRpcSs) -
Unknown owner - C:\My Downloads\Buffer
Zone\BZRPCSS.EXE
O23 - Service: Canon Camera Access Library 8
(CCALib8) - Canon Inc. - C:\Program
Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr)
- Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service
(CLTNetCnService) - Symantec Corporation -
C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access -
Creative Technology Ltd -
C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GoogleDesktopManager - Google -
C:\Program Files\Google\Google Desktop
Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) -
Google - C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager
(IDriverT) - Macrovision Corporation - C:\Program
Files\Common Files\InstallShield\Driver\1150\Intel
32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ)
- Logitech, Inc. - C:\Program Files\Common
Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\Program
Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: LiveUpdate_Untrusted_BZ - Symantec
Corporation - C:\Virtual\Untrusted\C_\Program
Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: McAfee SecurityCenter Update Manager
(mcupdmgr.exe) - McAfee, Inc -
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG -
C:\Program Files\Nero\Nero8\Nero
BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG -
C:\Program Files\Common
Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation -
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: PrismXL - New Boundary Technologies,
Inc. - C:\Program Files\Common Files\New
Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Spyware Doctor Auxiliary Service
(sdAuxService) - PC Tools - C:\Program Files\Spyware
Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service
(sdCoreService) - PC Tools - C:\Program
Files\Spyware Doctor\swdsvc.exe
O23 - Service: Spyware Terminator Realtime Shield
Service (sp_rssrv) - Crawler.com -
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: Cryptainer service (ssoftservice) -
Cypherix Software (India) Pvt. Ltd. -
C:\WINDOWS\SYSTEM32\cryptainersrv.exe
O23 - Service: Symantec Core LC - Unknown owner -
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec,
Inc. - C:\Program Files\Common Files\Symantec
Shared\Support Controls\ssrc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program
Files\ThreatFire\TFService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) -
Zone Labs, LLC -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine
(WebrootSpySweeperService) - Webroot Software, Inc.
- C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) -
file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msohtml1/01/
clip_image002.jpg

--
End of file - 20083 bytes

Please Help!
Thanks,
Carl

windows-virus

2 Contributors
5 Replies
251 Views
3 Days Discussion Span
Latest Post 16 Years Ago Latest Post by crunchie

crunchie 990 Most Valuable Poster

16 Years Ago

Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and then go to the format Tab and make sure that wordwrap is unchecked. Copy the entire contents of the file & paste it into the body of your post.

crunchie 990 Most Valuable Poster

16 Years Ago

Now that I can read your log I can say that it is clean. Not sure what your problem is caused by, but you can do the following scan if you want to see if anything shows up.

Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.Once the files are downloaded click on Next
Click on Scan Settings and configure as follows: Scan using the following Anti-Virus database:Extended

Scan Options:Scan Archives
Scan Mail Bases

Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on:Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

CVF 0 Newbie Poster · Answer 1 · 2008-07-28T03:38:37+00:00

I cannot save anything to the desktop but here is the HJT file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:30:51 PM, on 7/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\My Downloads\Buffer Zone\CLNTSVC.EXE
C:\My Downloads\Buffer Zone\BZDCOMLAUNCH.EXE
C:\My Downloads\Buffer Zone\BZRPCSS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\medctrro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cryptainersrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Software by Design\Calendar.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\chkdsk.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.com/HR/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: _URLHandler - {23A6F4C1-32EA-40AF-B42B-E0A99E2A74A6} - C:\PROGRA~1\Romeo\ROMEOS~1.DLL
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Clipmarks - {1205D44C-FFD2-44E5-AA1D-929DCA37EB7A} - C:\Program Files\Clipmarks\clipmarks.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Calendar 2000.lnk = C:\Program Files\Software by Design\Calendar.exe
O4 - Global Startup: Thomas Kinkade Screen Saver.lnk = C:\Program Files\WillowRd\WillowRd.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O15 - Trusted Zone: http://*.realtytools.com
O15 - Trusted Zone: http://*.toolkitcma.com
O15 - Trusted Zone: http://*.toolkitcma2.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20060912/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} (FileCruiser Class) - http://rein.mlxchange.com/Control/FileCruiser.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} (Specfile Control) - http://rein.mlxchange.com/Control/Specfile.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2202D225-22C1-4B8C-A4B8-6A7E7B7E1524} (ICWMInstallObj Class) - https://homegain.on.intercall.com/confmgr/installs/ICWMInstall.cab
O16 - DPF: {2564B8E6-7D84-11D4-A689-30475BC10000} (Tkweb Control) - http://www.toolkitcma.com/tkweb/tkweb.cab
O16 - DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} (SISCtrl Class) - http://rein.mlxchange.com/Control/SISC.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us//html/activexplayer/SMALStreaming.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ControlInstaller Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://rein.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.onlinegis.net/download/MgViewer6.0CAB/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149461505302
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLS Client Utils) - http://rein.mlxchange.com/3.0.06.67/Control/MLSClientUtils.cab
O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} (LiteGridCtl Class) - http://rein.mlxchange.com/Control/LiteGrid.cab
O16 - DPF: {7A7537FC-5988-11D3-8B33-00104B9E5A4A} (IRCWwwPrint Class) - http://rein.mlxchange.com/Control/IRCWebPrint.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://tw.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://rein.mlxchange.com/4.2.06.26/Control/IRCSharc.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (BL_Camera) - http://doppadon.viewnetcam.com:50000/bl_camera.cab
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab
O16 - DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA} (Cerebus Class) - http://rein.mlxchange.com/Control/WebDog.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} (DropList Class) - http://rein.mlxchange.com/Control/AspCustomCtrls.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 15191 bytes

Thanks,
CVF

CVF 0 Newbie Poster · Answer 2 · 2008-07-28T19:57:00+00:00

Thanks for your help! I already scanned with Kaspersky and found 5 infections (that Norton AV didn't pick up). I had to remove them in safe mode. I still can't save to desktop, run scandisk (cannot open volume for direct access) or use system restore.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 3 · 2008-07-29T15:38:31+00:00

Please download ComboFix by sUBs from HERE or HERE

You must download it to and run it from your Desktop
Physically disconnect from the internet.
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.