Posts by Danielle

Hey Judy, Thanks SOOOOOOOOOOO Much for all your time and great assistance, your assistance was very thorough and you gave very clear instructions...I will add to your repuation cos you're a star. I will follow up on all the info you gave me and talk to my friend about installing some more RAM, he works in the Computer biz over here so should know exactly what I need.
Thanks very much and Best wishes to you XX I will mark solved :)

Hi Judy and thanks again,
Yes I'm in Tehran, I'm English but I'm living here at the moment unfortuneatly it gets a

pretty bad rap in the Western media I assure you. It's a very developed society with warm

friendly people and beautiful scenary and four proper seasons, it's been snowing lately

which is great.

OK...I did everything you said.

I tried to remove the Ultimate Pop-up Blocker from my list but it said "could not

loadinitialization file" ...I'll try it again later.
I use Ares very rarely

My RAM is : 1.70 GHz,224MB

And I did the Eset scan again online and deleted the threats but I couldn't see anything

for saving a log...I tried to copy and paste the results and that wasn't happening (it

doesn't let you copy the highlighed results) so sorry I accidentally navigated away from

the page and when I went back my scan results were gone...anyway I did the scan and the

threats were deleted so it's Ok I think. I don't know how one can get a copy of the log on

Eset cos it's not clear on the page. Anyway done and deleted.

Here's my new HJT log and I think everything seems to be OK if you want to mark

solved...thanks again for your time and help...X

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:12:49 PM, on …

Hi Judy and thanks again,
Yes I'm in Tehran, I'm English but I'm living here at the moment unfortuneatly it gets a

pretty bad rap in the Western media I assure you. It's a very developed society with warm

friendly people and beautiful scenary and four proper seasons, it's been snowing lately

which is great.

OK...I did everything you said.

I tried to remove the Ultimate Pop-up Blocker from my list but it said "could not

loadinitialization file" ...I'll try it again later.
I use Ares very rarely

My RAM is : 1.70 GHz,224MB

And I did the Eset scan again online and deleted the threats but I couldn't see anything

for saving a log...I tried to copy and paste the results and that wasn't happening (it

doesn't let you copy the highlighed results) so sorry I accidentally navigated away from

the page and when I went back my scan results were gone...anyway I did the scan and the

threats were deleted so it's Ok I think. I don't know how one can get a copy of the log on

Eset cos it's not clear on the page. Anyway done and deleted.

Here's my new HJT log and I think everything seems to be OK if you want to mark

solved...thanks again for your time and help...X

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:12:49 PM, on …

Hi and thanks very much for your time and instructions I have posted below following your questions to make it more clear, you're in red:

Give us some more info on the computer itself...how many hard drives, how full are they,

how much RAM is installed?

LOCAL DISC C : Total size: 4.87GB free space: 2.29GB
LOCAL DISC D: Total size : 11.6GB Free space : 4.21GB
LOCAL DISC E: Total size : 11.6GB Free space: 4.89GB
LOCAL DISC F: Total size: 10.0GB Free space: 6.58GB

I have tried to delete as much as possible from my D drive...there is no music, video,

pictures and hardly any files so I don't know why it is so heavy and what I could do to

lighten it up.

I'm not sure how to check the RAM...sorry...

Have you done general clean up of the computer...removal of temp files, defrag and that type of thing?

I have now with ATF cleaner

Have you done scans with your antivirus program AND with SpyBot?

Yes fixed the problems found : 22 items on Spybot followed up with Avast antivirus which came out clean. My system seems to be working better and haven't had any issues with the mouse again....yet?

One thing which has probably nothing to do with your problem but can interfere with any ixes possibly needed is Turn OFF the SpyBot TeaTimer and leave …

Hi and thanks for your help first of all.
Today my system has been freezing a lot, it was getting worse unil the mouse froze on

screen so the only option I had was to reboot my system.
It would do a disk check on start up and then go to the start windows page as normal but

the mouse was still frozen so I just had to keep rebooting, disk checking, until finally

the mouse came back into action....about 4-5 attempts. It checks disc D for consistency on

the disk check stage.
Then everything seemed back to normal and I was using the internet when the same thing

happen this time I had to reboot the system about 10+ times before the mouse regained

itself...is this a virus or a mouse probalem..please check out my hijackthis file and let

me know what to do.

Another thing I should mention is I went to burn a cd on my writer (ASUS 52 24 52) a couple of days ago and it

couldn't read the disk, the last time I used it it was fine but that was some time back, it doesn't play any discs either, it just isn't registering them, the drive is on my computer but

it doesn't seem to work? The driver is present. I'm not sure if this is relevant or a

seperate issue and just a busted cdr.
Thanks very …

Did you, or anyone else see any problems with my HJT log?
Do I have a virus? My PC is acting weird (slow) since I upgraded Windows live and messenger.
Please check my HJT log.
Thanks very much for your time and consideration.

Hi my system is running a bit slow especially since I upgraded Messenger and Internet explorer. I think my disks are a bit heavy?? It's slow and strange maybe it's sick I did the HJT.

Windows Live Hotmail runs very weirdly aswell (slow and doesn't always work)

My Disk size on Local Disk D is : 11.6GB and I've got 4.13GB free space.
I heard I should have at least half of the disk space free for faster operation can you please advise me how to considerably free up my disk space. I already deleted lots of stuff, moved a large amount to my other disks and did disk cleanup.

In my d:program files I have MSN which is 30.9MB. Can I delete this since I now have Windows live?

Plus there's stuff like 'NetMeeting' which I don't use but I'm not sure if I can delete these or they are underlying necessary programs?

In my documents and settings please tell me what I can delete.
D:/Documents and Settings

Administator : size 4.41MB

Administrator.FND : size 3.85MB

Administrator.FND.000 : size 3.90 MB

Alan.Kala : size larger han 10.9 MB ( this is where all my main docs are)

All Users : size larger than 13.5 MB

Guest : size 1.6MB

Can I delete some of these folders safely?

I also attached a hijackthis log incase it's viral.

Hi to you …

Thaks for everything Crinchie, I did everything you said and I am returning my friend's tower. My own system is working fine, I think, but it is a bit slow sometimes so I might post up a HJT log for my system soon just to check it out, in the meantime I'll mark this thread as solved and say THanks again and have fun Crunchie....XX

Hi there Crunch, how's life in the Land Downunder? Well the PC seems to be

working great, so hopefully I'll beable to return it to my friend in better

shape than it was in when I got it....I can't believe he didn't have any

antivirus installed. Well at least I'm not feeling so guilty now.
I just want to give you a massive shout out for being so dedicated to my post

and for all your fab advise... you're a dude... a much appreciated super cool

dude...so thanks a million and hopefully I can mark this thread as

solved..what do you think??

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:33 ب.ظ, on 2008/05/06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINXPSP2\System32\smss.exe
C:\WINXPSP2\system32\winlogon.exe
C:\WINXPSP2\system32\services.exe
C:\WINXPSP2\system32\lsass.exe
C:\WINXPSP2\system32\svchost.exe
C:\WINXPSP2\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINXPSP2\system32\spoolsv.exe
C:\WINXPSP2\system32\svchost.exe
C:\Program Files\Universal Shield 4.0\US30Service.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINXPSP2\Explorer.EXE
C:\WINXPSP2\Win2Farsi\ClockMRT\MRTclock.exe
C:\WINXPSP2\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINXPSP2\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINXPSP2\Win2Farsi\ClockMRT\MRTclock.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

Hey Crunchie, I just thought I'd let you know that I can post and send emails OK now so it was probabaly just a temporary glich and I was probabaly being paranoid on that one :$

Hey Crunchie, it's me again, it took me hours to post the last thread, I'm having big problems on my system, posting, sending emails and things of that nature and I'm sure it's a system problem not an internet connection error cos my other system works fine on the same connection...food for thought...thanks a million again..praise..praise...praise to you

Hey Crunch..thanks for all your time and effort by the way.

OK I did as you said I'm pretty sure I turned off all my sheilds and antivirus programs
I wouldn't know how to do more than what I did.
the 2 logs are posted below.
I did see something on the first log:
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

It's funny cos this system is a bit different to mine and I couldn't find
the system restore in the control panel,
is that what it's referring to? If it's important or worth mentioning
any advise about that please let me know aswell.

ComboFix 08-05-01.3 - Dear

-User 05/05/2008 17:49:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.77 [GMT 4.5:30]
Running from: C:\Documents and Settings\Dear-User\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINXPSP2\ufdata2000.log
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 13:12 --------- d-----w C:\Program Files\FlashGet
2008-05-05 12:50 --------- d-----w C:\Program Files\Orion Trader 4
2008-05-05 12:29 --------- d-----w C:\Program Files\GetRight
2008-05-05 10:05 1,942 ----a-w C:\WINXPSP2\system32\tmp.reg
2008-05-04 06:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\lijetutc
…

Thanks again Crunchie. I really appreciate your help....

SmitFraudFix v2.319
Scan done at 14:34:52.20, Mon 05/05/2008
Run from C:\Downloads\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:46:24 ب.ظ, on 2008/05/05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINXPSP2\System32\smss.exe
C:\WINXPSP2\system32\winlogon.exe
C:\WINXPSP2\system32\services.exe
C:\WINXPSP2\system32\lsass.exe
C:\WINXPSP2\system32\svchost.exe
C:\WINXPSP2\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

Thanks again Crunchie ;)

SmitFraudFix v2.319

Scan done at 15:38:17.70, Sun 05/04/2008
Run from C:\Downloads\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINXPSP2\System32\smss.exe
C:\WINXPSP2\system32\winlogon.exe
C:\WINXPSP2\system32\services.exe
C:\WINXPSP2\system32\lsass.exe
C:\WINXPSP2\system32\svchost.exe
C:\WINXPSP2\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINXPSP2\system32\spoolsv.exe
C:\WINXPSP2\system32\svchost.exe
C:\Program Files\Universal Shield 4.0\US30Service.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINXPSP2\Explorer.EXE
C:\WINXPSP2\Win2Farsi\ClockMRT\MRTclock.exe
C:\WINXPSP2\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINXPSP2\system32\ctfmon.exe
C:\WINXPSP2\Win2Farsi\ClockMRT\MRTclock.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\FlashGet\flashget.exe
C:\WINXPSP2\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINXPSP2

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINXPSP2\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINXPSP2\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINXPSP2\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dear-User

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dear-User\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DEAR-U~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINXPSP2\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

Hi Crunchie...thanks for everything....I wasn't sure if I was supposed to start a new thread or follow this one up ...did what you said...seems tobe running better..no weird popups....please take a look at the logs below
1. Malware bytes log
2. Malwarebytes log (after updating program)
3. New HJT

Thanks very much for your time and advice:)

Malwarebytes' Anti-Malware 1.11
Database version: 599

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 45796
Time elapsed: 13 minute(s), 25 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 28
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 72

Memory Processes Infected:
C:\Documents and Settings\All Users\Application Data\lijetutc\tuxazcpq.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> …

Hi there and thanks for everything first of all, I think my last post may have been confusing, so sorry about that, can you please look at me Hijack this log posted below and let me know what I can dp to stop Antivirus warnings and webpage rerouting that has started hapening on my system, also I can't send, or recieve mail and access some webpages.
Thanks XXX
Danielle.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:04:37 ب.ظ, on 2008/05/01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINXPSP2\System32\smss.exe
C:\WINXPSP2\system32\winlogon.exe
C:\WINXPSP2\system32\services.exe
C:\WINXPSP2\system32\lsass.exe
C:\WINXPSP2\system32\svchost.exe
C:\WINXPSP2\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINXPSP2\system32\spoolsv.exe
C:\WINXPSP2\system32\svchost.exe
C:\Program Files\Universal Shield 4.0\US30Service.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINXPSP2\Explorer.EXE
C:\WINXPSP2\Win2Farsi\ClockMRT\MRTclock.exe
C:\WINXPSP2\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINXPSP2\system32\ctfmon.exe
C:\WINXPSP2\Win2Farsi\ClockMRT\MRTclock.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Antivirus 2008\Antvrs.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =

http://localhost:9100/proxy.pac
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1

\FlashGet\jccatch.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program

Files\GetRight\xx2gr.dll
O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-

Book Systems\FlipAlbum 6 Pro Eval\fplaunch.dll

Hi there and thanks for everything first of all, I borrowed my friends hard drive (tower

for the computer) I'm using my own keyboard and monitor, after 1 day of alot of internet

usage I turned the computer back on and have benn inundated with all kinds of alerts saying

I have trojans and spyware and all that kind of stuff and keep getting redirected to

various antivirus websites plus a few porn sites popped up. I thought maybe he didn't have

any antivirus installed so I downloaded the avast home edition, which I use on my own

system, it cleaned a bunch of trojans and stuff, I ran CWS shredder, which didn't show

anything present, but this weird program 'Antivirus 2008' keeps running and prompting me to

buy it, there's an icon of it on the bottom of my screen which keeps giving me scary

security warnings and propmting me to update. And when I connect to the internet I

sometimes get re-routed to some weird antivirus page, not even Antivirus

2008...like....http://ucleaner.com, http://www.system-defender.com and since I downloaded

the Avast antivirus we're VERY SLOOOOWWWWW plus it doesn't let me navigate freely
I went to the programs list to remove Antivirus 2008 but it wasn't on the list and I tried

to delete the file from the program files on drive C but it said it was being used and I

wasn't …

I only use Windows XP

I don't hve the windows XP disk....grrr

I hope I'm in the right forum 1st of all and thanks to all of you.
Since this morning when I have turned on my PC it boots as normal and then gets stuck on the 1st page (before windows would open) Mercury with the website address,(which I'm guessing is the make?)
After this page comes up for a second it usually loads the Windows page prompting me to choose my operating system (windows XP or windows98) then I start up Windows as usual.
This prompt doesn't happen. It's like frozen on the Mercury page, then I have to unplug the hard from the wall to turn it off. It's just frozen dead on that page.
It's happened a few times today and is just weird. I'm scared to turn off my PC in case it happens again.
I'm not that tecnical as you can see so I hope my explanation makes sense and any advice will be greatly appreciated.

Hi there,
Everything seems to be fine now.I think....... :rolleyes:
Thanks so much for your time and great service....you rock !!!!!!!!!!

Here you go :
Logfile of HijackThis v1.99.1
Scan saved at 2:34:04 PM, on 4/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\ZIPPED\security suite\ewidoctrl.exe
E:\ZIPPED\security suite\ewidoguard.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Winamp3\winampa.exe
D:\WINDOWS\SYSTEM32\Mounter.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\WINDOWS\system32\ctfmon.exe
F:\WinZip\WZQKPICK.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
C:\unzipped\hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=D:\WINDOWS\regedit /s D:\pav.reg,D:\WINDOWS\system32\pavdr.exe,D:\WINDOWS\system32\userinit.exe,
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Mustek MDC 3000] D:\WINDOWS\SYSTEM32\Mounter.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
…

Hi there.
Here's the Ewido log:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------


+ Created on:           6:50:30 PM, 3/31/2006
+ Report-Checksum:      BFC1A459


+ Scan result:


D:\Documents and Settings\Alan.Kala\Local Settings\Temp\Cookies\alan.kala@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Local Settings\Temp\Cookies\alan.kala@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Local Settings\Temp\Cookies\alan.kala@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Local Settings\Temp\Cookies\alan.kala@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Local Settings\Temp\Cookies\alan.kala@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Local Settings\Temp\Cookies\alan.kala@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Local Settings\Temp\Cookies\alan.kala@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Local Settings\Temp\Cookies\alan.kala@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Local Settings\Temp\Cookies\alan.kala@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Local Settings\Temp\Cookies\alan.kala@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@e-2dj6wjk4wnczgco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@e-2dj6wjkyemazmhq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@com[1].txt -> TrackingCookie.Com : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@e-2dj6wjkoupdpeap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@estat[1].txt -> TrackingCookie.Estat : Cleaned …

Hi there.here you go .............. thanks again

Logfile of HijackThis v1.99.1
Scan saved at 12:32:02 PM, on 3/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Winamp3\winampa.exe
D:\WINDOWS\SYSTEM32\Mounter.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
F:\WinZip\WZQKPICK.EXE
C:\unzipped\hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=D:\WINDOWS\regedit /s D:\pav.reg,D:\WINDOWS\system32\pavdr.exe,D:\WINDOWS\system32\userinit.exe,
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Mustek MDC 3000] D:\WINDOWS\SYSTEM32\Mounter.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "E:\Program …

Ooops I forgot to post the Hijack this log........here you go:
Logfile of HijackThis v1.99.0
Scan saved at 1:29:18 PM, on 3/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Winamp3\winampa.exe
D:\WINDOWS\SYSTEM32\Mounter.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Ares\Ares.exe
F:\WinZip\WZQKPICK.EXE
C:\unzipped\hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=D:\WINDOWS\regedit /s D:\pav.reg,D:\WINDOWS\system32\pavdr.exe,D:\WINDOWS\system32\userinit.exe,
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Mustek MDC 3000] D:\WINDOWS\SYSTEM32\Mounter.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
…

Hi there and thanks for your great service.
My computer has been a bit slower than usual and sluggish on line, plus the PC clock has jumped forward an hour about 3 times in the past couple of weeks.
This all seems to coincide with an online MSN toolbar update that I was prompted for (which I have considered removing from my PC)
I ran stinger, CWS shredder, Trojan Hunter, Spy Doctor(it's bit of an old version though) and I have Avast antivirus which found : Win32:Kuang2 : 3 entries and 1 entry for: Win32:NGVCK-E and I moved to the chest for the time being.

Today I was online and the PC just went kind of crazy, lots of programs startd up and the screen flashed from one thing to another I had no control of the cursor and other functions and turned off and rebooted from my hard drive.
Also when I turn on my PC the past few times a dialogue box appears on start up saying something like services for Win32 (or something like that) has encountered a problem and needed to close with the time and the time is when my Pc has been off ??

Please see my Hijack this file and advise me of the best possible action....
With Massive thanks x Danielle ;)

SOLVED,
In my desperation I reinstalled the trial version and it seemd to overwrite the old version then I was unable to uninstall it from my PC :p
Thanks for helping out
Have a good one XXX

OK I found the services section and I stopped all Panda Services from running except there was on Panda Service which was unstoppable, when I right clicked on it the stop button was unavailable this service was called :
PANDA PROCESS PROTECTION SERVICE
Anyway I stopped all the other processes and then spent almost half an hour deleting the registry but toward the end all the entries which were coming up were un deletable and a dialogue box opened saying :
ANABLE TO DELETE ALL SPECIFIED SERVICES.
So I deleted whatever i could, and it was alot, rebooted but Panda was running as if nothing had been changed so i am at a bit of a loss about what to do now.
Please let me know your idea, thanks again for your time and help XXX

Please be aware that I am running a trial version of Panda Titanium 2005, as I already mentioned. I had installed it once but was having problems with it booting and was prompted to uninstall and reinstall the product which I did, since then I have not been able to remove it from my system. ( I thought this might be important to know, that it is a trial version)

Hi there,
I am trying to remove panda trial version from my PC,
In the instructions you gave me it said :

First attempt to remove Panda from Control Panel, Add remove programs. Once this is done, make sure that there are no Panda Services running in the Services section in Control panel. Ensure they are stopped and set to disabled.

Ok I have tried to remove from the control panel and this isn't happening and I can not locate the services section in my control panel to make sure that there are no Panda services running, so I don't know how to ensure they are stopped and set to disabled.

Anyway I went ahead and followed the rest of the instructions and rebooted the PC but everything was the same, Panda was running and nothing had changed despite the fact that I deleted loads of entries from the rgistry, there was maybe one entry under both panda and pav that I couldn't delete and a dialogue box came up saying somthing like unable to delete file.
So I'm guessing this is b/c I missed the first step.
After this I was worried that maybe I had done something weird so i did a system restore just to be sure, I even restored it to the last time I reinstalled Panda trial versionm to see if this may solve the problem but when I tried to uninstall it it said :Error extracting support …

Thanks I will let you know if there's anything else otherwise thankyou very much for your time !!!

thanks I'll try i, but i'm not sure how to back up my registry could you please tell me?

Hi and thanks to everyone on Daniweb, you rock!!
I downloaded Panda Titanium antivirus trial version from the internet and i want to uninstall it from my PC. It won't uninstall from the control panel: add and remove programs list, nothing happens at all when i press remove.
Nor will it uninstall from the start menu programs list from the uninstall program icon.
Plus there is a red X over the uninstall icon on the start menu which I'm not sure is supposed to be like that.
It just seems like the uninstall function is not working properly.
I previously had problems with the antivirus loading and there was a dialogue box that said : if this problem persists please uninstall and reinstall on the system.
Which I did, there was no problem uninstalling the product at this time.
Please give me your advice I want to remove it as soon as possible.
THANXXXXXX

Hey there! Thanks to all you good people first of all. I have been using speakers with my PC which work fine. Now I have wanted to talk to my friends on line so I tried to plug in my headset with attached microphone. I can hear fine on the headset(listen to music hear sounds on theweb etc.) but I can't hear my voice or use my microphone for talking to people.
My headset has 2 jacks which I have plugged into 2 sockets at the back of the harddrive.
There is no voice. Do I need to do something to hear my voice or to configure microphone settings on the computer? please help me, I can't figure it out. Thanks XX

Hi,
OK I figured it out so thXXX and everybody probably already knows how to do it but for those who don't:
save as : file type : powerpoint show
hah hah

Hi to the good people on Daniweb and thanks for all your time and help... you rock!!
Now what I'm am about to ask I know is very basic and probably soooooo obvious but I have tried to figure it out on my own and I have failed so with a tonne of embarrasment I continue... :rolleyes:
I have created a slideshow presentation in Powerpoint, it is the first time I've used the program and it came out quite well so I am pleased.
However I do not know how to save it so that it opens just as the slide show presentation.
I mean that right now I open it, it opens on the main page, where you can add slides and edit etc.etc.
I want to save it just as the slide show so I can send it to people and use it just as the slide show which when they open the file it starts on the first slide and finishes on the last slide. I am hoping you are understanding me and my very un techie talk
I appreciate you time and help.
ThanXXXXXXXXXXXX

I think it is Ok I will post again if anything comes up.
Thanks for all your help :)

Thanks for replying to my posts.
The operating system is on D;|as far as I know the other drives are for storage.
I downloaded the Counterspy and follow the prev\ious instructions and I have emptied my Temp files please see my HJT log:
Logfile of HijackThis v1.99.0
Scan saved at 8:21:38 PM, on 4/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Winamp3\winampa.exe
D:\WINDOWS\SYSTEM32\Mounter.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
F:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
F:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
D:\WINDOWS\system32\ctfmon.exe
F:\WinZip\WZQKPICK.EXE
E:\ZIPPED\SpySub.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\unzipped\hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=D:\WINDOWS\regedit /s D:\pav.reg,D:\WINDOWS\system32\pavdr.exe,D:\WINDOWS\system32\userinit.exe,
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 …

OK when I open the hidden files and folders and show the operating system files on my PC I can't find documents and settings folders on any other drives except for D:\
In the D:\ docs and settings there is a hidden Local services folder and within this there is a local settings folder which has the TEMP folder in it, the contents are empty.
Inside the documents and settings folder there are 8 folders, these are normally UN-hidden.
Within each of these 8 folders there is a local settings folder which have the TEMP folders inside.
Some of them are already empty or have next to nothing in them ( Temporary Internet files etc)
But the folder which is nammes Alan Kala on D:\ has a TEMP folder with 42MB + of stuff in it
ShallI delete evrything inside this folder?
So it seems all the TEMP folders on my P/C are on my D:\ within these 8 folders.
They definitely don't seem to be present on any other of the hard drives. I am not sure if this is normal.
Should I delete the contents of all of these TEMP files within thse 8 folders?
My computer crashed 2 times today as well unfortuneately

Thanks for the reply.
OK I found the temp files but I copuld only find them on disk D and the folder was empty anyway.
I di d notice a whole bunch of hidden files named FOUND.000 throught to FOUND.016 on disk D I'm not sure if these are normal.
This other weird thing called Spooler logs keeps reappearing on my disk d too I don't know what it is it looks like a styl;e sheet it's in HTML anyway.
The Centinel V x D end program is still coming upo. I'm going to download CountersPy as recommendended and I'll get back with the results afterwards.
Thanks again for your kind attention and advice :)

OK I did that show hidden files and folders that you said but I still couldn't find the Temp folder, am I being totally >>>>

I am sorry if I am being a bit dumb but how do I locate the temp folder to delete the contents?
I can't find them to delete them please be more specific.

Hi there and thanks for the reply to my posting.
I ran Trojan hunter it didn't find anything the same thing with stinger.
I updated CWShredder and spybot but they too didn't seem to show anything up.
I downloaded Spy subtract from the CWShredder program link and that found a few things :

--------------------------------- SpySubtract session started ---------------------------------
Machine=FND
Time=Tue Apr 05 09:30:15 2005
Product Version=1, 0, 1, 49
OS Version=Microsoft Windows XP Professional Service Pack 2 (Build 2600)


Started Scanning
Programs in Memory
Finished Scanning
Started Scanning
Internet Cookies
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Found 'casalemedia.com' in 'Internet Explorer Cache'
Found 'bravenet.com' in 'Internet Explorer Cache'
Found 'adtech.de' in 'Internet Explorer Cache'
Found 'bluestreak.com' in 'Internet Explorer Cache'
Found 'centrport.net' in 'Internet Explorer Cache'
Found 'burstnet.com' in 'Internet Explorer Cache'
Found 'realmedia.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\ResultsFilter'
Found '' in 'Software\Kazaa\Settings'
Found '' in 'Software\Kazaa\Transfer'
Found '' in 'Software\KaZaA\CloudLoad'
Found '' in 'Software\KaZaA\ConnectionInfo'
Found '' in 'Software\KaZaA\LocalContent'
Found '' in 'SOFTWARE\Classes\.xmfg'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\Control'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\MiscStatus'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\MiscStatus\1'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\ToolboxBitmap32'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\Version'
Found '' in 'SOFTWARE\Classes\CLSID\{B666CF5A-B50A-49E4-8354-37AC595C5B7E}'
Found '' in 'SOFTWARE\Classes\CLSID\{B666CF5A-B50A-49E4-8354-37AC595C5B7E}\InprocServer32'
Found '' in 'SOFTWARE\Classes\TypeLib\{6043F8F5-4FBE-47DA-A789-146B02AE6FA0}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{6043F8F5-4FBE-47DA-A789-146B02AE6FA0}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{6043F8F5-4FBE-47DA-A789-146B02AE6FA0}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{6043F8F5-4FBE-47DA-A789-146B02AE6FA0}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\XMIRAGE.XMirageCtrl.1'
Found '' in 'SOFTWARE\Classes\XMIRAGE.XMirageCtrl.1\CLSID'
Found '' in 'SOFTWARE\Classes\CLSID\{7E5DA25B-1C13-4B78-837A-B938624EBA41}' …

Hi and thanks again to all the good people on Daniweb.
Since yesterday my P/C has shut itself down automatically and restarted. On restart it says that my disk D needs to be checked for consistency. When the disk check is complete the system starts as usual and there is a notice saying that the system has recovered from a serious error. :o
So I am a little concerned I have run spybot and antivirus and everything seems OK, my operating system is Windows XP
I have attached the Hijack this log below :
Logfile of HijackThis v1.99.0
Scan saved at 3:23:42 PM, on 3/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Winamp3\winampa.exe
D:\WINDOWS\SYSTEM32\Mounter.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
D:\WINDOWS\system32\ctfmon.exe
F:\WinZip\WZQKPICK.EXE
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\unzipped\hijackthis\HijackThis.exe

Dear Tactile,
To get High Jack This go to the web and down load it for free : if you go to the Virus and other nasties forum you can find the link to it there.
Down load it on your machine and run it and save a copy of the log : it guides you through the process, then post it at daniweb ; but start a new thread for yourself and post your log in the virus forum section to get a good response, the good people will tell you what needs to be removed, I wouldn't touch anything without advice from the experts.

By the way I fixed my IE problems by doing the HJT thing and then by following these steps , try it it might work for you from the MSN customer service:

1. Click ‘Start’, ‘Run’ then type: ‘iexplore’ (without apostrophes)
2. Click ‘Tools’, ‘Internet Options’
3. Under General, click:

a. ‘Delete Cookies’, ‘OK’
b. ‘Delete Files’, ‘Delete all offline contents’, ‘OK’
c. ‘Clear History’, ‘Yes’
d. ‘Settings’, Adjust the amount to 300 MB, ‘OK’

4. Under Security, click ‘Internet’, ‘Default Level’, then ‘Apply’
5. Click ‘Privacy’, ‘Default’, then Apply
6. Under Content, click ‘AutoComplete’, ‘Clear Forms’, ‘Clear Passwords’ then ‘OK’
7. Under Connections, do the following: (skip these if you are using DSL)

a. Select the connection in the Dial-up and Virtual Private Network settings
b. Click …

Hi there,
I am sooooooo happy to say that I have hotmail on IE and MSN again.
I followed all the steps from the good people on this forum to clean out my computer but the hotmail problem wasn't solved until this afternoon so I think it was some isolated hotmail weirdness, I recieved this email from MSN support and followed it and voila hotmail is back in action so I have posted it for one and all :
I hope you have good fortune too :

By the way thanks to you guys at daniweb who really took the time and care to follow my thread, you rock :)

Danielle, please follow the steps below to address issues where MSN Hotmail does not properly load.
I. Check for firewall or filtering software interference
Look for an icon in the notification area on the right side of the taskbar (near the clock) for firewall or filtering software. If there is one, right click on it to check its properties.

If you are encountering difficulties signing in to MSN when you have the firewall enabled, we suggest that you contact the software manufacturer for assistance with configuring it to function with MSN.

Here are some of the most popular firewall programs and their contact information:

1. McAfee Personal Firewall - 1-900-454-6223
2. Norton Internet Security - 1-800-441-7234
3. Black Ice Defender - http://blackice.iss.net/customer_support.php
4. Zone Alarm …

Hi there,
I am sooooooo happy to say that I have hotmail on IE and MSN again.
I followed all the steps from the good people on this forum to clean out my computer but the hotmail problem wasn't solved I recieved this email from MSN support and followed it and voila hotmail is back in action so I have posted it for one and all :
I hope you have good fortune too :

Danielle, please follow the steps below to address issues where MSN Hotmail does not properly load.
I. Check for firewall or filtering software interference
Look for an icon in the notification area on the right side of the taskbar (near the clock) for firewall or filtering software. If there is one, right click on it to check its properties.

If you are encountering difficulties signing in to MSN when you have the firewall enabled, we suggest that you contact the software manufacturer for assistance with configuring it to function with MSN.

Here are some of the most popular firewall programs and their contact information:

1. McAfee Personal Firewall - 1-900-454-6223
2. Norton Internet Security - 1-800-441-7234
3. Black Ice Defender - http://blackice.iss.net/customer_support.php
4. Zone Alarm - http://www.zonelabs.com/store/content/company/contact.jsp;jsessionid
II. Optimize Internet Explorer settings:

1. Click ‘Start’, ‘Run’ then type: ‘iexplore’ (without apostrophes)
2. Click ‘Tools’, ‘Internet Options’
3. Under General, click:

a. ‘Delete Cookies’, ‘OK’

Hi and thanks for you time, enjoy.
Well I did everuthing you suggested here's the new HJT log :
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
D:\Program Files\Winamp3\winampa.exe
D:\WINDOWS\SYSTEM32\Mounter.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
F:\WinZip\WZQKPICK.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
D:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Mustek MDC 3000] D:\WINDOWS\SYSTEM32\Mounter.exe
O4 - HKLM\..\Run: [SCANINICIO] "D:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} …

Hi there and I trust you are enjoying your good selves :)
Please take a look at my newest HJT log :
Logfile of HijackThis v1.99.0
Scan saved at 12:26:46 PM, on 12/25/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
D:\Program Files\Winamp3\winampa.exe
D:\WINDOWS\SYSTEM32\Mounter.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
F:\WinZip\WZQKPICK.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
D:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Mustek MDC 3000] D:\WINDOWS\SYSTEM32\Mounter.exe
O4 - HKLM\..\Run: [SCANINICIO] "D:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\WinZip\WZQKPICK.EXE
O8 - Extra context menu …

Hi there good people :)
I removed it from the list and this is my new log :
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
D:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Winamp3\winampa.exe
D:\WINDOWS\SYSTEM32\Mounter.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
F:\WinZip\WZQKPICK.EXE
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Mustek MDC 3000] D:\WINDOWS\SYSTEM32\Mounter.exe
O4 - HKLM\..\Run: [SCANINICIO] "D:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk …