hi. i have a hard drive that had been working. today i opened it up and only saw 3 nonsensical files and all my files are gone. the drive indicator still says that the files are in there because the "free space" left is quite small. is there anyway i can recover all the stuff that's in there? please help! :(

well it's not really an answer. is it safe to have upnp enabled? and why does it mess up my web browsing?

so should i keep it disabled? i was looking around for info because my torrents were downloading super slow and someone posted that upnp should be enabled on the router to make the downloads work well. i was capable of downloading 500k a sec but it was down to about only 24k so something was wrong. when i enabled upnp however it jumped up to 500k. am i not supposed to enable upnp on my router?

hi. i was wondering if enabling upnp will interfere with web browsing. i had to enable it for torrents, but my web browsing has significantly slowed or even stopped. even though i've limited my downloads to half of what i'm capable of i'm still having problems web browsing. what am i doing wrong?

hi. i've recently been infected with some malware but got that resolved i think. however, ever since, my web browsing hasn't been the same. i can't seem to get web pages to load as the used to. they would either take very very very long to load or not at all. these are sites that i visit on a daily basis but ever since sunday night i've not been able to get any page to load completely or at least fast.

i've checked my internet connection and it's working at optimum speed. i'm downloading tv show torrents that are downloading fine. and before you say that these torrents are interfering with web browsing, i've tried it with downloads going and not going and still the same. it shouldn't even be a problem as i used to be able to browse rather quickly even though downloads are going.

these are for all web pages, so i've thoroughly tested the problem on various web pages with various locations, distance, content, complexity, etc.

please help. i'm desperate to get my machine working the way it used to or supposed to. thanks.

here is my latest hijack scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:00, on 9/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program ...

here is the updated malwarebytes scan log

Malwarebytes' Anti-Malware 1.26
Database version: 1103
Windows 5.1.2600 Service Pack 2

9/2/2008 09:40:43 PM
mbam-log-2008-09-02 (21-40-43).txt

Scan type: Full Scan (C:|)
Objects scanned: 130370
Time elapsed: 1 hour(s), 4 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page\Start Page (Hijack.Homepage) -> Bad: ([url]http://lookanddiscover.com/[/url]) Good: ([url]http://www.google.com/[/url]) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\VIE409.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VIE40A.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\MSA\msa0.dat (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MSA\msa1.dat (Rogue.MSAntivirus) -> Quarantined and deleted successfully.

now here is the panda scan log

;
ANALYSIS: 2008-09-02 23:29:28
PROTECTIONS: 2
MALWARE: 36
SUSPECTS: 7
;

PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton Antivirus Internet Security 2007 No Yes
Norton 360 7.2.2.3 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No E:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\93ibmvu6.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No E:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\93ibmvu6.default\cookies.txt[.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\93ibmvu6.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No E:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\93ibmvu6.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No ...

[QUOTE=gerbil;683297]
Slow dl of some webpages.... that can depend upon a few things, like your ISP's load, that of the net in general [it is getting clogged by folks swapping files, mainly stupid OffYouFace videos, and how busy the servers holding that page are. Try pinging a few sites that you know are far away. Daniweb drives me nuts with its slow dl of pages from time to time; when you are helping in various threads the dl of the same ad images every time you refresh pages is almost too much. I note that some [tech] sites dl the ads, pause for a while, then dl the post content. I hope that is not deliberate.
If your sys does have lingering ills then the clean and scan I recommende in post#3 will identify them for us. It is a very good online scan.[/QUOTE]

well as i previously posted, all sites download slow or not at all even sites that i visit daily or frequently. my isp speed is at optimum. i'm having no poblems downloading torrents. it's just the web sites that are slow to download or not at all. i mean i can understand some pages not loading or slow, but all the ones that i've tried? i've not encountered any problem like this before. even when my isp was having trouble and downloads and uploads were ground down to only a few kb i still had pages loading much faster. the only other time i had a ...

ok. i'm not sure what my next step is besides going for an update on malwarebytes. would that explain web pages loading super slow or not at all? i'm not home currently so i can't update and rescan just yet.

just want to know what my next step is. i still don't know what you mean by deleting host file.

any help is good help. the more people pitching in the better.

yes i reboot the computer just as the program wants. it's not like i have much of a choice. once you hit ok it will reboot it. one doesn't go through all that process and just hit cancel, i would hope. >_<

i will update my malwarebytes asap. still, it wouldn't explain why accessing web pages is such a chore for the web browser. it will either not load the page or take 10times longer than it usually does even though my connection speed, as the speed tests indicated, are at optimum.

ok sorry. please don't get upset about it. i'm already stressed about it enough as it is.

Malwarebytes' Anti-Malware 1.24
Database version: 1026
Windows 5.1.2600 Service Pack 2

09:04:00 AM 9/1/2008
mbam-log-9-1-2008 (09-04-00).txt

Scan type: Full Scan (C:|)
Objects scanned: 132527
Time elapsed: 53 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.

Malwarebytes' Anti-Malware 1.24
Database version: 1026
Windows 5.1.2600 Service Pack 2

08:34:39 PM 9/1/2008
mbam-log-9-1-2008 (20-34-39).txt

Scan type: Quick Scan
Objects scanned: 39777
Time elapsed: 3 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined ...

i also checked my download and upload rates and they seem fine. it's just some pages take soooooo long to load when they shouldn't and no need to. pages that i've visited before and had no problems loading. i can understand if some pages have problems loading but all of them?

the malwarebytes scan look identical because the first one was the first scan and fix that worked prior to the problem returning after i did the smitfraudfix. it was as if the smitfruadfix thing reset it back to before i did the first malwarebytes fix.

as far as the hijack fix. i found the last 3 but i couldn't find that first one that you mentioned. here is the updated hijack log after the fix.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:24, on 9/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\Crusty.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll ...

please disregard this thread. i was asked to edit it, but i couldn't. i want to delete it. i accidentally posted another so this one needs to be deleted. please help!

installed something that had a malware hidden. now it's doing that fake virus alert thing and redirecting my internet clicks to some spam sites. i did a malwarebytes scan and clean that i think worked but when i did the smitfraud fix it was as if the malwarebytes fix were nullified and the problem came back. so i redid the malware bytes again and did a hijack scan. here are the scans. please help. thanks

Malwarebytes' Anti-Malware 1.24
Database version: 1026
Windows 5.1.2600 Service Pack 2

08:34:39 PM 9/1/2008
mbam-log-9-1-2008 (20-34-39).txt

Scan type: Quick Scan
Objects scanned: 39777
Time elapsed: 3 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.

smitfraud scan

SmitFraudFix v2.344

Scan done at 19:04:19.29, Mon 09/01/2008
Run from C:\Documents and Settings\User\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is ...

installed something that had a malware hidden. now it's doing that fake virus alert thing and redirecting my internet clicks to some spam sites. i did a malwarebytes scan and clean that i think worked but when i did the smitfraud fix it was as if the malwarebytes fix were nullified and the problem came back. so i redid the malware bytes again and did a hijack scan. here are the scans. please help. thanks

Malwarebytes' Anti-Malware 1.24
Database version: 1026
Windows 5.1.2600 Service Pack 2

08:34:39 PM 9/1/2008
mbam-log-9-1-2008 (20-34-39).txt

Scan type: Quick Scan
Objects scanned: 39777
Time elapsed: 3 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.

smitfraud scan

SmitFraudFix v2.344

Scan done at 19:04:19.29, Mon 09/01/2008
Run from C:\Documents and Settings\User\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is ...

yea but it has all these precautions and whatnot and makes it sound like a last ditch effort kind of thing and that i'll lose a lot. i really don't want to make things worse. :(

have you done a repair? is it easy and safe?

yea i've been looking at that, but that post you linked made it sound like "omg it's such a big deal make sure you really really really really really want to do it and know what you are doing or your computer will blow up!" >.<

is it really that critical of a thing to do? i've looked at the cd install but nothing on it apparent saying "repair" i'm just afraid of making my mistake and making the problem worse, accidentally erasing my drive(s), losing my data, etc. >.<

what's making my desktop crash everytime i open a folder with a lot of folders? i open my music folder and desktop immediately crashes.

so the fact that the problems don't show up on any scan still means they are there? now way to fix but reformat?

what? :( so my antivirus was causing it? but those things are on a removable drive.... it's not even part of the computer. wouldn't disconnecting that drive or deleting the files or reformatting that one particular drive fix it? it's an external storage drive.

ok update. finished the full scan after 15 hours....

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, August 4, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, August 03, 2008 17:03:02
Records in database: 1048675
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\

Scan statistics:
Files scanned: 304228
Threat name: 54
Infected objects: 103
Suspicious objects: 0
Duration of the scan: 15:21:01

File name / Threat name / Threats count
C:\Documents and Settings\User\Desktop\SmitfraudFix\Reboot.exe  Infected: not-a-virus:RiskTool.Win32.Reboot.f   1
C:\Documents and Settings\User\Desktop\SmitfraudFix.exe Infected: Hoax.Win32.Renos.vaoz 1
C:\Documents and Settings\User\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f   1
C:\RECYCLER\S-1-5-21-1844237615-1303643608-725345543-1004\Dc1.mp3   Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\RECYCLER\S-1-5-21-1844237615-1303643608-725345543-1004\Dc2.mp3   Infected: Trojan-Downloader.WMA.Wimad.n 1
E:\Documents and Settings\All Users\Application Data\AOL Downloads\lpkw_setupSTUS\comps\toolbar\toolbr.exe  Infected: not-a-virus:AdWare.Win32.SearchIt.t   1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\0d25dedbb04b284eb9c66f9fd8426b29.a2q  Infected: not-a-virus:AdWare.Win32.BookedSpace.h    1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\2ed7f299efac0d33e3a65fab997227e6.a2q  Infected: Trojan-Downloader.Win32.PurityScan.dx 1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\3303458dcabc08967f47a25c3b587c7d.a2q  Infected: Trojan-Downloader.Win32.Agent.bls 1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\4d7ffc85b5838a7d7b4a5a30c78680f5.a2q  Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\4dc45a56ec82cedd5f885a24c21636a9.a2q  Infected: not-a-virus:AdWare.Win32.VB.y 1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\6cfab15a0f055ebfd83c009603fd7ace.a2q  Infected: not-a-virus:AdWare.Win32.BHO.ba   1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\8461a68b8feb6b1621f4234435ff094f.a2q  Infected: not-a-virus:AdWare.Win32.Virtumonde.ki    1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\879cabb3703679a1128c57ddfe3283ec.a2q  Infected: Backdoor.Win32.Dragonbot.k    1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\9abcd867a312c2598c2aaf8180dcf06b.a2q  Infected: Trojan-Downloader.Win32.Zlob.bqw  1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\9fc400505dd0ad9343c79f187ffb8de4.a2q  Infected: Trojan-Spy.Win32.VBStat.h 1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\a76dd8963246709c13f2a797687f5cae.a2q  Infected: Trojan.Win32.Agent.anr    1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\afbc4648a1764a0aca5699449f33c7b9.a2q  Infected: not-a-virus:Downloader.Win32.WinFixer.o   1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\c5b554080829b36b6316e205928aaabe.a2q  Infected: not-a-virus:AdWare.Win32.VB.y 1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\d2d0dac7cf4b24b4234c7922e16038be.a2q  Infected: Trojan-Downloader.Win32.PurityScan.dx 1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\e5b63c7432ec6a692c5fa1961ab7f5fb.a2q  Infected: Trojan-Downloader.Win32.VB.aya    1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\e8365d8308088e63b6d9bd9858fea200.a2q  Infected: not-a-virus:AdWare.Win32.NewDotNet.e  1
E:\Program Files\Norton AntiVirus\Quarantine\016200BF.exe   Infected: not-a-virus:AdWare.Win32.DealHelper.x 1
E:\Program Files\Norton AntiVirus\Quarantine\06D67260.zip   Infected: ...

:(

here is a scan of the c drive where everything is. the other drive is just storage so i figured anything that would be wrong is where the operating system is. besides the scan ran for hours and need to sleep but the computer is too loud to remain on. i hope this helps. thanks.

KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, August 3, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, August 03, 2008 11:20:06
Records in database: 1048222

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\

Scan statistics:
Files scanned: 113632
Threat name: 4
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 03:21:29

File name / Threat name / Threats count
C:\Documents and Settings\User\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\User\Desktop\SmitfraudFix.exe Infected: Hoax.Win32.Renos.vaoz 1
C:\Documents and Settings\User\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\RECYCLER\S-1-5-21-1844237615-1303643608-725345543-1004\Dc1.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\RECYCLER\S-1-5-21-1844237615-1303643608-725345543-1004\Dc2.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
E:\Documents and Settings\All Users\Application Data\AOL Downloads\lpkw_setupSTUS\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

The scan was stopped by the user.

doing the scan now. looks like it will take a long long time. 30 mins gone and only at 6% >_<

i haven't rebooted yet though. also, how do i do a repair, i popped the cd in yesterday but nothing on it had "repair" on it.

also, why is it that my desktop seems to need to refresh it's icons everytime i open a folder? that's what's crashing the desktop.

did, but a run window blinked in just less than a second and it was gone. no prompt or anything after.

same thing. no changes. desktop still crashes when i open folders too fast. it's like my desktop blinks everytime i open folders and when i open another before all the desktop icons render then it crashes.

here's hijack log after combofix:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:17, on 8/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\User\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM..\Run: ['Ashampoo AntiSpyWare 2 Guard'] C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec ...

here's the combofix log:

ComboFix 08-08-01.05 - User 2008-08-02 23:04:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1505 [GMT -7:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe

  • Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix.txt
C:\WINDOWS\system32\hxowbkvc.ini
C:\WINDOWS\system32\iRtwwvut.ini
C:\WINDOWS\system32\iRtwwvut.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\sefjtlkv.ini
C:\WINDOWS\system32\uhmvwkvb.ini
E:\aolconnfix.exe
E:\aolconnfix.txt
E:\VundoFix.txt
F:\Autorun.inf
L:\Autorun.inf
L:\RS.3.0.57.UPDATE.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-03 to 2008-08-03 )))))))))))))))))))))))))))))))
.

2008-12-21 21:59 . 2008-12-21 21:59 447,200 --a------ C:\WINDOWS\system32\OpenQuicktimeLib.dll
2008-12-21 21:59 . 2008-12-21 21:59 332,512 --a------ C:\WINDOWS\system32\3ivxVfWCodec.dll
2008-12-21 21:59 . 2008-12-21 21:59 25,312 --a------ C:\WINDOWS\system32\SamsungVfWCodec.dll
2008-12-21 21:59 . 2008-12-21 21:59 25,312 --a------ C:\WINDOWS\system32\DivXVfWCodec.dll
2008-12-21 21:58 . 2008-12-21 21:58 1,155,808 --a------ C:\WINDOWS\system32\3ivx.dll
2008-12-21 21:52 . 2008-12-21 21:52 66,272 --a------ C:\WINDOWS\system32\libfaac.dll
2008-08-02 04:49 . 2008-08-02 04:49 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-02 04:49 . 2008-08-02 04:49 <DIR> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-08-02 04:49 . 2008-08-02 04:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-02 04:49 . 2008-07-30 20:15 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-02 04:49 . 2008-07-30 20:15 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-02 03:44 . 2008-08-02 03:45 <DIR> d-------- C:\Program Files\gccc
2008-08-01 00:27 . 2008-08-01 00:27 <DIR> d-------- C:\Program Files\Gabest
2008-07-31 02:14 . 2008-07-31 02:14 <DIR> d-------- C:\Program Files\iTunes
2008-07-31 02:14 . 2008-07-31 02:14 <DIR> d-------- C:\Program Files\iPod
2008-07-31 02:13 . 2008-07-31 02:13 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-07-30 06:02 . 2008-08-02 22:21 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-07-29 06:27 . 2008-07-29 06:27 0 --------- C:\WINDOWS\WB.ini
2008-07-29 06:25 . 2008-07-29 06:25 <DIR> d-------- C:\Program Files\Stardock
2008-07-29 06:25 . 2008-04-26 16:14 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2008-07-28 04:28 ...

but desktop still keeps crashing when i open folders too fast. :( no change.