Report, edit, etc...Posted by Forsaken on 2005-07-15 at 22:09:39
Well, I wish I had the money to pay for my own computer. But, I don't.
Believe me, I would KILL for a computer that was better than the piece of
I am on. Also, it sucks having 56K there is no way for me to upload files to another site. Unless, they are smaller than 10 MB's.
Believe me, I would KILL for a computer that was better than the piece of
I am on. Also, it sucks having 56K there is no way for me to upload files to another site. Unless, they are smaller than 10 MB's.Report, edit, etc...Posted by BSTRhino on 2005-07-15 at 22:11:10
QUOTE(High @ Jul 16 2005, 02:59 PM)
delete starcraft
[right][snapback]263385[/snapback][/right]
[right][snapback]263385[/snapback][/right]
Funniest post I've seen in ages!
Report, edit, etc...Posted by Merrell on 2005-07-16 at 00:06:22
Not really.
Anyway, Forsaken you have a lot of Mp3s? I don't. But they take up loads of memory.
With games, files, other stuff the only total you shold get is around 8 Gigs, what the hell are you doing?
Meh, don't say its wimpy(Whoever did), my last computer, my Micron had 4 Gigs max and I never lagged while playing starcraft.
Anyway, Forsaken you have a lot of Mp3s? I don't. But they take up loads of memory.
With games, files, other stuff the only total you shold get is around 8 Gigs, what the hell are you doing?
Meh, don't say its wimpy(Whoever did), my last computer, my Micron had 4 Gigs max and I never lagged while playing starcraft.
Report, edit, etc...Posted by Mini Moose 2707 on 2005-07-16 at 00:14:03
Spyware cleaning guide: http://forums.majorgeeks.com/showthread.php?t=35407
My reccomendations:
1. ESPECIALLY use CCleaner. That program should kill a LOT of space.
2. Next, delete unused Restore Points. Those really take up quite a bit of space.
3. Also, just go into your C: drive and look for things. I found a folder that was essentially a copy of Windows (C:/i386/, in case anyone cares) I did a search for modified after 2003, NONE of those files were included... 2002, only a few. Needless to say, I tested if they were needed by renaming the folder. After finding no use for them, I owned the whole directory. I also owned a virus that was in a file in my C:/Program Files/.
My reccomendations:
1. ESPECIALLY use CCleaner. That program should kill a LOT of space.
2. Next, delete unused Restore Points. Those really take up quite a bit of space.
3. Also, just go into your C: drive and look for things. I found a folder that was essentially a copy of Windows (C:/i386/, in case anyone cares) I did a search for modified after 2003, NONE of those files were included... 2002, only a few. Needless to say, I tested if they were needed by renaming the folder. After finding no use for them, I owned the whole directory. I also owned a virus that was in a file in my C:/Program Files/.
Report, edit, etc...Posted by Merrell on 2005-07-16 at 01:17:30
Moose, we dont even know if he has system restore, lol, he won't tell us :s
Btw moose.. thanks a lot for that link.. it might help my problems aswell..
Btw moose.. thanks a lot for that link.. it might help my problems aswell..
Report, edit, etc...Posted by Mini Moose 2707 on 2005-07-16 at 01:49:05
That's weird, I thought what you were saying was already based on information there. 
Report, edit, etc...Posted by brutetal on 2005-07-16 at 02:27:49
I have a better idea, get a flash drive save all your files that you truly need and get a new one for under like 500 dollars go to Fry Electronics! Best cheapest place ever that I have ever seen. If you need help building it I can give you tutorials.
Report, edit, etc...Posted by Merrell on 2005-07-16 at 03:15:37
We've already went through this, he is poor.
Report, edit, etc...Posted by Forsaken on 2005-07-16 at 11:03:34
I'm not poor. Just very cheap. Very, very cheap. It's sad.
Anyways, I have never saved restore points. I have q lot of mp3's maybe if I move them to another drive? MEh... I'll try that and come back.
Anyways, I have never saved restore points. I have q lot of mp3's maybe if I move them to another drive? MEh... I'll try that and come back.
Report, edit, etc...Posted by IsolatedPurity on 2005-07-16 at 12:21:35
format c:
You can get a 40 gig harddrive for what... $20?
You can get a 40 gig harddrive for what... $20?
Report, edit, etc...Posted by Merrell on 2005-07-16 at 12:25:39
You have lots of adware, I am PMing your log back now with what you should Check the next time you run HiJackThis.
Do you want me to PM you it back, or post it here so it might help others?
Do you want me to PM you it back, or post it here so it might help others?
Report, edit, etc...Posted by Forsaken on 2005-07-16 at 12:40:33
QUOTE(isolatedpurity @ Jul 16 2005, 08:21 AM)
format c:
You can get a 40 gig harddrive for what... $20?
[right][snapback]263543[/snapback][/right]
You can get a 40 gig harddrive for what... $20?
[right][snapback]263543[/snapback][/right]
Where? I'll pay for that in a heart beat!
QUOTE(MrrLL @ Jul 16 2005, 08:25 AM)
You have lots of adware, I am PMing your log back now with what you should Check the next time you run HiJackThis.
Do you want me to PM you it back, or post it here so it might help others?
[right][snapback]263544[/snapback][/right]
Do you want me to PM you it back, or post it here so it might help others?
[right][snapback]263544[/snapback][/right]
Sure, I don't mind.
Good news! I manually went through my C: and salvaged 4 Gigs! So right now I m running the disk defrag. I think the thread is solved. Once MrrLL posts what I should nuke with hijackthis I'll close thread.
Report, edit, etc...Posted by Merrell on 2005-07-16 at 12:51:10
QUOTE
QUOTE
Logfile of HijackThis v1.98.2
Scan saved at 8:28:55 AM, on 7/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\qsns.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\WINDOWS\system32\avicap01.exe
C:\WINDOWS\svchost.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
C:\WINDOWS\system32\picsvr\picsvr.exe
D:\Games\Downloads\Winamp\Winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\iisvers.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
D:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesearch.cg...3185&id=1.20031
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidesearch.cg...3185&id=1.20031
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesearch.cg...3185&id=1.20031
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidesearch.cg...3185&id=1.20031
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
R3 - URLSearchHook: UB Class - {00000000-15D9-4736-AB29-131578A45F2B} - C:\WINDOWS\system32\wsrchc3.dll
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\eltt.dll
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: LinkTracker Class - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - C:\WINDOWS\system32\lmf32v.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe ] SBC Yahoo! Connection Manager
O4 - HKLM\..\Run: [EPZK] C:\WINDOWS\EPZK.exe
O4 - HKLM\..\Run: [VCIPSZFM] C:\WINDOWS\VCIPSZFM.exe
O4 - HKLM\..\Run: [KRXSS] C:\WINDOWS\KRXSS.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PKUC] C:\WINDOWS\PKUC.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [mvkvul] C:\WINDOWS\mvkvul.exe
O4 - HKLM\..\Run: [Ugrycix] C:\WINDOWS\qsns.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [3381aa701f32] C:\WINDOWS\system32\avicap01.exe
O4 - HKLM\..\Run: [Rzvdnu] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Games\Downloads\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [eltupt] C:\WINDOWS\eltupt.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iisvers] C:\WINDOWS\iisvers.exe
O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - Startup: Xfire.lnk = D:\Games\Downloads\Random SC\Xfire\Xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsc...76/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7AC3789F-A42E-4DB7-97FF-D84296A3C4E8}: NameServer = 63.200.183.70 206.13.28.12
O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - C:\WINDOWS\system32\lmf32v.dll
Scan saved at 8:28:55 AM, on 7/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\qsns.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\WINDOWS\system32\avicap01.exe
C:\WINDOWS\svchost.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
C:\WINDOWS\system32\picsvr\picsvr.exe
D:\Games\Downloads\Winamp\Winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\iisvers.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
D:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesearch.cg...3185&id=1.20031
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidesearch.cg...3185&id=1.20031
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesearch.cg...3185&id=1.20031
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidesearch.cg...3185&id=1.20031
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
R3 - URLSearchHook: UB Class - {00000000-15D9-4736-AB29-131578A45F2B} - C:\WINDOWS\system32\wsrchc3.dll
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\eltt.dll
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: LinkTracker Class - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - C:\WINDOWS\system32\lmf32v.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe ] SBC Yahoo! Connection Manager
O4 - HKLM\..\Run: [EPZK] C:\WINDOWS\EPZK.exe
O4 - HKLM\..\Run: [VCIPSZFM] C:\WINDOWS\VCIPSZFM.exe
O4 - HKLM\..\Run: [KRXSS] C:\WINDOWS\KRXSS.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PKUC] C:\WINDOWS\PKUC.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [mvkvul] C:\WINDOWS\mvkvul.exe
O4 - HKLM\..\Run: [Ugrycix] C:\WINDOWS\qsns.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [3381aa701f32] C:\WINDOWS\system32\avicap01.exe
O4 - HKLM\..\Run: [Rzvdnu] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Games\Downloads\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [eltupt] C:\WINDOWS\eltupt.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iisvers] C:\WINDOWS\iisvers.exe
O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - Startup: Xfire.lnk = D:\Games\Downloads\Random SC\Xfire\Xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsc...76/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7AC3789F-A42E-4DB7-97FF-D84296A3C4E8}: NameServer = 63.200.183.70 206.13.28.12
O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - C:\WINDOWS\system32\lmf32v.dll
Ok, you have some stuff that needs repaired (Do the scan again, check these files:)
I am using a very good tutorial with helping your files, so you can trust me along the way.
THESE 100% SURE NEED FIXED (Check)
R3 - URLSearchHook: UB Class - {00000000-15D9-4736-AB29-131578A45F2B} - C:\WINDOWS\system32\wsrchc3.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
^Adware^
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
^Delfin Promulgate adware^
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
^Delfin Promulgate adware^
O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE
^MyDailyHoroscope foistware^
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe
^ClockSync - synchronizes your system clock with an internet time server. It's by WhenU, the makers of the Save Now spyware, and they're usually seen in tandem, so it's advised to replace it with one of may spyware free alternatives available^ So, only if you want to keep that and spyware, keep it, but seriously, delete it.
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab
^Its that smileycentral
, I think you should fix it unless you want the smileys^FOR THESE 2, it says use http://www.cexx.org/lspfix.htm to remove them!
O10 - Hijacked Internet access by New.Net
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
^Hijackers^
For these, If you do not recognize them, check them.
(I really think this Shopnav is just adware bull)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesearch.cg...3185&id=1.20031
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidesearch.cg...3185&id=1.20031
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesearch.cg...3185&id=1.20031
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidesearch.cg...3185&id=1.20031
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\eltt.dll
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\eltt.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
Edit: Wow, cr ap is censored?. :\
Report, edit, etc...Posted by Forsaken on 2005-07-16 at 13:03:25
Done deal.
Thanks MrrLL... You saved my . Whew... I have about 6Gigs of space now.
Thanks MrrLL... You saved my
. Whew... I have about 6Gigs of space now.Report, edit, etc...Posted by PCFredZ on 2005-07-16 at 13:16:53
Haha, @$$ gets censored too?
Report, edit, etc...Posted by IsolatedPurity on 2005-07-18 at 08:15:26
Holy 
boy. Even though you deleted most of that adware, maybe it would be best if you reformat anyways and get something security software to prevent occurances like that in the future. Use firefox or opera too...
qsns.exe =>
http://www.processlibrary.com/ : This process/DLL was not found in our library.
Google : Your search - qsns.exe - did not match any documents.
I don't like the sounds of that. A program in the windows directory without any information on it?
iisvers.exe =>
http://www.processlibrary.com/ : This process/DLL was not found in our library.
Google : By scanning topics, this easily seems to be MALWARE. Check to make sure it's safe to get rid of.
C:\WINDOWS\AGRSMMSG.exe =>
http://www.processlibrary.com/directory/fi...SMMSG/index.php
Seems to be a messaging agent for your dialup provider? I'm not exactly sure if you can safely get rid of this, so I'd check... but I'd at least try backing it up and running without it. Normally, internet services do not need running seperate programs...
avicap01.exe =>
http://www.processlibrary.com/ : This process/DLL was not found in our library.
Google : 1 search result, strangly enough, it's from an online post of a HJT report. Delete it.
You'd probably have to go through hoops to kill the programs. Get into your system config and delete the startup lines and then delete the actual program.
I wish everyone could secure their computer... leecher companies that use adware and would die... and they should. them.
boy. Even though you deleted most of that adware, maybe it would be best if you reformat anyways and get something security software to prevent occurances like that in the future. Use firefox or opera too...qsns.exe =>
http://www.processlibrary.com/ : This process/DLL was not found in our library.
Google : Your search - qsns.exe - did not match any documents.
I don't like the sounds of that. A program in the windows directory without any information on it?
iisvers.exe =>
http://www.processlibrary.com/ : This process/DLL was not found in our library.
Google : By scanning topics, this easily seems to be MALWARE. Check to make sure it's safe to get rid of.
C:\WINDOWS\AGRSMMSG.exe =>
http://www.processlibrary.com/directory/fi...SMMSG/index.php
Seems to be a messaging agent for your dialup provider? I'm not exactly sure if you can safely get rid of this, so I'd check... but I'd at least try backing it up and running without it. Normally, internet services do not need running seperate programs...
avicap01.exe =>
http://www.processlibrary.com/ : This process/DLL was not found in our library.
Google : 1 search result, strangly enough, it's from an online post of a HJT report. Delete it.
You'd probably have to go through hoops to kill the programs. Get into your system config and delete the startup lines and then delete the actual program.
I wish everyone could secure their computer... leecher companies that use adware and
would die... and they should. them.