Options
Computer on the fritz! (and I can't figure out what's wrong.. virus,spyware,etc..) =(
Good afternoon, and thank you for taking the time to read my thread. For about 3-4 days now I have been experiencing some strange problems with my computer that seems to be of a "graphics" nature. I'm not sure what the problem with my computer is. I'm not sure if it's a virus/spyware problem, if it might be something wrong with my graphics card/driver, or what the problem might be. Hopefully can you help me figure out what's wrong with my computer? Here are the symptoms of what's wrong with my computer.
1) The screen resolution has a tendency to change alot (most of the time it goes down to the very lowest setting with 8bit color and everything looks big and "weird", or if I "play around" (<--see "*" below) with the settings, I can manage to get everything looking ok, but everything (icons, etc..) looks very small. The "small setting" lasts until I turn the computer off or the screen blacks out (and I have to restart the computer), and then it's back to the "weird setting"... It seems to change whenever I shut down my computer and restart it, and whenever I'm using my computer, there's a random chance that the screen resolution switches to the "weird" setting.
(*-When I say "play around", I mean under Display Properties> Setting Tab> I pressed the "Troubleshoot" button, in an effort to try to figure out what was going on. After reading that, I went back to the "settings tab" and pressed the "advanced" button, under the "troubleshoot" tab", I "played with" the Hardware Acceleration Rate and the Enable write combining box (you can "check" or "uncheck") along with the screen resolution and bit color rate, until I can get the graphics back to as close as normal as possible (sometimes this isn't possible, and when I can do it, eventually "something happens" and I start experiencing problems again.) By the way, what does adjusting the "Hardware Acceleration Rate" and checking the "Enable write combining" box do?
2a.)There appears to be a small chance that whenever I'm using my computer, the screen will just turn black. I can't see anything, but the color black on the computer screen. The CPU is still on (the computer hasn't turned itself off), but all I'm getting on the screen is the color black. The only way I can remedy this (so far), is to turn off my computer, wait a few minutes, and turn it back on. Then pray that the computer screen will be readable once more.
2b.)Sometimes the "black screen" doesn't turn everything black at once. Sometimes it is a gradual thing, and might turn parts (like some of the toolbars, maybe the clock first, maybe the taskbar, etc.) of whatever application I'm using (IE, Word, Windows, etc..) black. In the process, everything I'm doing becomes extremely slow, to the point of "freezing" (it had froze once or twice, but not constantly), but doesn't quite freeze up. Because even though I can't see the mouse move (if I right click the mouse, I can see a "little menu" "struggling" to show up (it's very faint)). Even though the computer is not frozen, it might as well be, because it's very difficult, and sometimes impossible, to exit the applications I'm in and exit windows normally. Sometimes I have no choice but to use the "power button" to escape.
3) Whenever I turn my computer on and it boots up, every now and then, before the "Windows XP" screen runs and before the computer asks me for my windows password, it goes into a brief "0 mode". Instead of seeing the normal list of files (or whatever that list is, files, "code", etc.., that flies by my face whenever I start my computer), I see a bunch "0"s that fill up most of the screen and it seems like they're working their way down my screen, as more "0"s appear at the top. For example (my screen below):
000000 0000000 00000 0000 00 00 0000000 00000000
00000000000 000000 00000 0 000 00000 000000000
00 0000 0000 00000 000000000000 000000000
00000 000000000000000 000 000000000 00
000000000 00000000000 0000000 0000000000
00000000000000000000 0000000000000000000000
(they scroll down my computer screen, etc.)
4) Another thing I found weird. Whenever I tried going into "safe mode" by rebooting and pressing F8 (I think that's what it was...), I've noticed something strange. Normally a list of options appears after you successfully executed the reboot F8 command. One of those options being "Go into safe mode" (or a list option, you can choose, that says something similar to that...). Anyway, sometimes the "options", on the list, are misspelled and sometimes the letters "change" themselves right before my eyes (into other letters), so it's really hard to read and figure out what some of those options are!! I've only witnessed this "changing letters" thing in the "menu" leading into safe mode...
After reading various threads in this forum, I followed the directions of the following thread (link below) and the results (and various nores) are posted below that:
http://www.short-media.com/forum/showthread.php?t=43902
Notes:
1) Ad-Aware didn't detect any threats.
2) Spybot Search and Destroy found the following "Red entry threats", but for some reason, they couldn't be fixed by Spybot.
-CoolWWWSearch.Toolband
-CoolWWWSearch.Badzonemap
-CoolWWWSearch.Leftovers
-CoolWWWSearch.Mupdate
-Smitfraud-C.
(The first four couldn't be removed with the updated CWShredder either.)
3) When trying to use "Bitdefender Online Scanner", it told me that it couldn't update the virus definitions files, and it also said that, because of this, it wouldn't be able to give me accurate results. So I skipped this one.
The Results of the "Panda Active Scan"-
Incident Status Location
Adware:Adware/VirtualBouncer -Not disinfected - C:\WINDOWS\system32\BO2802040128.exe
Adware:adware/keenvalue -Not disinfected -C:\WINDOWS\system32\drivers\etc\hosts.bho
Adware:adware/virtualbouncer -Not disinfected -C:\WINDOWS\system32\INNERADINSTALL.LOG
Adware:adware/24-7-search -Not disinfected -C:\WINDOWS\system32\unPPC.exe
(Note: I added the "-"s before the "Not"s and the "C:\...."s to make it easier for you to read.)
The Results of "Kaspersky Online Virus Scan"-
They didn't find anything. I couldn't find an option to "save as text", but that was the result.
Below is my Hijackthislog-
Logfile of HijackThis v1.99.1
Scan saved at 11:53:47 AM, on 4/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PeoplePC\ISP6230\Browser\Bartshel.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\PeoplePC\ISP6230\Browser\PPShared.exe
C:\Hijackthis\HijackThis1991.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - c:\program files\peoplepc\toolbar\PPCToolbar.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - c:\program files\peoplepc\toolbar\PPCToolbar.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6230\BIN\PPCOLink.exe -STATION
O4 - HKLM\..\Run: [Propel Accelerator] "C:\PROGRA~1\PEOPLE~1\PropelAC.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144171455297
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
I'm not sure if you want me to attach the 2 documents resulting from the scans (my "panda results" and HJTLog), so I attached them just in case.
Thank you for taking the time to read this thread and thank you in advance for trying to help me solve my computer problems. I really appreciate everyone's help and input on this computer problem.
Thank you again,
Runlikethewind78
1) The screen resolution has a tendency to change alot (most of the time it goes down to the very lowest setting with 8bit color and everything looks big and "weird", or if I "play around" (<--see "*" below) with the settings, I can manage to get everything looking ok, but everything (icons, etc..) looks very small. The "small setting" lasts until I turn the computer off or the screen blacks out (and I have to restart the computer), and then it's back to the "weird setting"... It seems to change whenever I shut down my computer and restart it, and whenever I'm using my computer, there's a random chance that the screen resolution switches to the "weird" setting.
(*-When I say "play around", I mean under Display Properties> Setting Tab> I pressed the "Troubleshoot" button, in an effort to try to figure out what was going on. After reading that, I went back to the "settings tab" and pressed the "advanced" button, under the "troubleshoot" tab", I "played with" the Hardware Acceleration Rate and the Enable write combining box (you can "check" or "uncheck") along with the screen resolution and bit color rate, until I can get the graphics back to as close as normal as possible (sometimes this isn't possible, and when I can do it, eventually "something happens" and I start experiencing problems again.) By the way, what does adjusting the "Hardware Acceleration Rate" and checking the "Enable write combining" box do?
2a.)There appears to be a small chance that whenever I'm using my computer, the screen will just turn black. I can't see anything, but the color black on the computer screen. The CPU is still on (the computer hasn't turned itself off), but all I'm getting on the screen is the color black. The only way I can remedy this (so far), is to turn off my computer, wait a few minutes, and turn it back on. Then pray that the computer screen will be readable once more.
2b.)Sometimes the "black screen" doesn't turn everything black at once. Sometimes it is a gradual thing, and might turn parts (like some of the toolbars, maybe the clock first, maybe the taskbar, etc.) of whatever application I'm using (IE, Word, Windows, etc..) black. In the process, everything I'm doing becomes extremely slow, to the point of "freezing" (it had froze once or twice, but not constantly), but doesn't quite freeze up. Because even though I can't see the mouse move (if I right click the mouse, I can see a "little menu" "struggling" to show up (it's very faint)). Even though the computer is not frozen, it might as well be, because it's very difficult, and sometimes impossible, to exit the applications I'm in and exit windows normally. Sometimes I have no choice but to use the "power button" to escape.
3) Whenever I turn my computer on and it boots up, every now and then, before the "Windows XP" screen runs and before the computer asks me for my windows password, it goes into a brief "0 mode". Instead of seeing the normal list of files (or whatever that list is, files, "code", etc.., that flies by my face whenever I start my computer), I see a bunch "0"s that fill up most of the screen and it seems like they're working their way down my screen, as more "0"s appear at the top. For example (my screen below):
000000 0000000 00000 0000 00 00 0000000 00000000
00000000000 000000 00000 0 000 00000 000000000
00 0000 0000 00000 000000000000 000000000
00000 000000000000000 000 000000000 00
000000000 00000000000 0000000 0000000000
00000000000000000000 0000000000000000000000
(they scroll down my computer screen, etc.)
4) Another thing I found weird. Whenever I tried going into "safe mode" by rebooting and pressing F8 (I think that's what it was...), I've noticed something strange. Normally a list of options appears after you successfully executed the reboot F8 command. One of those options being "Go into safe mode" (or a list option, you can choose, that says something similar to that...). Anyway, sometimes the "options", on the list, are misspelled and sometimes the letters "change" themselves right before my eyes (into other letters), so it's really hard to read and figure out what some of those options are!! I've only witnessed this "changing letters" thing in the "menu" leading into safe mode...
After reading various threads in this forum, I followed the directions of the following thread (link below) and the results (and various nores) are posted below that:
http://www.short-media.com/forum/showthread.php?t=43902
Notes:
1) Ad-Aware didn't detect any threats.
2) Spybot Search and Destroy found the following "Red entry threats", but for some reason, they couldn't be fixed by Spybot.
-CoolWWWSearch.Toolband
-CoolWWWSearch.Badzonemap
-CoolWWWSearch.Leftovers
-CoolWWWSearch.Mupdate
-Smitfraud-C.
(The first four couldn't be removed with the updated CWShredder either.)
3) When trying to use "Bitdefender Online Scanner", it told me that it couldn't update the virus definitions files, and it also said that, because of this, it wouldn't be able to give me accurate results. So I skipped this one.
The Results of the "Panda Active Scan"-
Incident Status Location
Adware:Adware/VirtualBouncer -Not disinfected - C:\WINDOWS\system32\BO2802040128.exe
Adware:adware/keenvalue -Not disinfected -C:\WINDOWS\system32\drivers\etc\hosts.bho
Adware:adware/virtualbouncer -Not disinfected -C:\WINDOWS\system32\INNERADINSTALL.LOG
Adware:adware/24-7-search -Not disinfected -C:\WINDOWS\system32\unPPC.exe
(Note: I added the "-"s before the "Not"s and the "C:\...."s to make it easier for you to read.)
The Results of "Kaspersky Online Virus Scan"-
They didn't find anything. I couldn't find an option to "save as text", but that was the result.
Below is my Hijackthislog-
Logfile of HijackThis v1.99.1
Scan saved at 11:53:47 AM, on 4/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PeoplePC\ISP6230\Browser\Bartshel.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\PeoplePC\ISP6230\Browser\PPShared.exe
C:\Hijackthis\HijackThis1991.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - c:\program files\peoplepc\toolbar\PPCToolbar.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - c:\program files\peoplepc\toolbar\PPCToolbar.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6230\BIN\PPCOLink.exe -STATION
O4 - HKLM\..\Run: [Propel Accelerator] "C:\PROGRA~1\PEOPLE~1\PropelAC.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144171455297
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
I'm not sure if you want me to attach the 2 documents resulting from the scans (my "panda results" and HJTLog), so I attached them just in case.
Thank you for taking the time to read this thread and thank you in advance for trying to help me solve my computer problems. I really appreciate everyone's help and input on this computer problem.
Thank you again,
Runlikethewind78
0
Comments
The Spybot entries are nothing to worry about.
By your description, it sounds more like a hardware problem. As you said, it could be your graphics card. I'm not a hardware expert, but lets see if we can get your computer back to normal by removing any malware that might be on it.
1) Can you tell me if you know what PeoplePC is?
2) Go into Add/Remove programs and unintsall VirtualBouncer if it is listed.
Finally,
- Please go to Jotti's malware scan
- Copy and paste the following file path into the "File to upload & scan" box on the top of the page:
- C:\WINDOWS\system32\BO2802040128.exe
- Click on the submit button
- Please post the results in your next reply.
Could you do the same for the following three:C:\WINDOWS\system32\drivers\etc\hosts.bho
C:\WINDOWS\system32\INNERADINSTALL.LOG
C:\WINDOWS\system32\unPPC.exe
On a side note, you don't have to post the files as attachments!
Thanks!
Kewl.
Ok.
People PC is my dialup ISP. It's sort of like a cheap version of AOL, and on the same level as Netscape, Earthlink, etc. (ISPs).
VirtualBouncer wasn't listed.
The results for "C:\WINDOWS\system32\BO2802040128.exe" are below:
Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1
File to upload & scan:
Service
Service load: 0% 100%
File: BO2802040128.exe
Status: INFECTED/MALWARE
MD5 9a427397263fcf98b702af5b5bbc6368
Packers detected: -
Scanner results
AntiVir Found Adware-Spyware/VirtualBouncer.D.5 adware
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found Misc/Virtual
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.VirtualBouncer.d
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found AdWare.Win32.VirtualBouncer.d
The results for "C:\WINDOWS\system32\drivers\etc\hosts.bho" are below:
Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1
File to upload & scan:
Service
Service load: 0% 100%
File: hosts.bho
Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 2839c569ccac2ec8a95ef077699df1e0
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing
The results for "C:\WINDOWS\system32\INNERADINSTALL.LOG" are below:
Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1
File to upload & scan:
Service
Service load: 0% 100%
File: INNERADINSTALL.LOG
Status: OK
MD5 22f29962c7d75f6d7fd1f3fddf79fd7c
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing
The results for "C:\WINDOWS\system32\unPPC.exe" are below:
Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1
File to upload & scan:
Service
Service load: 0% 100%
File: unPPC.exe
Status: OK
MD5 5cf8095b54139da0f67b6295c407a14f
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Ok.
What do you think the problem might be?
You may want to print or save these instructions as you'll have no internet connection.
Please go into Safe Mode. Once in Safe Mode, you will have no internet connection!
We need to view hidden files and folders:
Next, find and delete the following, if found:
C:\WINDOWS\system32\BO2802040128.exe << this file
C:\WINDOWS\system32\INNERADINSTALL.LOG << this file
Reboot back into normal mode!
Open HJT and click click on Open the Misc Tools section
Click on Open hosts file manager and press Open in Notepad
Copy and paste the entire contents here.
Could you go here and scan the following please.
C:\WINDOWS\system32\unPPC.exe
Post the results here.
I found both and deleted them.
Ok. I hope this is correct. It just looks strange.
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
#BEGIN of KL Supertrick (September 24th 2003)
# Kazaa related:
127.0.0.1 desktop.kazaa.com
127.0.0.1 www.altnetp2p.com
127.0.0.1 alpha.kazaa.com
127.0.0.1 shop.kazaa.com
127.0.0.1 www.bonzi.com
127.0.0.1 www.brilliantdigital.com
127.0.0.1 www.b3d.com
127.0.0.1 media.altnet.com
127.0.0.1 www.altnet.com
127.0.0.1 dev.bde.com.au
127.0.0.1 update.kazaa.com
127.0.0.1 bravo.kazaa.com
127.0.0.1 puma.kazaa.com
# Websites involded in Kazaa Lite or other P2P related scams:
127.0.0.1 www.kazaagold.com
127.0.0.1 www.kazaa-gold.com
127.0.0.1 kazaagold.com
127.0.0.1 www.kazaa-download.de
127.0.0.1 www.mp3downloadhq.com
127.0.0.1 www.easymusicdownload.com
127.0.0.1 easymusicdownload.com
127.0.0.1 www.mp3madeeasy.com
127.0.0.1 www.monstershare.com
127.0.0.1 monstershare.com
127.0.0.1 www.kazaa-plus.net
127.0.0.1 kazaa-plus.net
127.0.0.1 www.kazaa-plus.com
127.0.0.1 www.edonkey.com
127.0.0.1 www.kazaa-file-sharing-downloads.com
127.0.0.1 www.kazaaplatinum.com
127.0.0.1 www.madeformusic.com
127.0.0.1 www.ikazaa.net
127.0.0.1 ikazaa.net
127.0.0.1 www.mp3u.com
127.0.0.1 www.mp3specialty.com
127.0.0.1 music-download-world.com
127.0.0.1 song-download-world.com
127.0.0.1 www.flixs.net
127.0.0.1 www.ishareit.net
127.0.0.1 www.ishareit.com
127.0.0.1 www.download-doctor.com
127.0.0.1 www.ezmp3download.com
127.0.0.1 www.kazaamedia.com
127.0.0.1 mp3-network.com
127.0.0.1 www.mp3-network.com
127.0.0.1 www.mp3grandcentral.net
127.0.0.1 www.mp333.com
127.0.0.1 www.kazaamate.com
127.0.0.1 www.emule.biz
127.0.0.1 www.kazaam8.tk
127.0.0.1 www.rippro.com
127.0.0.1 www.kaaza.com
127.0.0.1 secure.Webstartz.com
127.0.0.1 www.kazaalite.de
127.0.0.1 www.kazza.de
127.0.0.1 kazza.com
127.0.0.1 www.kazaalite.at
127.0.0.1 www.kazaalite.ch
127.0.0.1 www.kazaa-hilfe.de
127.0.0.1 www.edonkey-2000.de
127.0.0.1 www.edonkey-bot.de
127.0.0.1 www.edonkey-edonkey2000.de
127.0.0.1 www.edonkey-hilfe.de
127.0.0.1 www.edonkey-morpheus-forum.de
127.0.0.1 www.emule-hilfe.de
127.0.0.1 www.file-sharing-forum.de
127.0.0.1 www.filesharing-forum.de
127.0.0.1 www.imesh-download.de
127.0.0.1 www.kazaa-kaza.de
127.0.0.1 www.kazaa-lite.info
127.0.0.1 www.kazaa-lite-download.de
127.0.0.1 www.1md.de
127.0.0.1 www.mariodolzer.de
127.0.0.1 www.morpheus-forum.de
127.0.0.1 www.overnet-download.de
127.0.0.1 www.overnet-hilfe.de
127.0.0.1 www.winmx-download.de
127.0.0.1 www.winmx-hilfe.de
127.0.0.1 www.download-und-hilfe.de
127.0.0.1 www.filesharing-hilfe-forum.de
127.0.0.1 www.musik-download.biz
127.0.0.1 www.mp3downloads.ch
127.0.0.1 www.songfly.com
127.0.0.1 www.kazaa.nl
127.0.0.1 1stsoftwaredownloads.com
127.0.0.1 morpheus-download-morpheus.com
127.0.0.1 www.icisnet.org
127.0.0.1 software.global-netcom.de
127.0.0.1 www.filesharing-download.de
127.0.0.1 www.p2p.tm
127.0.0.1 www.filesharing-center.de
127.0.0.1 www.filesharing-tools.de
127.0.0.1 kazaa-download-kazaa.com
127.0.0.1 www.interscilsa.com
127.0.0.1 www.dvd-download-free.com
127.0.0.1 www.howtominibooks.com
127.0.0.1 www.internetmovies.com
127.0.0.1 www.rippro.net
127.0.0.1 www.musicmoviesbooks.com
127.0.0.1 www.kazaalite.org
127.0.0.1 www.getmp3music.com
127.0.0.1 www1.ishareit.com
127.0.0.1 www.filesharing-software.de
127.0.0.1 www.firewarez.com
127.0.0.1 www.k-lite.co.uk
127.0.0.1 kazzaa.info
127.0.0.1 www.morpheusp2p.com
127.0.0.1 www.mudima.com
127.0.0.1 www.download-central.com
127.0.0.1 kazaaplatinum.com
127.0.0.1 www.dingosoft.net
127.0.0.1 www.kazaa-advance.com
127.0.0.1 www.downloads-unlimited.com
127.0.0.1 klserver.port5.com
127.0.0.1 rippro.net
127.0.0.1 www.findkazaalite.com
127.0.0.1 www.freegoldkazaa.com
127.0.0.1 www.freekazaalite.com
127.0.0.1 www.kazaalitekpp.com
127.0.0.1 kazaa.filez.ws
127.0.0.1 www.kazaalite-download.com
# Adservers and other crappy sites
127.0.0.1 www.every.biz
127.0.0.1 123banners.com
127.0.0.1 ad.adsmart.net
127.0.0.1 ad.ca.doubleclick.net
127.0.0.1 ad.de.doubleclick.net
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.es.doubleclick.net
127.0.0.1 ad.fr.doubleclick.net
127.0.0.1 ad.free6.com
127.0.0.1 ad.it.doubleclick.net
127.0.0.1 ad.iwin.com
127.0.0.1 ad.jp.doubleclick.net
127.0.0.1 ad.kr.doubleclick.net
127.0.0.1 ad.linkexchange.com
127.0.0.1 ad.linksynergy.com
127.0.0.1 ad.nl.doubleclick.net
127.0.0.1 ad.no.doubleclick.net
127.0.0.1 ad.preferences.com
127.0.0.1 ad.se.doubleclick.net
127.0.0.1 ad.sma.punto.net
127.0.0.1 ad.trafficmp.com
127.0.0.1 ad.uk.doubleclick.net
127.0.0.1 ad.webprovider.com
127.0.0.1 ad08.focalink.com
127.0.0.1 ad1.adcept.net
127.0.0.1 ad1.icorp.net
127.0.0.1 ad1.looksmart.com
127.0.0.1 ad1.peel.com
127.0.0.1 ad2.adcept.net
127.0.0.1 ad2.looksmart.com
127.0.0.1 ad2.peel.com
127.0.0.1 ad3.adcept.net
127.0.0.1 ad3.peel.com
127.0.0.1 ad4.peel.com
127.0.0.1 ad-adex3.flycast.com
127.0.0.1 adcontroller.unicast.com
127.0.0.1 adcreatives.imaginemedia.com
127.0.0.1 addb.looksmart.com
127.0.0.1 adevents.msn.com
127.0.0.1 adex3.flycast.com
127.0.0.1 adfarm.mediaplex.com
127.0.0.1 adforce.ads.imgis.com
127.0.0.1 adforce.imgis.com
127.0.0.1 adfu.blockstackers.com
127.0.0.1 adimage.blm.net
127.0.0.1 adimages.earthweb.com
127.0.0.1 adimages.go.com
127.0.0.1 adimages.imaginemedia.com
127.0.0.1 adimg.egroups.com
127.0.0.1 admedia.xoom.com
127.0.0.1 admonitor.net
127.0.0.1 adpick.switchboard.com
127.0.0.1 adproject.net
127.0.0.1 adremote.pathfinder.com
127.0.0.1 adres.internet.com
127.0.0.1 ads.adflight.com
127.0.0.1 ads.ad-flow.com
127.0.0.1 ads.admaximize.com
127.0.0.1 ads.admonitor.net
127.0.0.1 ads.adroar.com
127.0.0.1 ads.astalavista.us
127.0.0.1 ads.bfast.com
127.0.0.1 ads.box.sk
127.0.0.1 ads.burstnet.com
127.0.0.1 ads.cdfreaks.com
127.0.0.1 ads.chrbanner.com
127.0.0.1 ads.clickagents.com
127.0.0.1 ads.clickhouse.com
127.0.0.1 ads.dai.net
127.0.0.1 ads.datais.com
127.0.0.1 ads.enliven.com
127.0.0.1 ads.eu.msn.com
127.0.0.1 ads.fairfax.com.au
127.0.0.1 ads.fool.com
127.0.0.1 ads.fortunecity.com
127.0.0.1 ads.fortunecity.fr
127.0.0.1 ads.freeze.com
127.0.0.1 ads.freshmeat.net
127.0.0.1 ads.god.co.uk
127.0.0.1 ads.guardianunlimited.co.uk
127.0.0.1 ads.hitcents.com
127.0.0.1 ads.hollywood.com
127.0.0.1 ads.i12.de
127.0.0.1 ads.i33.com
127.0.0.1 ads.ign.com
127.0.0.1 ads.imaginemedia.com
127.0.0.1 ads.indya.com
127.0.0.1 ads.infi.net
127.0.0.1 ads.irover.com
127.0.0.1 ads.ixo.com
127.0.0.1 ads.jpost.com
127.0.0.1 ads.jwtt3.com
127.0.0.1 ads.killerapp.com
127.0.0.1 ads.link4ads.com
127.0.0.1 ads.linksponsor.com
127.0.0.1 ads.looksmart.com
127.0.0.1 ads.lycos.com
127.0.0.1 ads.lycos.de
127.0.0.1 ads.madison.com
127.0.0.1 ads.mediaodyssey.com
127.0.0.1 ads.mediaturf.net
127.0.0.1 ads.msn.com
127.0.0.1 ads.musiccity.com
127.0.0.1 ads.netomia.com
127.0.0.1 ads.netpumper.com
127.0.0.1 ads.newcity.com
127.0.0.1 ads.newcitynet.com
127.0.0.1 ads.ninemsn.com.au
127.0.0.1 ads.rediff.com
127.0.0.1 ads.satyamonline.com
127.0.0.1 ads.seattletimes.com
127.0.0.1 ads.smartclicks.com
127.0.0.1 ads.smartclicks.net
127.0.0.1 ads.sptimes.com
127.0.0.1 ads.startpath.com
127.0.0.1 ads.station.sony.com
127.0.0.1 ads.tiscali.fr
127.0.0.1 ads.tripod.com
127.0.0.1 ads.tucows.com
127.0.0.1 ads.vcommunities.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ads.x10.com
127.0.0.1 ads.xtra.co.nz
127.0.0.1 ads.zdnet.com
127.0.0.1 ads01.focalink.com
127.0.0.1 ads02.focalink.com
127.0.0.1 ads03.focalink.com
127.0.0.1 ads04.focalink.com
127.0.0.1 ads05.focalink.com
127.0.0.1 ads06.focalink.com
127.0.0.1 ads07.focalink.com
127.0.0.1 ads08.focalink.com
127.0.0.1 ads09.focalink.com
127.0.0.1 ads1.activeagent.at
127.0.0.1 ads1.ad-flow.com
127.0.0.1 ads1.speedbit.com
127.0.0.1 ads10.focalink.com
127.0.0.1 ads11.focalink.com
127.0.0.1 ads12.focalink.com
127.0.0.1 ads13.focalink.com
127.0.0.1 ads14.focalink.com
127.0.0.1 ads15.focalink.com
127.0.0.1 ads16.focalink.com
127.0.0.1 ads17.focalink.com
127.0.0.1 ads18.focalink.com
127.0.0.1 ads19.focalink.com
127.0.0.1 ads2.speedbit.com
127.0.0.1 ads2.zdnet.com
127.0.0.1 ads20.focalink.com
127.0.0.1 ads21.focalink.com
127.0.0.1 ads22.focalink.com
127.0.0.1 ads23.focalink.com
127.0.0.1 ads24.focalink.com
127.0.0.1 ads25.focalink.com
127.0.0.1 ads3.speedbit.com
127.0.0.1 ads3.zdnet.com
127.0.0.1 ads4.speedbit.com
127.0.0.1 ads5.gamecity.net
127.0.0.1 ads5.speedbit.com
127.0.0.1 ads6.speedbit.com
127.0.0.1 ads7.speedbit.com
127.0.0.1 ads8.speedbit.com
127.0.0.1 adserv.bravenet.com
127.0.0.1 adserv.iafrica.com
127.0.0.1 adserv.internetfuel.com
127.0.0.1 adserv.quality-channel.de
127.0.0.1 adserver.adtech.de
127.0.0.1 adserver.affiliation.com
127.0.0.1 adserver.akqa.net
127.0.0.1 adserver.dbusiness.com
127.0.0.1 adserver.directforce.net
127.0.0.1 adserver.garden.com
127.0.0.1 adserver.gorillanation.com
127.0.0.1 adserver.humanux.com
127.0.0.1 adserver.imaginemedia.com
127.0.0.1 adserver.isonews.com
127.0.0.1 adserver.janes.com
127.0.0.1 adserver.lunarpages.com
127.0.0.1 adserver.merc.com
127.0.0.1 adserver.monster.com
127.0.0.1 adserver.track-star.com
127.0.0.1 adserver.tweakers.net
127.0.0.1 adserver.ugo.com
127.0.0.1 adserver.webads.nl
127.0.0.1 adserver1.ogilvy-interactive.de
127.0.0.1 adserver2.imaginemedia.com
127.0.0.1 adsubstract
127.0.0.1 ads-ussj1.focalink.com
127.0.0.1 adtegrity.spinbox.net
127.0.0.1 adulttds.com
127.0.0.1 aglink.mircx.com
127.0.0.1 antfarm-ad.flycast.com
127.0.0.1 asm3.z1.adserver.com
127.0.0.1 au.ads.link4ads.com
127.0.0.1 bach.aureate.com
127.0.0.1 badservant.guj.de
127.0.0.1 banner.50megs.com
127.0.0.1 banner.adverity.com
127.0.0.1 banner.commissionpartner.com
127.0.0.1 banner.de
127.0.0.1 banner.easyspace.com
127.0.0.1 banner.free6.com
127.0.0.1 banner.i-3.de
127.0.0.1 banner.media-system.de
127.0.0.1 banner.orb.net
127.0.0.1 banner.relcom.ru
127.0.0.1 bannerad.ipgnet.com
127.0.0.1 bannerads.de
127.0.0.1 bannerfarm.ace.advertising.com
127.0.0.1 bannerimages.0catch.com
127.0.0.1 bannermaster.geektech.com
127.0.0.1 banner-net.com
127.0.0.1 bannerpower.com
127.0.0.1 banners.adultfriendfinder.com
127.0.0.1 banners.easydns.com
127.0.0.1 banners.free6.com
127.0.0.1 banners.hotlinks.net
127.0.0.1 banners.looksmart.com
127.0.0.1 banners.nextcard.com
127.0.0.1 banners.pennyweb.com
127.0.0.1 banners.valuead.com
127.0.0.1 banners.webmasterplan.com
127.0.0.1 banners.wunderground.com
127.0.0.1 bannervip.webjump.com
127.0.0.1 banzai.moodlogic.com
127.0.0.1 barnesandnoble.bfast.com
127.0.0.1 beseen.com
127.0.0.1 beseen.looksmart.com
127.0.0.1 beseen5.looksmart.com
127.0.0.1 beseenad.looksmart.com
127.0.0.1 beseenad1.looksmart.com
127.0.0.1 beseenad2.looksmart.com
127.0.0.1 beseenad3.looksmart.com
127.0.0.1 beseenadx.looksmart.com
127.0.0.1 bfast.com
127.0.0.1 bins.lop.com
127.0.0.1 bizad.nikkeibp.co.jp
127.0.0.1 bn.bfast.com
127.0.0.1 botw.topbucks.com
127.0.0.1 bsads.looksmart.com
127.0.0.1 by.advertising.com
127.0.0.1 c1.thecounter.com
127.0.0.1 c2.thecounter.com
127.0.0.1 c3.xxxcounter.com
127.0.0.1 califia.imaginemedia.com
127.0.0.1 cash4banner.com
127.0.0.1 cash4banner.de
127.0.0.1 cds.mediaplex.com
127.0.0.1 cgi.sexlist.com
127.0.0.1 click.avenuea.com
127.0.0.1 click.go2net.com
127.0.0.1 click.linksynergy.com
127.0.0.1 clickagents.com
127.0.0.1 clicks.about.com
127.0.0.1 clicks.nastydollars.com
127.0.0.1 clicks.oxcash.com
127.0.0.1 clit5.sextracker.com
127.0.0.1 code02.pbtech.net
127.0.0.1 commonwealth.riddler.com
127.0.0.1 connect.online-dialer.com
127.0.0.1 cookies.cmpnet.com
127.0.0.1 cornflakes.pathfinder.com
127.0.0.1 counter.hitbox.com
127.0.0.1 counter1.sextracker.com
127.0.0.1 counter10.sextracker.com
127.0.0.1 counter11.sextracker.com
127.0.0.1 counter12.sextracker.com
127.0.0.1 counter13.sextracker.com
127.0.0.1 counter14.sextracker.com
127.0.0.1 counter15.sextracker.com
127.0.0.1 counter16.sextracker.com
127.0.0.1 counter2.sextracker.com
127.0.0.1 counter3.sextracker.com
127.0.0.1 counter4.sextracker.com
127.0.0.1 counter5.sextracker.com
127.0.0.1 counter6.sextracker.com
127.0.0.1 counter7.sextracker.com
127.0.0.1 counter8.sextracker.com
127.0.0.1 counter9.sextracker.com
127.0.0.1 crs.akamai.com
127.0.0.1 crux.songline.com
127.0.0.1 ct.iac-online.de
127.0.0.1 de.netstatpro.net
127.0.0.1 desktop.grokster.com
127.0.0.1 dialer.offshoreclicks.com
127.0.0.1 doubleclick.net
127.0.0.1 download1.0190-dialer.com
127.0.0.1 download1.libereco.net
127.0.0.1 download2.0190-dialer.com
127.0.0.1 econnect.libereco.net
127.0.0.1 ehg.hitbox.com
127.0.0.1 ehg-commjun.hitbox.com
127.0.0.1 erie.smartage.com
127.0.0.1 etad.telegraph.co.uk
127.0.0.1 everyone.net
127.0.0.1 exchange-it.com
127.0.0.1 exitfuel.com
127.0.0.1 exitmoney.com
127.0.0.1 fast.mediacharger.com
127.0.0.1 focalink.com
127.0.0.1 fp.valueclick.com
127.0.0.1 fragmentserv.iac-online.de
127.0.0.1 free.****-portal.com
127.0.0.1 freeadultlottery.com
127.0.0.1 freeasiahardcore.com
127.0.0.1 freebieclub.com
127.0.0.1 freebigcocks.net
127.0.0.1 freecelebnudity.com
127.0.0.1 freefarmpics.com
127.0.0.1 freegaybears.net
127.0.0.1 freegaylottery.com
127.0.0.1 freenaughtyteens.com
127.0.0.1 freepass.elitecities.com
127.0.0.1 fs.dai.net
127.0.0.1 gadgeteer.pdamart.com
127.0.0.1 global.msads.net
127.0.0.1 gm.preferences.com
127.0.0.1 go.ezgreen.com
127.0.0.1 got2goshop.com
127.0.0.1 goto.trafficmultiplier.com
127.0.0.1 gp.dejanews.com
127.0.0.1 hacker-spider.de
127.0.0.1 hc2.humanclick.com
127.0.0.1 hg1.hitbox.com
127.0.0.1 hit.hotlog.ru
127.0.0.1 hitbox.com
127.0.0.1 hitmatic.com
127.0.0.1 hitsfrom.popuprush.com
127.0.0.1 hotfreewebcams.com
127.0.0.1 hypercount.com
127.0.0.1 ifcol.exitfuel.com
127.0.0.1 image.click2net.com
127.0.0.1 image.eimg.com
127.0.0.1 images.sexlist.com
127.0.0.1 images2.nytimes.com
127.0.0.1 imageserv.adtech.de
127.0.0.1 img.lop.com
127.0.0.1 img.mediaplex.com
127.0.0.1 impnl.tradedoubler.com
127.0.0.1 internetfuel.com
127.0.0.1 itn.adbureau.net
127.0.0.1 jcms.cydoor.com
127.0.0.1 jeeves.flycast.com
127.0.0.1 jobkeys.ngadcenter.net
127.0.0.1 kansas.valueclick.com
127.0.0.1 leader.linkexchange.com
127.0.0.1 linkbuddies.com
127.0.0.1 liquidad.narrowcastmedia.com
127.0.0.1 liveadvert.com
127.0.0.1 ln.doubleclick.net
127.0.0.1 looksmartclicks.com
127.0.0.1 lop.com
127.0.0.1 lsads.looksmart.com.au
127.0.0.1 m.doubleclick.net
127.0.0.1 macaddictads.snv.futurenet.com
127.0.0.1 marketing-internet.com
127.0.0.1 maxexp.com
127.0.0.1 maximumcash.com
127.0.0.1 maximumpcads.imaginemedia.com
127.0.0.1 media.carpediem.fr
127.0.0.1 media.expedia.com
127.0.0.1 media.fastclick.net
127.0.0.1 media.popuptraffic.com
127.0.0.1 media.preferences.com
127.0.0.1 media20.fastclick.net
127.0.0.1 mediacharger.com
127.0.0.1 mediamgr.ugo.com
127.0.0.1 mediaplex.com
127.0.0.1 megacash.de
127.0.0.1 megawebcams.tv
127.0.0.1 mercury.rmuk.co.uk
127.0.0.1 millenium-hitz.com
127.0.0.1 mjxads.internet.com
127.0.0.1 mojofarm.sjc.mediaplex.com
127.0.0.1 monitor.looksmart.com
127.0.0.1 monsterhitz.to
127.0.0.1 musiccity.streamcastnetwork.com
127.0.0.1 n24.de
127.0.0.1 nbc.adbureau.net
127.0.0.1 network.realmedia.com
127.0.0.1 newads.cmpnet.com
127.0.0.1 newsticker.shortnews.de
127.0.0.1 ng3.ads.warnerbros.com
127.0.0.1 ngads.smartage.com
127.0.0.1 nitrous.exitfuel.com
127.0.0.1 nsads.hotwired.com
127.0.0.1 ntbanner.digitalriver.com
127.0.0.1 oad.realmedia.com
127.0.0.1 oas.benchmark.fr
127.0.0.1 onresponse.com
127.0.0.1 oz.valueclick.com
127.0.0.1 p.wtlive.com
127.0.0.1 paycounter.com
127.0.0.1 ph-ad04.focalink.com
127.0.0.1 ph-ad05.focalink.com
127.0.0.1 ph-ad07.focalink.com
127.0.0.1 ph-ad16.focalink.com
127.0.0.1 ph-ad17.focalink.com
127.0.0.1 ph-ad18.focalink.com
127.0.0.1 php.offshoreclicks.com
127.0.0.1 pluto.beseen.com
127.0.0.1 pop.mircx.com
127.0.0.1 popup.found404.com
127.0.0.1 porn-attack.com
127.0.0.1 portal.hostultra.com
127.0.0.1 proxy.ladot.com
127.0.0.1 pub.epiknet.org
127.0.0.1 pub.infiniland.com
127.0.0.1 pub.ketix.com
127.0.0.1 pub.telmedia.fr
127.0.0.1 pub.weborama.fr
127.0.0.1 publish.hometown.aol.co.uk
127.0.0.1 realads.realmedia.com
127.0.0.1 redherring.ngadcenter.net
127.0.0.1 redirect.click2net.com
127.0.0.1 redirect.iac-online.de
127.0.0.1 regio.adlink.de
127.0.0.1 ResponseMedia-ad.flycast.com
127.0.0.1 retaildirect.realmedia.com
127.0.0.1 rmads.eu.msn.com
127.0.0.1 rs.webmasterplan.com
127.0.0.1 s0.bluestreak.com
127.0.0.1 s1.bluestreak.com
127.0.0.1 s2.bluestreak.com
127.0.0.1 s2.focalink.com
127.0.0.1 s3.bluestreak.com
127.0.0.1 s4.bluestreak.com
127.0.0.1 s5.bluestreak.com
127.0.0.1 s6.bluestreak.com
127.0.0.1 s7.bluestreak.com
127.0.0.1 s8.bluestreak.com
127.0.0.1 sbee.com
127.0.0.1 script.weborama.fr
127.0.0.1 search.kazaa.com
127.0.0.1 secserv.imgis.com
127.0.0.1 servedby.advertising.com
127.0.0.1 servedby.advertwizard.com
127.0.0.1 server.hamster.com
127.0.0.1 server-uk.imrworldwide.com
127.0.0.1 sexpromote.com
127.0.0.1 sextracker.com
127.0.0.1 sh4banner.de
127.0.0.1 sh4sure-images.adbureau.net
127.0.0.1 shop.freepush.com
127.0.0.1 shortwin.de
127.0.0.1 specialoffers.aol.com
127.0.0.1 spezialreporte.de
127.0.0.1 spin.spinbox.net
127.0.0.1 sprinks-clicks.about.com
127.0.0.1 spylog.com
127.0.0.1 srv1.bannercommunity.de
127.0.0.1 srv2.bannercommunity.de
127.0.0.1 srv3.bannercommunity.de
127.0.0.1 static.admaximize.com
127.0.0.1 stats.superstats.com
127.0.0.1 stats3.porntrack.com
127.0.0.1 statse.webtrendslive.com
127.0.0.1 Suissa-ad.flycast.com
127.0.0.1 survey.proactive.nl
127.0.0.1 sview.avenuea.com
127.0.0.1 t0.extreme-dm.com
127.0.0.1 thinknyc.eu-adcenter.net
127.0.0.1 tour01.bangbus.com
127.0.0.1 tpl1.realtracker.com
127.0.0.1 tracker.clicktrade.com
127.0.0.1 trinityacquisitions.com
127.0.0.1 tsms-ad.tsms.com
127.0.0.1 tuerck.de.counted.com
127.0.0.1 twistedhumor.com
127.0.0.1 ugo.eu-adcenter.net
127.0.0.1 uk1.linksynergy.com
127.0.0.1 uk2.linksynergy.com
127.0.0.1 uk3.linksynergy.com
127.0.0.1 uk4.linksynergy.com
127.0.0.1 uk5.linksynergy.com
127.0.0.1 us.adserver.yahoo.com
127.0.0.1 v0.extreme-dm.com
127.0.0.1 v1.extreme-dm.com
127.0.0.1 valueclick.com
127.0.0.1 van.ads.link4ads.com
127.0.0.1 vant.guj.de
127.0.0.1 venus.goclick.com
127.0.0.1 view.accendo.com
127.0.0.1 view.avenuea.com
127.0.0.1 vis1.sexlist.com
127.0.0.1 vis2.sexlist.com
127.0.0.1 vis3.sexlist.com
127.0.0.1 vis4.sexlist.com
127.0.0.1 vis5.sexlist.com
127.0.0.1 visit.referralware.com
127.0.0.1 visite.weborama.fr
127.0.0.1 VNU.eu-adcenter.net
127.0.0.1 w0.extreme-dm.com
127.0.0.1 w113.hitbox.com
127.0.0.1 w117.hitbox.com
127.0.0.1 w25.hitbox.com
127.0.0.1 web2.deja.com
127.0.0.1 webads.bizservers.com
127.0.0.1 weblist.de
#127.0.0.1 webpdp.gator.com
127.0.0.1 webxprod.qualcomm.com
127.0.0.1 www.0190-dialer.com
127.0.0.1 www.12traffic.de
127.0.0.1 www.1for1.com
127.0.0.1 www.3turtles.com
127.0.0.1 www.404errorpage.com
127.0.0.1 www.7adpower.com
127.0.0.1 www.7host.com
127.0.0.1 www.activeannonce.com
127.0.0.1 www.adbucks.com
127.0.0.1 www.adexit.com
127.0.0.1 www.adexit.de
127.0.0.1 www.adforce.com
127.0.0.1 www.admex.com
127.0.0.1 www.adnetz.net
127.0.0.1 www.adserver.com
127.0.0.1 www.adserver.net
127.0.0.1 www.adsmart.com
127.0.0.1 www.adsmart.net
127.0.0.1 www.adultbizvoice.com
127.0.0.1 www.adultclicks.com
127.0.0.1 www.ad-up.com
127.0.0.1 www.adverity.com
127.0.0.1 www.adverlead.com
127.0.0.1 www.adverline.com
127.0.0.1 www.adverline.fr
127.0.0.1 www.advertising.com
127.0.0.1 www.advertwizard.com
127.0.0.1 www.adviews-sponsor.de
127.0.0.1 www.alexchiu.com
127.0.0.1 www.alladvantage.com
127.0.0.1 www.allclicks.com
127.0.0.1 www.amateur-galleries.com
127.0.0.1 www.amazingpops.com
127.0.0.1 www.at-nude-teens.net
127.0.0.1 www.bannerads.de
127.0.0.1 www.beseen.com
127.0.0.1 www.bfast.com
127.0.0.1 www.boonsolutions.com
127.0.0.1 www.brutalextreme.com
127.0.0.1 www.burstnet.com
127.0.0.1 www.cash1x1.de
127.0.0.1 www.cash2002.de
127.0.0.1 www.cash4banner.com
127.0.0.1 www.cash4banner.de
127.0.0.1 www.cashcount.com
127.0.0.1 www.cashfiesta.com
127.0.0.1 www.cashradio.com
127.0.0.1 www.cashsurfers.com
127.0.0.1 www.casinoglamour.com
127.0.0.1 www.cellularphones.com
127.0.0.1 www.cibleclick.com
127.0.0.1 www.cj.com
127.0.0.1 www.click2sexy.com
127.0.0.1 www.click-fr.com
127.0.0.1 www.clickxchange.com
127.0.0.1 www.clictrafic.com
127.0.0.1 www.coinpromo.com
127.0.0.1 www.cometcursor.com
127.0.0.1 www.cometsystems.net
127.0.0.1 www.commission-junction.com
127.0.0.1 www.cr4.com
127.0.0.1 www.crazypopups.com
127.0.0.1 www.crxwarez.net
127.0.0.1 www.cydoor.com
127.0.0.1 www.daz.com
127.0.0.1 www.dgm2.com
127.0.0.1 www.directvalue.nl
127.0.0.1 www.drawnsex.com
127.0.0.1 www.eads.com
127.0.0.1 www.e-bannerx.com
127.0.0.1 www.eclic.net
127.0.0.1 www.fastclick.net
127.0.0.1 www.fastmetasearch.com
127.0.0.1 www.flycast.co.uk
127.0.0.1 www.flycast.com
127.0.0.1 www.found404.com
127.0.0.1 www.fpctraffic.com
127.0.0.1 www.freeadultlottery.com
127.0.0.1 www.freeasiahardcore.com
127.0.0.1 www.free-banners.com
127.0.0.1 www.freebigcocks.net
127.0.0.1 www.freecelebnudity.com
127.0.0.1 www.freefarmpics.com
127.0.0.1 www.freegaybears.net
127.0.0.1 www.freegaylottery.com
127.0.0.1 www.freenaughtyteens.com
127.0.0.1 www.freestats.com
127.0.0.1 www.frontpagecash.com
127.0.0.1 www.****-portal.com
127.0.0.1 www.gamingclub.com
127.0.0.1 www.gator.co.uk
#127.0.0.1 www.gator.com
127.0.0.1 www.gator.net
127.0.0.1 www.genhit.com
127.0.0.1 www.getsearches.com
127.0.0.1 www.gopopup.com
127.0.0.1 www.greetingwishes.com
127.0.0.1 www.grokster.com
127.0.0.1 www.hardcorepornos.org
127.0.0.1 www.hightrafficads.com
127.0.0.1 www.hit-parade.com
127.0.0.1 www.hitsme.com
127.0.0.1 www.hotfreewebcams.com
127.0.0.1 www.imaginemedia.com
127.0.0.1 www.lastconsole.com
127.0.0.1 www.linkshare.com
127.0.0.1 www.liveadvert.com
127.0.0.1 www.lo-litas.com
127.0.0.1 www.looksmartclicks.com
127.0.0.1 www.lop.com
127.0.0.1 www.lottoforever.com
127.0.0.1 www.mediaplex.com
127.0.0.1 www.megacash.de
127.0.0.1 www.megawebcams.tv
127.0.0.1 www.milfhunter.com
127.0.0.1 www.modchip.com
127.0.0.1 www.mod-chip.com
127.0.0.1 www.money4exit.de
127.0.0.1 www.my-stats.com
127.0.0.1 www.netbroadcaster.com
127.0.0.1 www.netflip.com
127.0.0.1 www.netgravity.com
127.0.0.1 www.newtopsites.com
127.0.0.1 www.nic.co.il
127.0.0.1 www.nudelinkz.com
127.0.0.1 www.oneandonlynetwork.com
127.0.0.1 www.onresponse.com
127.0.0.1 www.paidpopup.de
127.0.0.1 www.piratos.de
127.0.0.1 www.popdown.de
127.0.0.1 www.popupad.net
127.0.0.1 www.popuptraffic.com
127.0.0.1 www.PostMasterBannerNet.com
127.0.0.1 www.prepaidliving.com
127.0.0.1 www.qksrv.net
127.0.0.1 www.qualityhitz.com
127.0.0.1 www.qualypromos.com
127.0.0.1 www.radiate.com
127.0.0.1 www.radiofreecash.com
127.0.0.1 www.rankyou.com
127.0.0.1 www.reference-sexe.com
127.0.0.1 www.sbee.com
127.0.0.1 www.sbvr.com
127.0.0.1 www.searchtraffic.com
127.0.0.1 www.service-url.de
127.0.0.1 www.sexfranco.com
127.0.0.1 www.sexfreelist.com
127.0.0.1 www.sexlist.com
127.0.0.1 www.sexpromote.com
127.0.0.1 www.sexspy.com
127.0.0.1 www.sexstudio24.de
127.0.0.1 www.sextracker.com
127.0.0.1 www.sextraffic.org
127.0.0.1 www.sexyfreehost.com
127.0.0.1 www.sexyplugin.com
127.0.0.1 www.simplecounter.net
127.0.0.1 www.slutzoo.com
127.0.0.1 www.sonixwarez.com
127.0.0.1 www.sponsor2002.de
127.0.0.1 www.targetshop.com
127.0.0.1 www.techiwarehouse.com
127.0.0.1 www.teknosurf.com
127.0.0.1 www.teknosurf2.com
127.0.0.1 www.teknosurf3.com
127.0.0.1 www.theadultwire.com
127.0.0.1 www.topwarez-fr.com
127.0.0.1 www.toys-galleries.com
127.0.0.1 www.trafficbox.net
127.0.0.1 www.trafficmonetizer.com
127.0.0.1 www.unionwarez.com
127.0.0.1 www.valueclick.com
127.0.0.1 www.valuesponsor.com
127.0.0.1 www.warez33.com
127.0.0.1 www.warezfield.com
127.0.0.1 www.web3000.co.uk
127.0.0.1 www.web3000.com
127.0.0.1 www.webads.nl
127.0.0.1 www.webferret.com
127.0.0.1 www.webhancer.com
127.0.0.1 www.webhancer.net
127.0.0.1 www.weblist.de
127.0.0.1 www.websitefinancing.com
127.0.0.1 www.wedoo.com
127.0.0.1 www.win24.de
127.0.0.1 www.wingowin.com
127.0.0.1 www.wtlive.com
127.0.0.1 www.xiti.com
127.0.0.1 www.xpostx.com
127.0.0.1 www.xxxdisplay.com
127.0.0.1 www.xxxfreeamateurs.com
127.0.0.1 www.xxxteenclub.de
127.0.0.1 www.youmakemoney.com
127.0.0.1 www.zeloop.net
127.0.0.1 www2.burstnet.com
127.0.0.1 www2.consumercreditusa.com
127.0.0.1 www3.netgravity.com
127.0.0.1 www4.netgravity.com
127.0.0.1 www4.trix.net
127.0.0.1 www80.valueclick.com
127.0.0.1 xads.infospace.com
127.0.0.1 xads.zedo.com
127.0.0.1 xxxfreeamateurs.com
127.0.0.1 z.extreme-dm.com
127.0.0.1 z0.extreme-dm.com
127.0.0.1 z1.extreme-dm.com
127.0.0.1 zac.netgravity.com
127.0.0.1 img.thebugs.ws
127.0.0.1 pet.thebugs.ws
127.0.0.1 mt45.mtree.com
127.0.0.1 www.porncow.com
127.0.0.1 download.alexa.com
127.0.0.1 count.exit.exchange.com
127.0.0.1 www.classmates.com
127.0.0.1 bidclix.net
127.0.0.1 www.media-ads.org
127.0.0.1 www.aitsafe.com
127.0.0.1 service.bfast.com
127.0.0.1 spweb.whenu.com
127.0.0.1 www.getweathercast.com
127.0.0.1 www.clock-sync.com
127.0.0.1 secure.goodthinxx.com
127.0.0.1 port.goodthinxx.com
127.0.0.1 chochux.offshoreclicks.com
127.0.0.1 go.offshoreclicks.com
127.0.0.1 click.atdmt.com
127.0.0.1 dropcharge.stardialer.de
127.0.0.1 download.stardialer.de
127.0.0.1 www.outwar.com
127.0.0.1 outwar.com
127.0.0.1 www.pornstarguru.com
127.0.0.1 www.popstarwar.com
127.0.0.1 www.monsterwar.net
127.0.0.1 www.gangsterwar.com
127.0.0.1 srch.lop.com
127.0.0.1 clickcash.webpower.com
127.0.0.1 install.serviceurl.de
127.0.0.1 aim1.radiate.com
127.0.0.1 aim2.radiate.com
127.0.0.1 aim3.radiate.com
127.0.0.1 www.flyswat.com
127.0.0.1 www.flyswat.net
127.0.0.1 www.flyswat.org
127.0.0.1 www.flyswat.co.uk
127.0.0.1 www.cometsystems.com
127.0.0.1 www.cometzone.com
127.0.0.1 www.livecursors.com
127.0.0.1 aim1.adsoftware.com
127.0.0.1 aim2.adsoftware.com
127.0.0.1 aim3.adsoftware.com
127.0.0.1 aim4.adsoftware.com
127.0.0.1 aim5.adsoftware.com
127.0.0.1 www.conducent.com
127.0.0.1 www.conducent.co.uk
127.0.0.1 www.mathlogic.com
127.0.0.1 www.adsoftware.com
127.0.0.1 www.gohip.com
127.0.0.1 www.lolitafree.de
127.0.0.1 www.exitblaze.com
127.0.0.1 hop.clickbank.net
127.0.0.1 www.w3exit.com
127.0.0.1 ads.flabber.nl
127.0.0.1 servlets.kliks.nl
127.0.0.1 affiliates.kliks.nl
127.0.0.1 ads.revenue.net
127.0.0.1 pops.freeze.com
127.0.0.1 adlog.com.com
127.0.0.1 ads.techtv.com
127.0.0.1 ads.tripod.lycos.co.uk
127.0.0.1 adserv.happypuppy.com
127.0.0.1 ads.ipowerweb.com
127.0.0.1 www.hitboss.com
127.0.0.1 dbbsrv.com
127.0.0.1 download.globaldialer.net
127.0.0.1 www.passthison.com
127.0.0.1 tafmaster.com
127.0.0.1 www.xtra.fm
127.0.0.1 www.mp3bank.nl
127.0.0.1 www.paypopup.com
#END of KL Supertrick (September 24th 2003)
# Start of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
These are the results (below):
This is a report processed by VirusTotal on 04/06/2006 at 09:16:58 (CET) after scanning the file "unPPC.exe" file.
Antivirus Version Update Result
AntiVir 6.34.0.24 04.06.2006 no virus found
Avast 4.6.695.0 04.03.2006 no virus found
AVG 386 04.05.2006 no virus found
Avira 6.34.0.56 04.06.2006 no virus found
BitDefender 7.2 04.06.2006 no virus found
CAT-QuickHeal 8.00 04.06.2006 (Suspicious) - DNAScan
ClamAV devel-20060202 04.06.2006 no virus found
DrWeb 4.33 04.06.2006 no virus found
eTrust-InoculateIT 23.71.121 04.06.2006 no virus found
eTrust-Vet 12.4.2151 04.06.2006 no virus found
Ewido 3.5 04.05.2006 no virus found
Fortinet 2.71.0.0 04.06.2006 no virus found
F-Prot 3.16c 04.06.2006 no virus found
Ikarus 0.2.59.0 04.05.2006 no virus found
Kaspersky 4.0.2.24 04.06.2006 no virus found
McAfee 4734 04.05.2006 no virus found
NOD32v2 1.1474 04.05.2006 no virus found
Norman 5.90.15 04.05.2006 no virus found
Panda 9.0.0.4 04.05.2006 no virus found
Sophos 4.04.0 04.06.2006 no virus found
Symantec 8.0 04.06.2006 no virus found
TheHacker 5.9.7.125 04.05.2006 no virus found
UNA 1.83 04.05.2006 no virus found
VBA32 3.10.5 04.05.2006 no virus found
Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
When installing the program, under "Additonal Options" uncheck..
- Install background guard
- Install scan via context menu
Once installed, update the definitions to the newest files. Do NOT run a scan yet.Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml
Once in Safe Mode, please run Ewido (Do not use the computer while Ewido is scanning as it will interrupt the scan )
- Click on scanner
- Click Complete System Scan and the scan will begin.
- NOTE: During some scans with ewido it is finding cases of false positives.
- You will need to step through the process of cleaning files one-by-one.
- If ewido detects a file you KNOW to be legitimate, select none as the action.
- DO NOT select "Perform action on all infections"
- If you are unsure of any entry found select none for now.
- When the scan is finished, click the Save report button at the bottom of the screen.
- Save the report to your desktop
Close EwidoRestart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
===============================================
Go here and download then run Silent Runners.vbs. It generates a log, please post the information back in this thread.
If you have a script blocking program, please allow the file to run. It is not malicious.
Below is the information generated by "Silent Runners":
"Silent Runners.vbs", revision 44, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"RealPlayer" = ""C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot" ["RealNetworks, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"vptray" = "C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" ["Symantec Corporation"]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
"ViewMgr" = "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" ["Viewpoint Corporation"]
"zSPGuard" = "c:\program files\pjw\spguard\spguard.exe /s " [file not found]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"Bart Station" = "C:\Program Files\PeoplePC\ISP6230\BIN\PPCOLink.exe -STATION" ["PeoplePC"]
"Propel Accelerator" = ""C:\PROGRA~1\PEOPLE~1\PropelAC.exe"" [file not found]
"Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{4A368E80-174F-4872-96B5-0B27DDD11DB2}\(Default) = "SpywareGuard Download Protection"
-> {HKLM...CLSID} = "SpywareGuardDLBLOCK.CBrowserHelper"
\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\dlprotect.dll" [null data]
{A8FB8EB3-183B-4598-924D-86F0E5E37085}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PeoplePal Toolbar"
\InProcServer32\(Default) = "c:\program files\peoplepc\toolbar\PPCToolbar.dll" ["PeoplePC"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions"
-> {HKLM...CLSID} = "VpshellEx Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{64BC5640-700F-4E7E-8462-D3092DD74B0F}" = "VDMSound LaunchPad"
-> {HKLM...CLSID} = "LaunchPadShellEx Class"
\InProcServer32\(Default) = "C:\Program Files\VDMSound\LaunchPad.dll" [empty string]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{92085AD4-F48A-450D-BD93-B28CC7DF67CE}" = "eBay Toolbar"
-> {HKLM...CLSID} = "eBay Toolbar"
\InProcServer32\(Default) = "C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll" [file not found]
"{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard"
-> {HKLM...CLSID} = "SpywareGuard.Handler"
\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard"
-> {HKLM...CLSID} = "SpywareGuard.Handler"
\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data]
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! NavLogon\DLLName = "C:\WINDOWS\System32\NavLogon.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
-> {HKLM...CLSID} = "VpshellEx Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
-> {HKLM...CLSID} = "VpshellEx Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Startup items in "X" & "All Users" startup folders:
C:\Documents and Settings\Start Menu\Programs\Startup
"SpywareGuard" -> shortcut to: "C:\Program Files\SpywareGuard\sgmain.exe" [null data]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Companion"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll" [file not found]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" [file not found]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
-> {HKLM...CLSID} = "MSN"
\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll" [MS]
"{A8FB8EB3-183B-4598-924D-86F0E5E37085}"
-> {HKLM...CLSID} = "PeoplePal Toolbar"
\InProcServer32\(Default) = "c:\program files\peoplepc\toolbar\PPCToolbar.dll" ["PeoplePC"]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{A8FB8EB3-183B-4598-924D-86F0E5E37085}" = (no title provided)
-> {HKLM...CLSID} = "PeoplePal Toolbar"
\InProcServer32\(Default) = "c:\program files\peoplepc\toolbar\PPCToolbar.dll" ["PeoplePC"]
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "&Yahoo! Messenger"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll" [file not found]
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "&Yahoo! Messenger"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll" [file not found]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_04"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
DefWatch, DefWatch, "C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe" ["Symantec Corporation"]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Symantec AntiVirus Client, Norton AntiVirus Server, "C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe" ["Symantec Corporation"]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 37 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 32 seconds.
(total run time: 136 seconds)
Go back to the Ewido site and click on the "Here you can manually download the signature database of ewido anti-malware" link.
Download the Daily Signatures to your desktop. Run the file and ewido should be updated automatically. When that is done, check to see if the update function is working. If so, follow the instructions to run ewido.
If you can, download the Full Database. Check to see if ewido updates and follow the instructions.
Ok. I downloaded both and ran Ewido. It found 6 things, but I accidentally "skipped over" 3 of them. So I had to run Ewido again to get the three missed adware things. In total, it found one "cookie" entry and five adware entries.
The results of the 2nd Ewido scan (I forgot to save the first. I hope this one is ok) :
ewido anti-malware - Scan report
+ Created on: 4:23:38 AM, 4/7/2006
+ Report-Checksum: D9A174F4
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned with backup
HKU\S-1-5-21-1606980848-688789844-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned with backup
::Report End
The New Hijackthis logfile:
Logfile of HijackThis v1.99.1
Scan saved at 4:28:54 AM, on 4/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PeoplePC\ISP6230\Browser\Bartshel.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\PeoplePC\ISP6230\Browser\PPShared.exe
C:\Hijackthis\HijackThis1991.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6230\BIN\PPCOLink.exe -STATION
O4 - HKLM\..\Run: [Propel Accelerator] "C:\PROGRA~1\PEOPLE~1\PropelAC.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144171455297
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
I'm glad to hear that your graphics are "stable". Let me know how things are in a day or two.
Good Luck!